From sle-updates at lists.suse.com Sat May 1 06:07:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 May 2021 08:07:23 +0200 (CEST) Subject: SUSE-CU-2021:132-1: Recommended update of suse/sles12sp3 Message-ID: <20210501060723.8D106B46F2E@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:132-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.249 , suse/sles12sp3:latest Container Release : 24.249 Severity : moderate Type : recommended References : 1183599 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1450-1 Released: Fri Apr 30 08:08:35 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1183599 This update for apparmor fixes the following issues: - Enable access to sssd fast cache for nameservice users. (bsc#1183599) From sle-updates at lists.suse.com Sun May 2 01:16:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 May 2021 03:16:07 +0200 (CEST) Subject: SUSE-RU-2021:1463-1: moderate: Recommended update for s390-tools Message-ID: <20210502011607.222B1FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1463-1 Rating: moderate References: #1183807 #1183944 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for s390-tools fixes the following issues: - Fixed an issue when the required data is not collected during run of 'dbginfo.sh'. (bsc#1183944) - Change default scheduler to reduce CPU consumption. (bsc#1183807) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1463=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): osasnmpd-2.11.0-9.23.2 osasnmpd-debuginfo-2.11.0-9.23.2 s390-tools-2.11.0-9.23.2 s390-tools-debuginfo-2.11.0-9.23.2 s390-tools-debugsource-2.11.0-9.23.2 s390-tools-hmcdrvfs-2.11.0-9.23.2 s390-tools-hmcdrvfs-debuginfo-2.11.0-9.23.2 s390-tools-zdsfs-2.11.0-9.23.2 s390-tools-zdsfs-debuginfo-2.11.0-9.23.2 References: https://bugzilla.suse.com/1183807 https://bugzilla.suse.com/1183944 From sle-updates at lists.suse.com Mon May 3 19:15:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 May 2021 21:15:39 +0200 (CEST) Subject: SUSE-RU-2021:1464-1: moderate: Recommended update for release-notes-sles Message-ID: <20210503191539.4A6BAFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1464-1 Rating: moderate References: #1153309 #1183292 SLE-10446 SLE-10669 SLE-11244 SLE-12168 SLE-14977 SLE-9263 Affected Products: SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes and contains 6 features can now be installed. Description: This update for release-notes-sles fixes the following issues: - Fixed inconsistent capitalization of titles - Updated RoCE performance note (bsc#1153309) - Style cleanup for LS1028A HDP (jsc#SLE-9263) - Added note about kernel parameter changes (jsc#SLE-14977) - Added note about adding umoci (jsc#SLE-10446) - Added note about supportconfig SAP plugin (jsc#SLE-12168) - Added note about time sync via SUSE NTP pool (jsc#SLE-11244) - Added note about python-apache-libcloud (jsc#SLE-10669) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-2021-1464=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-1464=1 Package List: - SUSE Linux Enterprise Server 15-SP2 (noarch): release-notes-sles-15.2.20210421-3.18.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): release-notes-sles-15.2.20210421-3.18.1 References: https://bugzilla.suse.com/1153309 https://bugzilla.suse.com/1183292 From sle-updates at lists.suse.com Mon May 3 22:15:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 00:15:28 +0200 (CEST) Subject: SUSE-SU-2021:1465-1: important: Security update for stunnel Message-ID: <20210503221528.16D32FD9D@maintenance.suse.de> SUSE Security Update: Security update for stunnel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1465-1 Rating: important References: #1177580 #1182529 Cross-References: CVE-2021-20230 CVSS scores: CVE-2021-20230 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-20230 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for stunnel fixes the following issues: - Security fix: [bsc#1177580, bsc#1182529, CVE-2021-20230] * "redirect" option does not properly handle "verifyChain = yes" Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1465=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1465=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1465=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1465=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1465=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1465=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1465=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1465=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1465=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1465=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1465=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1465=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1465=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Manager Proxy 4.0 (x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 - SUSE CaaS Platform 4.0 (x86_64): stunnel-5.44-3.8.1 stunnel-debuginfo-5.44-3.8.1 stunnel-debugsource-5.44-3.8.1 References: https://www.suse.com/security/cve/CVE-2021-20230.html https://bugzilla.suse.com/1177580 https://bugzilla.suse.com/1182529 From sle-updates at lists.suse.com Tue May 4 10:15:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 12:15:47 +0200 (CEST) Subject: SUSE-SU-2021:1466-1: important: Security update for permissions Message-ID: <20210504101547.D09CCFD9D@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1466-1 Rating: important References: #1182899 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1466=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1466=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1466=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): permissions-20181225-23.6.1 permissions-debuginfo-20181225-23.6.1 permissions-debugsource-20181225-23.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): permissions-20181225-23.6.1 permissions-debuginfo-20181225-23.6.1 permissions-debugsource-20181225-23.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): permissions-zypp-plugin-20181225-23.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): permissions-20181225-23.6.1 permissions-debuginfo-20181225-23.6.1 permissions-debugsource-20181225-23.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): permissions-zypp-plugin-20181225-23.6.1 References: https://bugzilla.suse.com/1182899 From sle-updates at lists.suse.com Tue May 4 10:16:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 12:16:56 +0200 (CEST) Subject: SUSE-SU-2021:1473-1: important: Security update for ceph Message-ID: <20210504101656.7F9DAFD9D@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1473-1 Rating: important References: #1145463 #1174466 #1177200 #1178235 #1178837 #1178860 #1178905 #1179997 #1180118 #1180594 #1181378 #1183074 #1183487 Cross-References: CVE-2020-25678 CVE-2020-27839 CVE-2021-20288 CVSS scores: CVE-2020-25678 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-27839 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-20288 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20288 (SUSE): 8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has 10 fixes is now available. Description: This update for ceph fixes the following issues: - ceph was updated to 14.2.20-402-g6aa76c6815: * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074). * CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905). * CVE-2020-27839: Use secure cookies to store JWT Token (bsc#1179997). * mgr/dashboard: prometheus alerting: add some leeway for package drops and errors (bsc#1145463) * mon: have 'mon stat' output json as well (bsc#1174466) * rpm: ceph-mgr-dashboard recommends python3-saml on SUSE (bsc#1177200) * mgr/dashboard: Display a warning message in Dashboard when debug mode is enabled (bsc#1178235) * rgw: cls/user: set from_index for reset stats calls (bsc#1178837) * mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) * bluestore: provide a different name for fallback allocator (bsc#1180118) * test/run-cli-tests: use cram from github (bsc#1181378) * mgr/dashboard: fix "Python2 Cookie module import fails on Python3" (bsc#1183487) * common: make ms_bind_msgr2 default to 'false' (bsc#1180594) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1473=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1473=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1473=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1473=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1473=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1473=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1473=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1473=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1473=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): ceph-common-14.2.20.402+g6aa76c6815-3.60.1 ceph-common-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-debugsource-14.2.20.402+g6aa76c6815-3.60.1 libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados2-14.2.20.402+g6aa76c6815-3.60.1 librados2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd1-14.2.20.402+g6aa76c6815-3.60.1 librbd1-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librgw-devel-14.2.20.402+g6aa76c6815-3.60.1 librgw2-14.2.20.402+g6aa76c6815-3.60.1 librgw2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): ceph-common-14.2.20.402+g6aa76c6815-3.60.1 ceph-common-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-debugsource-14.2.20.402+g6aa76c6815-3.60.1 libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados2-14.2.20.402+g6aa76c6815-3.60.1 librados2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd1-14.2.20.402+g6aa76c6815-3.60.1 librbd1-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librgw-devel-14.2.20.402+g6aa76c6815-3.60.1 librgw2-14.2.20.402+g6aa76c6815-3.60.1 librgw2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1 - SUSE Manager Proxy 4.0 (x86_64): ceph-common-14.2.20.402+g6aa76c6815-3.60.1 ceph-common-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-debugsource-14.2.20.402+g6aa76c6815-3.60.1 libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados2-14.2.20.402+g6aa76c6815-3.60.1 librados2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd1-14.2.20.402+g6aa76c6815-3.60.1 librbd1-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librgw-devel-14.2.20.402+g6aa76c6815-3.60.1 librgw2-14.2.20.402+g6aa76c6815-3.60.1 librgw2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): ceph-common-14.2.20.402+g6aa76c6815-3.60.1 ceph-common-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-debugsource-14.2.20.402+g6aa76c6815-3.60.1 libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados2-14.2.20.402+g6aa76c6815-3.60.1 librados2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd1-14.2.20.402+g6aa76c6815-3.60.1 librbd1-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librgw-devel-14.2.20.402+g6aa76c6815-3.60.1 librgw2-14.2.20.402+g6aa76c6815-3.60.1 librgw2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): ceph-common-14.2.20.402+g6aa76c6815-3.60.1 ceph-common-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-debugsource-14.2.20.402+g6aa76c6815-3.60.1 libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados2-14.2.20.402+g6aa76c6815-3.60.1 librados2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd1-14.2.20.402+g6aa76c6815-3.60.1 librbd1-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librgw-devel-14.2.20.402+g6aa76c6815-3.60.1 librgw2-14.2.20.402+g6aa76c6815-3.60.1 librgw2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): ceph-common-14.2.20.402+g6aa76c6815-3.60.1 ceph-common-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-debugsource-14.2.20.402+g6aa76c6815-3.60.1 libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados2-14.2.20.402+g6aa76c6815-3.60.1 librados2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd1-14.2.20.402+g6aa76c6815-3.60.1 librbd1-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librgw-devel-14.2.20.402+g6aa76c6815-3.60.1 librgw2-14.2.20.402+g6aa76c6815-3.60.1 librgw2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): ceph-common-14.2.20.402+g6aa76c6815-3.60.1 ceph-common-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-debugsource-14.2.20.402+g6aa76c6815-3.60.1 libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados2-14.2.20.402+g6aa76c6815-3.60.1 librados2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd1-14.2.20.402+g6aa76c6815-3.60.1 librbd1-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librgw-devel-14.2.20.402+g6aa76c6815-3.60.1 librgw2-14.2.20.402+g6aa76c6815-3.60.1 librgw2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): ceph-common-14.2.20.402+g6aa76c6815-3.60.1 ceph-common-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-debugsource-14.2.20.402+g6aa76c6815-3.60.1 libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados2-14.2.20.402+g6aa76c6815-3.60.1 librados2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd1-14.2.20.402+g6aa76c6815-3.60.1 librbd1-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librgw-devel-14.2.20.402+g6aa76c6815-3.60.1 librgw2-14.2.20.402+g6aa76c6815-3.60.1 librgw2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ceph-14.2.20.402+g6aa76c6815-3.60.1 ceph-base-14.2.20.402+g6aa76c6815-3.60.1 ceph-base-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-common-14.2.20.402+g6aa76c6815-3.60.1 ceph-common-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-debugsource-14.2.20.402+g6aa76c6815-3.60.1 ceph-fuse-14.2.20.402+g6aa76c6815-3.60.1 ceph-fuse-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-mds-14.2.20.402+g6aa76c6815-3.60.1 ceph-mds-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-mgr-14.2.20.402+g6aa76c6815-3.60.1 ceph-mgr-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-mon-14.2.20.402+g6aa76c6815-3.60.1 ceph-mon-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-osd-14.2.20.402+g6aa76c6815-3.60.1 ceph-osd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-radosgw-14.2.20.402+g6aa76c6815-3.60.1 ceph-radosgw-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 cephfs-shell-14.2.20.402+g6aa76c6815-3.60.1 libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados2-14.2.20.402+g6aa76c6815-3.60.1 librados2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd1-14.2.20.402+g6aa76c6815-3.60.1 librbd1-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librgw-devel-14.2.20.402+g6aa76c6815-3.60.1 librgw2-14.2.20.402+g6aa76c6815-3.60.1 librgw2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1 rbd-fuse-14.2.20.402+g6aa76c6815-3.60.1 rbd-fuse-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rbd-mirror-14.2.20.402+g6aa76c6815-3.60.1 rbd-mirror-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rbd-nbd-14.2.20.402+g6aa76c6815-3.60.1 rbd-nbd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 - SUSE Enterprise Storage 6 (noarch): ceph-grafana-dashboards-14.2.20.402+g6aa76c6815-3.60.1 ceph-mgr-dashboard-14.2.20.402+g6aa76c6815-3.60.1 ceph-mgr-diskprediction-local-14.2.20.402+g6aa76c6815-3.60.1 ceph-mgr-rook-14.2.20.402+g6aa76c6815-3.60.1 ceph-prometheus-alerts-14.2.20.402+g6aa76c6815-3.60.1 - SUSE CaaS Platform 4.0 (x86_64): ceph-common-14.2.20.402+g6aa76c6815-3.60.1 ceph-common-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 ceph-debugsource-14.2.20.402+g6aa76c6815-3.60.1 libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-14.2.20.402+g6aa76c6815-3.60.1 libcephfs2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-14.2.20.402+g6aa76c6815-3.60.1 librados-devel-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librados2-14.2.20.402+g6aa76c6815-3.60.1 librados2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd-devel-14.2.20.402+g6aa76c6815-3.60.1 librbd1-14.2.20.402+g6aa76c6815-3.60.1 librbd1-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 librgw-devel-14.2.20.402+g6aa76c6815-3.60.1 librgw2-14.2.20.402+g6aa76c6815-3.60.1 librgw2-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1 python3-cephfs-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-14.2.20.402+g6aa76c6815-3.60.1 python3-rados-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-14.2.20.402+g6aa76c6815-3.60.1 python3-rbd-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-14.2.20.402+g6aa76c6815-3.60.1 python3-rgw-debuginfo-14.2.20.402+g6aa76c6815-3.60.1 rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1 References: https://www.suse.com/security/cve/CVE-2020-25678.html https://www.suse.com/security/cve/CVE-2020-27839.html https://www.suse.com/security/cve/CVE-2021-20288.html https://bugzilla.suse.com/1145463 https://bugzilla.suse.com/1174466 https://bugzilla.suse.com/1177200 https://bugzilla.suse.com/1178235 https://bugzilla.suse.com/1178837 https://bugzilla.suse.com/1178860 https://bugzilla.suse.com/1178905 https://bugzilla.suse.com/1179997 https://bugzilla.suse.com/1180118 https://bugzilla.suse.com/1180594 https://bugzilla.suse.com/1181378 https://bugzilla.suse.com/1183074 https://bugzilla.suse.com/1183487 From sle-updates at lists.suse.com Tue May 4 10:19:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 12:19:04 +0200 (CEST) Subject: SUSE-SU-2021:1474-1: important: Security update for ceph Message-ID: <20210504101904.D1D5FFD9D@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1474-1 Rating: important References: #1183074 #1183899 #1184231 Cross-References: CVE-2021-20288 CVSS scores: CVE-2021-20288 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20288 (SUSE): 8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074). * disk gets replaced with no rocksdb/wal (bsc#1184231). * BlueStore handles huge(>4GB) writes from RocksDB to BlueFS poorly, potentially causing data corruption (bsc#1183899). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1474=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1474=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-1474=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-15.2.11.83+g8a15f484c2-3.20.1 ceph-common-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 ceph-debugsource-15.2.11.83+g8a15f484c2-3.20.1 libcephfs-devel-15.2.11.83+g8a15f484c2-3.20.1 libcephfs2-15.2.11.83+g8a15f484c2-3.20.1 libcephfs2-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 librados-devel-15.2.11.83+g8a15f484c2-3.20.1 librados-devel-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 librados2-15.2.11.83+g8a15f484c2-3.20.1 librados2-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 libradospp-devel-15.2.11.83+g8a15f484c2-3.20.1 librbd-devel-15.2.11.83+g8a15f484c2-3.20.1 librbd1-15.2.11.83+g8a15f484c2-3.20.1 librbd1-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 librgw-devel-15.2.11.83+g8a15f484c2-3.20.1 librgw2-15.2.11.83+g8a15f484c2-3.20.1 librgw2-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-ceph-argparse-15.2.11.83+g8a15f484c2-3.20.1 python3-ceph-common-15.2.11.83+g8a15f484c2-3.20.1 python3-cephfs-15.2.11.83+g8a15f484c2-3.20.1 python3-cephfs-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-rados-15.2.11.83+g8a15f484c2-3.20.1 python3-rados-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-rbd-15.2.11.83+g8a15f484c2-3.20.1 python3-rbd-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-rgw-15.2.11.83+g8a15f484c2-3.20.1 python3-rgw-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 rados-objclass-devel-15.2.11.83+g8a15f484c2-3.20.1 rbd-nbd-15.2.11.83+g8a15f484c2-3.20.1 rbd-nbd-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ceph-common-15.2.11.83+g8a15f484c2-3.20.1 ceph-common-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 ceph-debugsource-15.2.11.83+g8a15f484c2-3.20.1 libcephfs-devel-15.2.11.83+g8a15f484c2-3.20.1 libcephfs2-15.2.11.83+g8a15f484c2-3.20.1 libcephfs2-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 librados-devel-15.2.11.83+g8a15f484c2-3.20.1 librados-devel-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 librados2-15.2.11.83+g8a15f484c2-3.20.1 librados2-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 libradospp-devel-15.2.11.83+g8a15f484c2-3.20.1 librbd-devel-15.2.11.83+g8a15f484c2-3.20.1 librbd1-15.2.11.83+g8a15f484c2-3.20.1 librbd1-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 librgw-devel-15.2.11.83+g8a15f484c2-3.20.1 librgw2-15.2.11.83+g8a15f484c2-3.20.1 librgw2-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-ceph-argparse-15.2.11.83+g8a15f484c2-3.20.1 python3-ceph-common-15.2.11.83+g8a15f484c2-3.20.1 python3-cephfs-15.2.11.83+g8a15f484c2-3.20.1 python3-cephfs-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-rados-15.2.11.83+g8a15f484c2-3.20.1 python3-rados-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-rbd-15.2.11.83+g8a15f484c2-3.20.1 python3-rbd-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-rgw-15.2.11.83+g8a15f484c2-3.20.1 python3-rgw-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 rados-objclass-devel-15.2.11.83+g8a15f484c2-3.20.1 rbd-nbd-15.2.11.83+g8a15f484c2-3.20.1 rbd-nbd-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): ceph-base-15.2.11.83+g8a15f484c2-3.20.1 ceph-base-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 ceph-common-15.2.11.83+g8a15f484c2-3.20.1 ceph-common-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 ceph-debugsource-15.2.11.83+g8a15f484c2-3.20.1 libcephfs2-15.2.11.83+g8a15f484c2-3.20.1 libcephfs2-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 librados2-15.2.11.83+g8a15f484c2-3.20.1 librados2-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 librbd1-15.2.11.83+g8a15f484c2-3.20.1 librbd1-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 librgw2-15.2.11.83+g8a15f484c2-3.20.1 librgw2-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-ceph-argparse-15.2.11.83+g8a15f484c2-3.20.1 python3-ceph-common-15.2.11.83+g8a15f484c2-3.20.1 python3-cephfs-15.2.11.83+g8a15f484c2-3.20.1 python3-cephfs-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-rados-15.2.11.83+g8a15f484c2-3.20.1 python3-rados-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-rbd-15.2.11.83+g8a15f484c2-3.20.1 python3-rbd-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 python3-rgw-15.2.11.83+g8a15f484c2-3.20.1 python3-rgw-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 rbd-nbd-15.2.11.83+g8a15f484c2-3.20.1 rbd-nbd-debuginfo-15.2.11.83+g8a15f484c2-3.20.1 - SUSE Enterprise Storage 7 (noarch): cephadm-15.2.11.83+g8a15f484c2-3.20.1 References: https://www.suse.com/security/cve/CVE-2021-20288.html https://bugzilla.suse.com/1183074 https://bugzilla.suse.com/1183899 https://bugzilla.suse.com/1184231 From sle-updates at lists.suse.com Tue May 4 10:20:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 12:20:21 +0200 (CEST) Subject: SUSE-SU-2021:1469-1: important: Security update for bind Message-ID: <20210504102021.DA0CEFD9D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1469-1 Rating: important References: #1181495 #1185345 Cross-References: CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 CVSS scores: CVE-2021-25214 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-25215 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-25216 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - CVE-2021-25216: Fixed an issue where policy negotiation can be targeted by a buffer overflow attack (bsc#1185345). - MD5 warning message using host, dig, nslookup (bind-utils) with FIPS enabled (bsc#1181495). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1469=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1469=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1469=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1469=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1469=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1469=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1469=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1469=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1469=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): bind-doc-9.9.9P1-63.25.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): bind-9.9.9P1-63.25.1 bind-chrootenv-9.9.9P1-63.25.1 bind-debuginfo-9.9.9P1-63.25.1 bind-debugsource-9.9.9P1-63.25.1 bind-libs-32bit-9.9.9P1-63.25.1 bind-libs-9.9.9P1-63.25.1 bind-libs-debuginfo-32bit-9.9.9P1-63.25.1 bind-libs-debuginfo-9.9.9P1-63.25.1 bind-utils-9.9.9P1-63.25.1 bind-utils-debuginfo-9.9.9P1-63.25.1 - SUSE OpenStack Cloud 8 (x86_64): bind-9.9.9P1-63.25.1 bind-chrootenv-9.9.9P1-63.25.1 bind-debuginfo-9.9.9P1-63.25.1 bind-debugsource-9.9.9P1-63.25.1 bind-libs-32bit-9.9.9P1-63.25.1 bind-libs-9.9.9P1-63.25.1 bind-libs-debuginfo-32bit-9.9.9P1-63.25.1 bind-libs-debuginfo-9.9.9P1-63.25.1 bind-utils-9.9.9P1-63.25.1 bind-utils-debuginfo-9.9.9P1-63.25.1 - SUSE OpenStack Cloud 8 (noarch): bind-doc-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bind-9.9.9P1-63.25.1 bind-chrootenv-9.9.9P1-63.25.1 bind-debuginfo-9.9.9P1-63.25.1 bind-debugsource-9.9.9P1-63.25.1 bind-libs-9.9.9P1-63.25.1 bind-libs-debuginfo-9.9.9P1-63.25.1 bind-utils-9.9.9P1-63.25.1 bind-utils-debuginfo-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bind-doc-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): bind-libs-32bit-9.9.9P1-63.25.1 bind-libs-debuginfo-32bit-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): bind-9.9.9P1-63.25.1 bind-chrootenv-9.9.9P1-63.25.1 bind-debuginfo-9.9.9P1-63.25.1 bind-debugsource-9.9.9P1-63.25.1 bind-libs-9.9.9P1-63.25.1 bind-libs-debuginfo-9.9.9P1-63.25.1 bind-utils-9.9.9P1-63.25.1 bind-utils-debuginfo-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-63.25.1 bind-libs-debuginfo-32bit-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bind-doc-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): bind-doc-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bind-9.9.9P1-63.25.1 bind-chrootenv-9.9.9P1-63.25.1 bind-debuginfo-9.9.9P1-63.25.1 bind-debugsource-9.9.9P1-63.25.1 bind-libs-32bit-9.9.9P1-63.25.1 bind-libs-9.9.9P1-63.25.1 bind-libs-debuginfo-32bit-9.9.9P1-63.25.1 bind-libs-debuginfo-9.9.9P1-63.25.1 bind-utils-9.9.9P1-63.25.1 bind-utils-debuginfo-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): bind-9.9.9P1-63.25.1 bind-chrootenv-9.9.9P1-63.25.1 bind-debuginfo-9.9.9P1-63.25.1 bind-debugsource-9.9.9P1-63.25.1 bind-libs-32bit-9.9.9P1-63.25.1 bind-libs-9.9.9P1-63.25.1 bind-libs-debuginfo-32bit-9.9.9P1-63.25.1 bind-libs-debuginfo-9.9.9P1-63.25.1 bind-utils-9.9.9P1-63.25.1 bind-utils-debuginfo-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (noarch): bind-doc-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (noarch): bind-doc-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): bind-9.9.9P1-63.25.1 bind-chrootenv-9.9.9P1-63.25.1 bind-debuginfo-9.9.9P1-63.25.1 bind-debugsource-9.9.9P1-63.25.1 bind-libs-32bit-9.9.9P1-63.25.1 bind-libs-9.9.9P1-63.25.1 bind-libs-debuginfo-32bit-9.9.9P1-63.25.1 bind-libs-debuginfo-9.9.9P1-63.25.1 bind-utils-9.9.9P1-63.25.1 bind-utils-debuginfo-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bind-9.9.9P1-63.25.1 bind-chrootenv-9.9.9P1-63.25.1 bind-debuginfo-9.9.9P1-63.25.1 bind-debugsource-9.9.9P1-63.25.1 bind-libs-32bit-9.9.9P1-63.25.1 bind-libs-9.9.9P1-63.25.1 bind-libs-debuginfo-32bit-9.9.9P1-63.25.1 bind-libs-debuginfo-9.9.9P1-63.25.1 bind-utils-9.9.9P1-63.25.1 bind-utils-debuginfo-9.9.9P1-63.25.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bind-doc-9.9.9P1-63.25.1 - HPE Helion Openstack 8 (noarch): bind-doc-9.9.9P1-63.25.1 - HPE Helion Openstack 8 (x86_64): bind-9.9.9P1-63.25.1 bind-chrootenv-9.9.9P1-63.25.1 bind-debuginfo-9.9.9P1-63.25.1 bind-debugsource-9.9.9P1-63.25.1 bind-libs-32bit-9.9.9P1-63.25.1 bind-libs-9.9.9P1-63.25.1 bind-libs-debuginfo-32bit-9.9.9P1-63.25.1 bind-libs-debuginfo-9.9.9P1-63.25.1 bind-utils-9.9.9P1-63.25.1 bind-utils-debuginfo-9.9.9P1-63.25.1 References: https://www.suse.com/security/cve/CVE-2021-25214.html https://www.suse.com/security/cve/CVE-2021-25215.html https://www.suse.com/security/cve/CVE-2021-25216.html https://bugzilla.suse.com/1181495 https://bugzilla.suse.com/1185345 From sle-updates at lists.suse.com Tue May 4 10:21:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 12:21:40 +0200 (CEST) Subject: SUSE-SU-2021:1471-1: important: Security update for bind Message-ID: <20210504102140.7C5CBFD9D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1471-1 Rating: important References: #1183453 #1185345 Cross-References: CVE-2021-25214 CVE-2021-25215 CVSS scores: CVE-2021-25214 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-25215 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - make /usr/bin/delv in bind-tools position independent (bsc#1183453). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1471=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1471=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1471=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1471=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1471=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1471=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1471=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1471=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1471=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1471=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1471=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1471=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1471=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1471=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1471=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Manager Server 4.0 (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Manager Retail Branch Server 4.0 (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Manager Proxy 4.0 (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Manager Proxy 4.0 (x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): bind-doc-9.16.6-12.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-bind-9.16.6-12.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE Enterprise Storage 6 (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 - SUSE CaaS Platform 4.0 (x86_64): bind-9.16.6-12.49.1 bind-chrootenv-9.16.6-12.49.1 bind-debuginfo-9.16.6-12.49.1 bind-debugsource-9.16.6-12.49.1 bind-devel-9.16.6-12.49.1 bind-utils-9.16.6-12.49.1 bind-utils-debuginfo-9.16.6-12.49.1 libbind9-1600-9.16.6-12.49.1 libbind9-1600-debuginfo-9.16.6-12.49.1 libdns1605-9.16.6-12.49.1 libdns1605-debuginfo-9.16.6-12.49.1 libirs-devel-9.16.6-12.49.1 libirs1601-9.16.6-12.49.1 libirs1601-debuginfo-9.16.6-12.49.1 libisc1606-9.16.6-12.49.1 libisc1606-debuginfo-9.16.6-12.49.1 libisccc1600-9.16.6-12.49.1 libisccc1600-debuginfo-9.16.6-12.49.1 libisccfg1600-9.16.6-12.49.1 libisccfg1600-debuginfo-9.16.6-12.49.1 libns1604-9.16.6-12.49.1 libns1604-debuginfo-9.16.6-12.49.1 - SUSE CaaS Platform 4.0 (noarch): bind-doc-9.16.6-12.49.1 python3-bind-9.16.6-12.49.1 References: https://www.suse.com/security/cve/CVE-2021-25214.html https://www.suse.com/security/cve/CVE-2021-25215.html https://bugzilla.suse.com/1183453 https://bugzilla.suse.com/1185345 From sle-updates at lists.suse.com Tue May 4 10:22:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 12:22:56 +0200 (CEST) Subject: SUSE-SU-2021:1468-1: important: Security update for bind Message-ID: <20210504102256.A2906FD9D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1468-1 Rating: important References: #1181495 #1185345 Cross-References: CVE-2021-25214 CVE-2021-25215 CVSS scores: CVE-2021-25214 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-25215 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - MD5 warning message using host, dig, nslookup (bind-utils) on SLES 12 SP5 with FIPS enabled (bsc#1181495). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1468=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1468=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1468=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1468=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1468=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1468=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): bind-9.11.22-3.34.1 bind-chrootenv-9.11.22-3.34.1 bind-debuginfo-9.11.22-3.34.1 bind-debugsource-9.11.22-3.34.1 bind-utils-9.11.22-3.34.1 bind-utils-debuginfo-9.11.22-3.34.1 libbind9-161-9.11.22-3.34.1 libbind9-161-debuginfo-9.11.22-3.34.1 libdns1110-9.11.22-3.34.1 libdns1110-debuginfo-9.11.22-3.34.1 libirs161-9.11.22-3.34.1 libirs161-debuginfo-9.11.22-3.34.1 libisc1107-32bit-9.11.22-3.34.1 libisc1107-9.11.22-3.34.1 libisc1107-debuginfo-32bit-9.11.22-3.34.1 libisc1107-debuginfo-9.11.22-3.34.1 libisccc161-9.11.22-3.34.1 libisccc161-debuginfo-9.11.22-3.34.1 libisccfg163-9.11.22-3.34.1 libisccfg163-debuginfo-9.11.22-3.34.1 liblwres161-9.11.22-3.34.1 liblwres161-debuginfo-9.11.22-3.34.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): bind-doc-9.11.22-3.34.1 python-bind-9.11.22-3.34.1 - SUSE OpenStack Cloud 9 (noarch): bind-doc-9.11.22-3.34.1 python-bind-9.11.22-3.34.1 - SUSE OpenStack Cloud 9 (x86_64): bind-9.11.22-3.34.1 bind-chrootenv-9.11.22-3.34.1 bind-debuginfo-9.11.22-3.34.1 bind-debugsource-9.11.22-3.34.1 bind-utils-9.11.22-3.34.1 bind-utils-debuginfo-9.11.22-3.34.1 libbind9-161-9.11.22-3.34.1 libbind9-161-debuginfo-9.11.22-3.34.1 libdns1110-9.11.22-3.34.1 libdns1110-debuginfo-9.11.22-3.34.1 libirs161-9.11.22-3.34.1 libirs161-debuginfo-9.11.22-3.34.1 libisc1107-32bit-9.11.22-3.34.1 libisc1107-9.11.22-3.34.1 libisc1107-debuginfo-32bit-9.11.22-3.34.1 libisc1107-debuginfo-9.11.22-3.34.1 libisccc161-9.11.22-3.34.1 libisccc161-debuginfo-9.11.22-3.34.1 libisccfg163-9.11.22-3.34.1 libisccfg163-debuginfo-9.11.22-3.34.1 liblwres161-9.11.22-3.34.1 liblwres161-debuginfo-9.11.22-3.34.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.22-3.34.1 bind-debugsource-9.11.22-3.34.1 bind-devel-9.11.22-3.34.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): bind-9.11.22-3.34.1 bind-chrootenv-9.11.22-3.34.1 bind-debuginfo-9.11.22-3.34.1 bind-debugsource-9.11.22-3.34.1 bind-utils-9.11.22-3.34.1 bind-utils-debuginfo-9.11.22-3.34.1 libbind9-161-9.11.22-3.34.1 libbind9-161-debuginfo-9.11.22-3.34.1 libdns1110-9.11.22-3.34.1 libdns1110-debuginfo-9.11.22-3.34.1 libirs161-9.11.22-3.34.1 libirs161-debuginfo-9.11.22-3.34.1 libisc1107-9.11.22-3.34.1 libisc1107-debuginfo-9.11.22-3.34.1 libisccc161-9.11.22-3.34.1 libisccc161-debuginfo-9.11.22-3.34.1 libisccfg163-9.11.22-3.34.1 libisccfg163-debuginfo-9.11.22-3.34.1 liblwres161-9.11.22-3.34.1 liblwres161-debuginfo-9.11.22-3.34.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): bind-doc-9.11.22-3.34.1 python-bind-9.11.22-3.34.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libisc1107-32bit-9.11.22-3.34.1 libisc1107-debuginfo-32bit-9.11.22-3.34.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bind-9.11.22-3.34.1 bind-chrootenv-9.11.22-3.34.1 bind-debuginfo-9.11.22-3.34.1 bind-debugsource-9.11.22-3.34.1 bind-utils-9.11.22-3.34.1 bind-utils-debuginfo-9.11.22-3.34.1 libbind9-161-9.11.22-3.34.1 libbind9-161-debuginfo-9.11.22-3.34.1 libdns1110-9.11.22-3.34.1 libdns1110-debuginfo-9.11.22-3.34.1 libirs161-9.11.22-3.34.1 libirs161-debuginfo-9.11.22-3.34.1 libisc1107-9.11.22-3.34.1 libisc1107-debuginfo-9.11.22-3.34.1 libisccc161-9.11.22-3.34.1 libisccc161-debuginfo-9.11.22-3.34.1 libisccfg163-9.11.22-3.34.1 libisccfg163-debuginfo-9.11.22-3.34.1 liblwres161-9.11.22-3.34.1 liblwres161-debuginfo-9.11.22-3.34.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libisc1107-32bit-9.11.22-3.34.1 libisc1107-debuginfo-32bit-9.11.22-3.34.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bind-doc-9.11.22-3.34.1 python-bind-9.11.22-3.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): bind-9.11.22-3.34.1 bind-chrootenv-9.11.22-3.34.1 bind-debuginfo-9.11.22-3.34.1 bind-debugsource-9.11.22-3.34.1 bind-utils-9.11.22-3.34.1 bind-utils-debuginfo-9.11.22-3.34.1 libbind9-161-9.11.22-3.34.1 libbind9-161-debuginfo-9.11.22-3.34.1 libdns1110-9.11.22-3.34.1 libdns1110-debuginfo-9.11.22-3.34.1 libirs161-9.11.22-3.34.1 libirs161-debuginfo-9.11.22-3.34.1 libisc1107-9.11.22-3.34.1 libisc1107-debuginfo-9.11.22-3.34.1 libisccc161-9.11.22-3.34.1 libisccc161-debuginfo-9.11.22-3.34.1 libisccfg163-9.11.22-3.34.1 libisccfg163-debuginfo-9.11.22-3.34.1 liblwres161-9.11.22-3.34.1 liblwres161-debuginfo-9.11.22-3.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libisc1107-32bit-9.11.22-3.34.1 libisc1107-debuginfo-32bit-9.11.22-3.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): bind-doc-9.11.22-3.34.1 python-bind-9.11.22-3.34.1 References: https://www.suse.com/security/cve/CVE-2021-25214.html https://www.suse.com/security/cve/CVE-2021-25215.html https://bugzilla.suse.com/1181495 https://bugzilla.suse.com/1185345 From sle-updates at lists.suse.com Tue May 4 10:24:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 12:24:09 +0200 (CEST) Subject: SUSE-SU-2021:14714-1: important: Security update for bind Message-ID: <20210504102409.E6EF4FD9D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14714-1 Rating: important References: #1185345 Cross-References: CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 CVSS scores: CVE-2021-25214 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-25215 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-25216 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - CVE-2021-25216: Fixed an issue where policy negotiation can be targeted by a buffer overflow attack (bsc#1185345). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-bind-14714=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-14714=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-14714=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-14714=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): bind-9.9.6P1-0.51.26.1 bind-chrootenv-9.9.6P1-0.51.26.1 bind-doc-9.9.6P1-0.51.26.1 bind-libs-9.9.6P1-0.51.26.1 bind-utils-9.9.6P1-0.51.26.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.51.26.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.51.26.1 bind-chrootenv-9.9.6P1-0.51.26.1 bind-devel-9.9.6P1-0.51.26.1 bind-doc-9.9.6P1-0.51.26.1 bind-libs-9.9.6P1-0.51.26.1 bind-utils-9.9.6P1-0.51.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.51.26.1 bind-debugsource-9.9.6P1-0.51.26.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.51.26.1 bind-debugsource-9.9.6P1-0.51.26.1 References: https://www.suse.com/security/cve/CVE-2021-25214.html https://www.suse.com/security/cve/CVE-2021-25215.html https://www.suse.com/security/cve/CVE-2021-25216.html https://bugzilla.suse.com/1185345 From sle-updates at lists.suse.com Tue May 4 10:25:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 12:25:16 +0200 (CEST) Subject: SUSE-SU-2021:1472-1: important: Security update for ceph, deepsea Message-ID: <20210504102516.6C32BFD9D@maintenance.suse.de> SUSE Security Update: Security update for ceph, deepsea ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1472-1 Rating: important References: #1145463 #1174466 #1177200 #1178016 #1178216 #1178235 #1178657 #1178837 #1178860 #1178905 #1179997 #1180118 #1180594 #1181183 #1181378 #1181665 #1183074 #1183487 #1183600 Cross-References: CVE-2020-25678 CVE-2020-27839 CVE-2021-20288 CVSS scores: CVE-2020-25678 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-27839 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-20288 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20288 (SUSE): 8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves three vulnerabilities and has 16 fixes is now available. Description: This update for ceph, deepsea fixes the following issues: - ceph was updated to 14.2.20-402-g6aa76c6815: * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074). * CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905). * CVE-2020-27839: Use secure cookies to store JWT Token (bsc#1179997). * mgr/dashboard: prometheus alerting: add some leeway for package drops and errors (bsc#1145463) * mon: have 'mon stat' output json as well (bsc#1174466) * rpm: ceph-mgr-dashboard recommends python3-saml on SUSE (bsc#1177200) * mgr/dashboard: Display a warning message in Dashboard when debug mode is enabled (bsc#1178235) * rgw: cls/user: set from_index for reset stats calls (bsc#1178837) * mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) * bluestore: provide a different name for fallback allocator (bsc#1180118) * test/run-cli-tests: use cram from github (bsc#1181378) * mgr/dashboard: fix "Python2 Cookie module import fails on Python3" (bsc#1183487) * common: make ms_bind_msgr2 default to 'false' (bsc#1180594) - deapsea was updated to 0.9.35 * osd: add method to zap simple osds (bsc#1178657, bsc#1178216) * upgrade to cephadm: fix Drive Group generation (bsc#1181665) * Rework config change detection to handle global.conf correctly (bsc#1181183) * Use -i to pass credentials to `ceph dashboard` commands (bsc#1183600) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1472=1 Package List: - SUSE Enterprise Storage 6 (noarch): deepsea-0.9.35+git.0.5a1dc9fe-3.34.1 deepsea-cli-0.9.35+git.0.5a1dc9fe-3.34.1 References: https://www.suse.com/security/cve/CVE-2020-25678.html https://www.suse.com/security/cve/CVE-2020-27839.html https://www.suse.com/security/cve/CVE-2021-20288.html https://bugzilla.suse.com/1145463 https://bugzilla.suse.com/1174466 https://bugzilla.suse.com/1177200 https://bugzilla.suse.com/1178016 https://bugzilla.suse.com/1178216 https://bugzilla.suse.com/1178235 https://bugzilla.suse.com/1178657 https://bugzilla.suse.com/1178837 https://bugzilla.suse.com/1178860 https://bugzilla.suse.com/1178905 https://bugzilla.suse.com/1179997 https://bugzilla.suse.com/1180118 https://bugzilla.suse.com/1180594 https://bugzilla.suse.com/1181183 https://bugzilla.suse.com/1181378 https://bugzilla.suse.com/1181665 https://bugzilla.suse.com/1183074 https://bugzilla.suse.com/1183487 https://bugzilla.suse.com/1183600 From sle-updates at lists.suse.com Tue May 4 16:16:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 18:16:42 +0200 (CEST) Subject: SUSE-RU-2021:1478-1: moderate: Recommended update for libhugetlbfs Message-ID: <20210504161642.B5D7DFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libhugetlbfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1478-1 Rating: moderate References: #1184123 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libhugetlbfs fixes the following issues: - Hardening: Link as PIE (bsc#1184123) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1478=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1478=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libhugetlbfs-2.20-3.3.1 libhugetlbfs-debuginfo-2.20-3.3.1 libhugetlbfs-debugsource-2.20-3.3.1 libhugetlbfs-devel-2.20-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libhugetlbfs-2.20-3.3.1 libhugetlbfs-debuginfo-2.20-3.3.1 libhugetlbfs-debugsource-2.20-3.3.1 libhugetlbfs-devel-2.20-3.3.1 References: https://bugzilla.suse.com/1184123 From sle-updates at lists.suse.com Tue May 4 16:17:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 18:17:46 +0200 (CEST) Subject: SUSE-RU-2021:1483-1: moderate: Recommended update for drbd-formula Message-ID: <20210504161746.8CEC8FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1483-1 Rating: moderate References: #1179529 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd-formula fixes the following issues: - Support different backing device per node. (bsc#1179529) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-1483=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-1483=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): drbd-formula-0.4.2+git.1616116365.1e3ab34-1.9.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): drbd-formula-0.4.2+git.1616116365.1e3ab34-1.9.1 References: https://bugzilla.suse.com/1179529 From sle-updates at lists.suse.com Tue May 4 16:18:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 18:18:51 +0200 (CEST) Subject: SUSE-RU-2021:1479-1: important: Recommended update for ebtables Message-ID: <20210504161851.7B4A8FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for ebtables ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1479-1 Rating: important References: #1182824 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ebtables fixes the following issue: - Lock properly when on `NFS` shares and the `--concurrent` flag is used in a non standard order. (bsc#1182824) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1479=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1479=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): ebtables-2.0.10.4-13.5.1 ebtables-debuginfo-2.0.10.4-13.5.1 ebtables-debugsource-2.0.10.4-13.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ebtables-2.0.10.4-13.5.1 ebtables-debuginfo-2.0.10.4-13.5.1 ebtables-debugsource-2.0.10.4-13.5.1 References: https://bugzilla.suse.com/1182824 From sle-updates at lists.suse.com Tue May 4 16:19:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 18:19:53 +0200 (CEST) Subject: SUSE-RU-2021:1484-1: important: Recommended update for SLES12-SP4-SLES15-Migration Message-ID: <20210504161953.80BD7FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLES12-SP4-SLES15-Migration ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1484-1 Rating: important References: #1182520 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SLES12-SP4-SLES15-Migration fixes the following issues: This is the image build submission which creates the SLE15-Migration package including the binary live migration system. The image build from here installs the new suse-migration-services packages fixes the missing kernel-firmware package in the live migration system. (bsc#1182520) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-1484=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): SLES15-Migration-2.0.24-6 References: https://bugzilla.suse.com/1182520 From sle-updates at lists.suse.com Tue May 4 16:20:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 18:20:57 +0200 (CEST) Subject: SUSE-RU-2021:1480-1: moderate: Recommended update for release-notes-sles Message-ID: <20210504162057.94FCCFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1480-1 Rating: moderate References: #1180943 #1185079 SLE-11159 SLE-11176 SLE-12168 Affected Products: SUSE Linux Enterprise Server Installer 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes and contains three features can now be installed. Description: This update for release-notes-sles fixes the following issues: - 12.5.20210421 (tracked in bsc#1185079) - Added note about supportconfig SAP plugin (jsc#SLE-12168) - Added note about updated Xorg Server (jsc#SLE-11159) - Updated note about LibreOffice version (jsc#SLE-11176) - Fixed typo Image/Images (bsc#1180943) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP5: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP5-2021-1480=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1480=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP5 (noarch): release-notes-sles-12.5.20210421-3.19.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): release-notes-sles-12.5.20210421-3.19.1 References: https://bugzilla.suse.com/1180943 https://bugzilla.suse.com/1185079 From sle-updates at lists.suse.com Tue May 4 16:22:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 18:22:08 +0200 (CEST) Subject: SUSE-RU-2021:1481-1: moderate: Recommended update for lvm2 Message-ID: <20210504162208.0812EFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1481-1 Rating: moderate References: #1178680 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1481=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1481=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1481=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-1481=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1481=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): device-mapper-1.02.163-8.27.1 device-mapper-debuginfo-1.02.163-8.27.1 libdevmapper-event1_03-1.02.163-8.27.1 libdevmapper-event1_03-debuginfo-1.02.163-8.27.1 libdevmapper1_03-1.02.163-8.27.1 libdevmapper1_03-debuginfo-1.02.163-8.27.1 liblvm2cmd2_03-2.03.05-8.27.1 liblvm2cmd2_03-debuginfo-2.03.05-8.27.1 lvm2-2.03.05-8.27.1 lvm2-debuginfo-2.03.05-8.27.1 lvm2-debugsource-2.03.05-8.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.163-8.27.1 device-mapper-debuginfo-1.02.163-8.27.1 device-mapper-devel-1.02.163-8.27.1 libdevmapper-event1_03-1.02.163-8.27.1 libdevmapper-event1_03-debuginfo-1.02.163-8.27.1 libdevmapper1_03-1.02.163-8.27.1 libdevmapper1_03-debuginfo-1.02.163-8.27.1 liblvm2cmd2_03-2.03.05-8.27.1 liblvm2cmd2_03-debuginfo-2.03.05-8.27.1 lvm2-2.03.05-8.27.1 lvm2-debuginfo-2.03.05-8.27.1 lvm2-debugsource-2.03.05-8.27.1 lvm2-devel-2.03.05-8.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libdevmapper1_03-32bit-1.02.163-8.27.1 libdevmapper1_03-32bit-debuginfo-1.02.163-8.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.163-8.27.1 device-mapper-debuginfo-1.02.163-8.27.1 device-mapper-devel-1.02.163-8.27.1 libdevmapper-event1_03-1.02.163-8.27.1 libdevmapper-event1_03-debuginfo-1.02.163-8.27.1 libdevmapper1_03-1.02.163-8.27.1 libdevmapper1_03-debuginfo-1.02.163-8.27.1 liblvm2cmd2_03-2.03.05-8.27.1 liblvm2cmd2_03-debuginfo-2.03.05-8.27.1 lvm2-2.03.05-8.27.1 lvm2-debuginfo-2.03.05-8.27.1 lvm2-debugsource-2.03.05-8.27.1 lvm2-devel-2.03.05-8.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdevmapper1_03-32bit-1.02.163-8.27.1 libdevmapper1_03-32bit-debuginfo-1.02.163-8.27.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-8.27.1 lvm2-lockd-debuginfo-2.03.05-8.27.1 lvm2-lvmlockd-debugsource-2.03.05-8.27.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-8.27.1 lvm2-lockd-debuginfo-2.03.05-8.27.1 lvm2-lvmlockd-debugsource-2.03.05-8.27.1 References: https://bugzilla.suse.com/1178680 From sle-updates at lists.suse.com Tue May 4 16:23:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 18:23:16 +0200 (CEST) Subject: SUSE-RU-2021:1482-1: moderate: Recommended update for release-notes-sles Message-ID: <20210504162316.E0337FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1482-1 Rating: moderate References: #1116306 #1153309 #1185063 SLE-12168 SLE-12799 SLE-4261 SLE-6762 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Installer 15-SP1 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has three recommended fixes and contains four features can now be installed. Description: This update for release-notes-sles fixes the following issues: - 15.1.20210421 (tracked in bsc#1185063) - Added note about Salt 3000 (jsc#SLE-12799) - Added note about virt-install cdrom change (bsc#1116306) - Added note about removal of firewalld from OpenStack JeOS (jsc#SLE-4261) - Added note about supportconfig filename prefix change (jsc#SLE-6762) - Added note about supportconfig SAP plugin (jsc#SLE-12168) - Updated note about RoCE performance (bsc#1153309) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1482=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1482=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1482=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1482=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1482=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1482=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-1482=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1482=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): release-notes-sles-15.1.20210421-3.20.1 - SUSE Manager Retail Branch Server 4.0 (noarch): release-notes-sles-15.1.20210421-3.20.1 - SUSE Manager Proxy 4.0 (noarch): release-notes-sles-15.1.20210421-3.20.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): release-notes-sles-15.1.20210421-3.20.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): release-notes-sles-15.1.20210421-3.20.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): release-notes-sles-15.1.20210421-3.20.1 - SUSE Linux Enterprise Installer 15-SP1 (noarch): release-notes-sles-15.1.20210421-3.20.1 - SUSE Enterprise Storage 6 (noarch): release-notes-sles-15.1.20210421-3.20.1 - SUSE CaaS Platform 4.0 (noarch): release-notes-sles-15.1.20210421-3.20.1 References: https://bugzilla.suse.com/1116306 https://bugzilla.suse.com/1153309 https://bugzilla.suse.com/1185063 From sle-updates at lists.suse.com Tue May 4 16:24:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 18:24:31 +0200 (CEST) Subject: SUSE-RU-2021:1485-1: critical: Recommended update for suse-migration-sle15-activation Message-ID: <20210504162431.F02E2FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-migration-sle15-activation ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1485-1 Rating: critical References: #1182520 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-migration-sle15-activation fixes the following issues: - Respect host kernel boot options for migration. (bsc#1182520) The kernel boot options used on the host to migrate can be important for the migration live environment too. For example if net.ifnames is passed is influences the network interface names to become predictable. As the DMS inherits configuration data from the host e.g the network setup, it's required that also the kernel boot parameters matches. - Fixed loopback root setting for search in grub. The root variable for the loopback search in grub was initialized with the assumption that the /usr/share/ location on the system is on the root partition. This assumption could be incorrect and the code should be smart enough to detect this situation. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-1485=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): suse-migration-sle15-activation-2.0.24-6.20.1 References: https://bugzilla.suse.com/1182520 From sle-updates at lists.suse.com Tue May 4 16:25:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 18:25:36 +0200 (CEST) Subject: SUSE-RU-2021:1476-1: moderate: Recommended update for cups-filters Message-ID: <20210504162536.64DB8FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for cups-filters ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1476-1 Rating: moderate References: #1182893 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cups-filters fixes the following issues: - Fixed an issue when 'foomatic-rip-Filter' crashes. (bsc#1182893) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1476=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1476=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cups-filters-1.25.0-3.3.1 cups-filters-debuginfo-1.25.0-3.3.1 cups-filters-debugsource-1.25.0-3.3.1 cups-filters-devel-1.25.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cups-filters-1.25.0-3.3.1 cups-filters-debuginfo-1.25.0-3.3.1 cups-filters-debugsource-1.25.0-3.3.1 cups-filters-devel-1.25.0-3.3.1 References: https://bugzilla.suse.com/1182893 From sle-updates at lists.suse.com Tue May 4 19:15:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 21:15:37 +0200 (CEST) Subject: SUSE-SU-2021:1500-1: important: Security update for python-Pygments Message-ID: <20210504191537.3345FFD9D@maintenance.suse.de> SUSE Security Update: Security update for python-Pygments ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1500-1 Rating: important References: #1183169 Cross-References: CVE-2021-20270 CVSS scores: CVE-2021-20270 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20270 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pygments fixes the following issues: - CVE-2021-20270: Fixed an infinite loop in SML lexer which may lead to DoS (bsc#1183169) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1500=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1500=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1500=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1500=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1500=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1500=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): python3-Pygments-2.2.0-4.6.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): python3-Pygments-2.2.0-4.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-Pygments-2.2.0-4.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-Pygments-2.2.0-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python3-Pygments-2.2.0-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python3-Pygments-2.2.0-4.6.1 References: https://www.suse.com/security/cve/CVE-2021-20270.html https://bugzilla.suse.com/1183169 From sle-updates at lists.suse.com Tue May 4 19:16:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 21:16:47 +0200 (CEST) Subject: SUSE-RU-2021:1487-1: moderate: Recommended update for python-yarl Message-ID: <20210504191647.4072DFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-yarl ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1487-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for Public Cloud 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for python-yarl contains the following fixes: - Fix python-yarl to build with new python3 version. - Allows mixing amps and semicolons in query strings as separators over previous changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-1487=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-1487=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): python-yarl-debugsource-1.3.0-3.3.1 python3-yarl-1.3.0-3.3.1 python3-yarl-debuginfo-1.3.0-3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): python-yarl-debugsource-1.3.0-3.3.1 python3-yarl-1.3.0-3.3.1 python3-yarl-debuginfo-1.3.0-3.3.1 References: From sle-updates at lists.suse.com Tue May 4 19:17:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 21:17:53 +0200 (CEST) Subject: SUSE-SU-2021:1492-1: important: Security update for samba Message-ID: <20210504191753.441A8FD9D@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1492-1 Rating: important References: #1178469 #1179156 #1184677 Cross-References: CVE-2021-20254 CVSS scores: CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1492=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1492=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1492=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1492=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1492=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1492=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1492=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1492=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1492=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1492=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-1492=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1492=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): samba-doc-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): samba-doc-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE OpenStack Cloud 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE OpenStack Cloud 9 (noarch): samba-doc-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE OpenStack Cloud 8 (noarch): samba-doc-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE OpenStack Cloud 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): samba-doc-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): samba-doc-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): samba-doc-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): samba-doc-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): samba-doc-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libdcerpc-binding0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.282.cfafed5922a-3.61.1 ctdb-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.282.cfafed5922a-3.61.1 ctdb-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 - HPE Helion Openstack 8 (noarch): samba-doc-4.6.16+git.282.cfafed5922a-3.61.1 - HPE Helion Openstack 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc-binding0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libdcerpc0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-krb5pac0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-nbt0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr-standard0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libndr0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libnetapi0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-credentials0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-errors0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-hostconfig0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-passdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamba-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsamdb0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbconf0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libsmbldap0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libtevent-util0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 libwbclient0-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-client-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-debugsource-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-libs-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-32bit-4.6.16+git.282.cfafed5922a-3.61.1 samba-winbind-debuginfo-4.6.16+git.282.cfafed5922a-3.61.1 References: https://www.suse.com/security/cve/CVE-2021-20254.html https://bugzilla.suse.com/1178469 https://bugzilla.suse.com/1179156 https://bugzilla.suse.com/1184677 From sle-updates at lists.suse.com Tue May 4 19:19:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 21:19:15 +0200 (CEST) Subject: SUSE-SU-2021:1498-1: important: Security update for samba Message-ID: <20210504191915.54CEBFD9D@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1498-1 Rating: important References: #1178469 #1179156 #1183572 #1183574 #1184310 #1184677 Cross-References: CVE-2020-27840 CVE-2021-20254 CVE-2021-20277 CVSS scores: CVE-2020-27840 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2021-20277 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - s3-libads: use dns name to open a ldap session (bsc#1184310). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1498=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1498=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1498=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1498=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1498=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1498=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1498=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1498=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1498=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1498=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-python3-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-core-devel-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debugsource-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Manager Server 4.0 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-python3-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-core-devel-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debugsource-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Manager Proxy 4.0 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-python3-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-core-devel-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debugsource-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libdcerpc-binding0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-python3-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-core-devel-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debugsource-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-python3-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-core-devel-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debugsource-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libdcerpc-binding0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-python3-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-core-devel-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debugsource-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-python3-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-core-devel-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debugsource-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-python3-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-core-devel-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debugsource-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.432.d9b18c4f390-3.50.1 ctdb-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debugsource-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-python3-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ceph-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ceph-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-core-devel-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debugsource-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE Enterprise Storage 6 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 - SUSE CaaS Platform 4.0 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-binding0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc-samr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-4.9.5+git.432.d9b18c4f390-3.50.1 libdcerpc0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-krb5pac0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-nbt0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr-standard0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-4.9.5+git.432.d9b18c4f390-3.50.1 libndr0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-4.9.5+git.432.d9b18c4f390-3.50.1 libnetapi0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-credentials0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-errors0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-hostconfig0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-passdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy-python3-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-policy0-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamba-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-4.9.5+git.432.d9b18c4f390-3.50.1 libsamdb0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbconf0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-4.9.5+git.432.d9b18c4f390-3.50.1 libsmbldap2-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-4.9.5+git.432.d9b18c4f390-3.50.1 libtevent-util0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient-devel-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-4.9.5+git.432.d9b18c4f390-3.50.1 libwbclient0-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-4.9.5+git.432.d9b18c4f390-3.50.1 samba-ad-dc-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-4.9.5+git.432.d9b18c4f390-3.50.1 samba-client-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-core-devel-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-debugsource-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-4.9.5+git.432.d9b18c4f390-3.50.1 samba-dsdb-modules-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-libs-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-4.9.5+git.432.d9b18c4f390-3.50.1 samba-python3-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-32bit-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-4.9.5+git.432.d9b18c4f390-3.50.1 samba-winbind-debuginfo-4.9.5+git.432.d9b18c4f390-3.50.1 References: https://www.suse.com/security/cve/CVE-2020-27840.html https://www.suse.com/security/cve/CVE-2021-20254.html https://www.suse.com/security/cve/CVE-2021-20277.html https://bugzilla.suse.com/1178469 https://bugzilla.suse.com/1179156 https://bugzilla.suse.com/1183572 https://bugzilla.suse.com/1183574 https://bugzilla.suse.com/1184310 https://bugzilla.suse.com/1184677 From sle-updates at lists.suse.com Tue May 4 19:20:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 21:20:53 +0200 (CEST) Subject: SUSE-SU-2021:1497-1: important: Security update for sca-patterns-sle11 Message-ID: <20210504192053.6DFC7FD9D@maintenance.suse.de> SUSE Security Update: Security update for sca-patterns-sle11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1497-1 Rating: important References: #1154824 Cross-References: CVE-2020-0543 CVSS scores: CVE-2020-0543 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-0543 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sca-patterns-sle11 fixes the following issues: - New regular patterns (1) for version 1.3.1 * Special Register Buffer Data Sampling aka CrossTalk (CVE-2020-0543) (bsc#1154824) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1497=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1497=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1497=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1497=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1497=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1497=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1497=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1497=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1497=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1497=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1497=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1497=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1497=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1497=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Manager Retail Branch Server 4.0 (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Manager Proxy 4.0 (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE Enterprise Storage 6 (noarch): sca-patterns-sle11-1.3.1-7.6.1 - SUSE CaaS Platform 4.0 (noarch): sca-patterns-sle11-1.3.1-7.6.1 References: https://www.suse.com/security/cve/CVE-2020-0543.html https://bugzilla.suse.com/1154824 From sle-updates at lists.suse.com Tue May 4 19:22:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 21:22:03 +0200 (CEST) Subject: SUSE-SU-2021:1489-1: important: Security update for openexr Message-ID: <20210504192203.99309FD9D@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1489-1 Rating: important References: #1184353 #1184354 #1184355 #1185216 #1185217 Cross-References: CVE-2021-20296 CVE-2021-23215 CVE-2021-26260 CVE-2021-3477 CVE-2021-3479 CVSS scores: CVE-2021-20296 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-23215 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-26260 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3477 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3477 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3479 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3479 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for openexr fixes the following issues: - CVE-2021-23215: Fixed an integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185216). - CVE-2021-26260: Fixed an Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185217). - CVE-2021-20296: Fixed a Null Pointer dereference in Imf_2_5:hufUncompress (bsc#1184355). - CVE-2021-3477: Fixed a Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (bsc#1184353). - CVE-2021-3479: Fixed an Out-of-memory caused by allocation of a very large buffer (bsc#1184354). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1489=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1489=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.27.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.27.1 libIlmImfUtil-2_2-23-2.2.1-3.27.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.27.1 openexr-debuginfo-2.2.1-3.27.1 openexr-debugsource-2.2.1-3.27.1 openexr-devel-2.2.1-3.27.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.27.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.27.1 libIlmImfUtil-2_2-23-2.2.1-3.27.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.27.1 openexr-debuginfo-2.2.1-3.27.1 openexr-debugsource-2.2.1-3.27.1 openexr-devel-2.2.1-3.27.1 References: https://www.suse.com/security/cve/CVE-2021-20296.html https://www.suse.com/security/cve/CVE-2021-23215.html https://www.suse.com/security/cve/CVE-2021-26260.html https://www.suse.com/security/cve/CVE-2021-3477.html https://www.suse.com/security/cve/CVE-2021-3479.html https://bugzilla.suse.com/1184353 https://bugzilla.suse.com/1184354 https://bugzilla.suse.com/1184355 https://bugzilla.suse.com/1185216 https://bugzilla.suse.com/1185217 From sle-updates at lists.suse.com Tue May 4 19:23:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 21:23:27 +0200 (CEST) Subject: SUSE-SU-2021:1491-1: moderate: Security update for p7zip Message-ID: <20210504192327.85BDBFD9D@maintenance.suse.de> SUSE Security Update: Security update for p7zip ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1491-1 Rating: moderate References: #1184699 Cross-References: CVE-2021-3465 CVSS scores: CVE-2021-3465 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for p7zip fixes the following issues: - CVE-2021-3465: Fixed a NULL pointer dereference in NCompress:CCopyCoder:Code (bsc#1184699) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1491=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1491=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): p7zip-16.02-14.5.1 p7zip-debugsource-16.02-14.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): p7zip-16.02-14.5.1 p7zip-debugsource-16.02-14.5.1 p7zip-full-16.02-14.5.1 p7zip-full-debuginfo-16.02-14.5.1 References: https://www.suse.com/security/cve/CVE-2021-3465.html https://bugzilla.suse.com/1184699 From sle-updates at lists.suse.com Tue May 4 19:24:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 21:24:36 +0200 (CEST) Subject: SUSE-SU-2021:1499-1: important: Security update for webkit2gtk3 Message-ID: <20210504192436.75269FD9D@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1499-1 Rating: important References: #1182719 #1184155 #1184262 Cross-References: CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVSS scores: CVE-2020-27918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-29623 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2021-1765 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1788 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1789 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1799 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1801 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1844 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1871 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.0 (bsc#1184155): * Fix the authentication request port when URL omits the port. * Fix iframe scrolling when main frame is scrolled in async * scrolling mode. * Stop using g_memdup. * Show a warning message when overriding signal handler for * threading suspension. * Fix the build on RISC-V with GCC 11. * Fix several crashes and rendering issues. * Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871 - Update in version 2.30.6 (bsc#1184262): * Update user agent quirks again for Google Docs and Google Drive. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870. - Update _constraints for armv6/armv7 (bsc#1182719) - restore NPAPI plugin support which was removed in 2.32.0 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1499=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1499=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1499=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1499=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1499=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1499=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1499=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1499=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1499=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1499=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1499=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1499=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1499=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Manager Server 4.0 (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Manager Retail Branch Server 4.0 (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Manager Proxy 4.0 (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Manager Proxy 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE Enterprise Storage 6 (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 - SUSE CaaS Platform 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.32.0-3.74.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1 libwebkit2gtk-4_0-37-2.32.0-3.74.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2-4_0-2.32.0-3.74.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1 webkit2gtk3-debugsource-2.32.0-3.74.1 webkit2gtk3-devel-2.32.0-3.74.1 - SUSE CaaS Platform 4.0 (noarch): libwebkit2gtk3-lang-2.32.0-3.74.1 References: https://www.suse.com/security/cve/CVE-2020-27918.html https://www.suse.com/security/cve/CVE-2020-29623.html https://www.suse.com/security/cve/CVE-2021-1765.html https://www.suse.com/security/cve/CVE-2021-1788.html https://www.suse.com/security/cve/CVE-2021-1789.html https://www.suse.com/security/cve/CVE-2021-1799.html https://www.suse.com/security/cve/CVE-2021-1801.html https://www.suse.com/security/cve/CVE-2021-1844.html https://www.suse.com/security/cve/CVE-2021-1870.html https://www.suse.com/security/cve/CVE-2021-1871.html https://bugzilla.suse.com/1182719 https://bugzilla.suse.com/1184155 https://bugzilla.suse.com/1184262 From sle-updates at lists.suse.com Tue May 4 19:25:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 21:25:56 +0200 (CEST) Subject: SUSE-SU-2021:1494-1: moderate: Security update for avahi Message-ID: <20210504192556.CC191FD9D@maintenance.suse.de> SUSE Security Update: Security update for avahi ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1494-1 Rating: moderate References: #1184521 Cross-References: CVE-2021-3468 CVSS scores: CVE-2021-3468 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-1494=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1494=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1494=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): avahi-glib2-debugsource-0.6.32-32.15.1 libavahi-gobject0-0.6.32-32.15.1 libavahi-gobject0-debuginfo-0.6.32-32.15.1 libavahi-ui-gtk3-0-0.6.32-32.15.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.15.1 libavahi-ui0-0.6.32-32.15.1 libavahi-ui0-debuginfo-0.6.32-32.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): avahi-compat-howl-devel-0.6.32-32.15.1 avahi-compat-mDNSResponder-devel-0.6.32-32.15.1 avahi-debuginfo-0.6.32-32.15.1 avahi-debugsource-0.6.32-32.15.1 avahi-glib2-debugsource-0.6.32-32.15.1 libavahi-devel-0.6.32-32.15.1 libavahi-glib-devel-0.6.32-32.15.1 libavahi-gobject-devel-0.6.32-32.15.1 libavahi-gobject0-0.6.32-32.15.1 libavahi-gobject0-debuginfo-0.6.32-32.15.1 libavahi-ui-gtk3-0-0.6.32-32.15.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.15.1 libavahi-ui0-0.6.32-32.15.1 libavahi-ui0-debuginfo-0.6.32-32.15.1 libhowl0-0.6.32-32.15.1 libhowl0-debuginfo-0.6.32-32.15.1 python-avahi-0.6.32-32.15.1 typelib-1_0-Avahi-0_6-0.6.32-32.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): avahi-0.6.32-32.15.1 avahi-debuginfo-0.6.32-32.15.1 avahi-debugsource-0.6.32-32.15.1 avahi-glib2-debugsource-0.6.32-32.15.1 avahi-utils-0.6.32-32.15.1 avahi-utils-debuginfo-0.6.32-32.15.1 libavahi-client3-0.6.32-32.15.1 libavahi-client3-debuginfo-0.6.32-32.15.1 libavahi-common3-0.6.32-32.15.1 libavahi-common3-debuginfo-0.6.32-32.15.1 libavahi-core7-0.6.32-32.15.1 libavahi-core7-debuginfo-0.6.32-32.15.1 libavahi-glib1-0.6.32-32.15.1 libavahi-glib1-debuginfo-0.6.32-32.15.1 libdns_sd-0.6.32-32.15.1 libdns_sd-debuginfo-0.6.32-32.15.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.15.1 libavahi-client3-32bit-0.6.32-32.15.1 libavahi-client3-debuginfo-32bit-0.6.32-32.15.1 libavahi-common3-32bit-0.6.32-32.15.1 libavahi-common3-debuginfo-32bit-0.6.32-32.15.1 libavahi-glib1-32bit-0.6.32-32.15.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.15.1 libdns_sd-32bit-0.6.32-32.15.1 libdns_sd-debuginfo-32bit-0.6.32-32.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): avahi-lang-0.6.32-32.15.1 References: https://www.suse.com/security/cve/CVE-2021-3468.html https://bugzilla.suse.com/1184521 From sle-updates at lists.suse.com Tue May 4 19:27:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 21:27:04 +0200 (CEST) Subject: SUSE-SU-2021:1493-1: moderate: Security update for avahi Message-ID: <20210504192704.5BB64FD9D@maintenance.suse.de> SUSE Security Update: Security update for avahi ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1493-1 Rating: moderate References: #1184521 Cross-References: CVE-2021-3468 CVSS scores: CVE-2021-3468 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1493=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1493=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1493=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1493=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1493=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1493=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.7-3.9.1 avahi-debugsource-0.7-3.9.1 python3-avahi-0.7-3.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.7-3.9.1 avahi-debugsource-0.7-3.9.1 python3-avahi-0.7-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.7-3.9.1 avahi-autoipd-debuginfo-0.7-3.9.1 avahi-debuginfo-0.7-3.9.1 avahi-debugsource-0.7-3.9.1 avahi-glib2-debugsource-0.7-3.9.1 avahi-utils-gtk-0.7-3.9.1 avahi-utils-gtk-debuginfo-0.7-3.9.1 libavahi-gobject-devel-0.7-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.7-3.9.1 avahi-autoipd-debuginfo-0.7-3.9.1 avahi-debuginfo-0.7-3.9.1 avahi-debugsource-0.7-3.9.1 avahi-glib2-debugsource-0.7-3.9.1 avahi-utils-gtk-0.7-3.9.1 avahi-utils-gtk-debuginfo-0.7-3.9.1 libavahi-gobject-devel-0.7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): avahi-0.7-3.9.1 avahi-compat-howl-devel-0.7-3.9.1 avahi-compat-mDNSResponder-devel-0.7-3.9.1 avahi-debuginfo-0.7-3.9.1 avahi-debugsource-0.7-3.9.1 avahi-glib2-debugsource-0.7-3.9.1 avahi-utils-0.7-3.9.1 avahi-utils-debuginfo-0.7-3.9.1 libavahi-client3-0.7-3.9.1 libavahi-client3-debuginfo-0.7-3.9.1 libavahi-common3-0.7-3.9.1 libavahi-common3-debuginfo-0.7-3.9.1 libavahi-core7-0.7-3.9.1 libavahi-core7-debuginfo-0.7-3.9.1 libavahi-devel-0.7-3.9.1 libavahi-glib-devel-0.7-3.9.1 libavahi-glib1-0.7-3.9.1 libavahi-glib1-debuginfo-0.7-3.9.1 libavahi-gobject0-0.7-3.9.1 libavahi-gobject0-debuginfo-0.7-3.9.1 libavahi-ui-gtk3-0-0.7-3.9.1 libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1 libavahi-ui0-0.7-3.9.1 libavahi-ui0-debuginfo-0.7-3.9.1 libdns_sd-0.7-3.9.1 libdns_sd-debuginfo-0.7-3.9.1 libhowl0-0.7-3.9.1 libhowl0-debuginfo-0.7-3.9.1 typelib-1_0-Avahi-0_6-0.7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): avahi-32bit-debuginfo-0.7-3.9.1 libavahi-client3-32bit-0.7-3.9.1 libavahi-client3-32bit-debuginfo-0.7-3.9.1 libavahi-common3-32bit-0.7-3.9.1 libavahi-common3-32bit-debuginfo-0.7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): avahi-lang-0.7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-0.7-3.9.1 avahi-compat-howl-devel-0.7-3.9.1 avahi-compat-mDNSResponder-devel-0.7-3.9.1 avahi-debuginfo-0.7-3.9.1 avahi-debugsource-0.7-3.9.1 avahi-glib2-debugsource-0.7-3.9.1 avahi-utils-0.7-3.9.1 avahi-utils-debuginfo-0.7-3.9.1 libavahi-client3-0.7-3.9.1 libavahi-client3-debuginfo-0.7-3.9.1 libavahi-common3-0.7-3.9.1 libavahi-common3-debuginfo-0.7-3.9.1 libavahi-core7-0.7-3.9.1 libavahi-core7-debuginfo-0.7-3.9.1 libavahi-devel-0.7-3.9.1 libavahi-glib-devel-0.7-3.9.1 libavahi-glib1-0.7-3.9.1 libavahi-glib1-debuginfo-0.7-3.9.1 libavahi-gobject0-0.7-3.9.1 libavahi-gobject0-debuginfo-0.7-3.9.1 libavahi-ui-gtk3-0-0.7-3.9.1 libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1 libavahi-ui0-0.7-3.9.1 libavahi-ui0-debuginfo-0.7-3.9.1 libdns_sd-0.7-3.9.1 libdns_sd-debuginfo-0.7-3.9.1 libhowl0-0.7-3.9.1 libhowl0-debuginfo-0.7-3.9.1 typelib-1_0-Avahi-0_6-0.7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): avahi-lang-0.7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): avahi-32bit-debuginfo-0.7-3.9.1 libavahi-client3-32bit-0.7-3.9.1 libavahi-client3-32bit-debuginfo-0.7-3.9.1 libavahi-common3-32bit-0.7-3.9.1 libavahi-common3-32bit-debuginfo-0.7-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-3468.html https://bugzilla.suse.com/1184521 From sle-updates at lists.suse.com Tue May 4 19:28:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 May 2021 21:28:10 +0200 (CEST) Subject: SUSE-SU-2021:1490-1: moderate: Security update for python36 Message-ID: <20210504192810.1B785FD9D@maintenance.suse.de> SUSE Security Update: Security update for python36 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1490-1 Rating: moderate References: #1183374 Cross-References: CVE-2021-3426 CVSS scores: CVE-2021-3426 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python36 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1490=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.13-4.39.1 libpython3_6m1_0-debuginfo-3.6.13-4.39.1 python36-3.6.13-4.39.1 python36-base-3.6.13-4.39.1 python36-base-debuginfo-3.6.13-4.39.1 python36-debuginfo-3.6.13-4.39.1 python36-debugsource-3.6.13-4.39.1 References: https://www.suse.com/security/cve/CVE-2021-3426.html https://bugzilla.suse.com/1183374 From sle-updates at lists.suse.com Wed May 5 06:14:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 08:14:24 +0200 (CEST) Subject: SUSE-CU-2021:137-1: Security update of suse/sle15 Message-ID: <20210505061424.690E0B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:137-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.385 Container Release : 4.22.385 Severity : important Type : security References : 1184401 CVE-2021-20305 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). From sle-updates at lists.suse.com Wed May 5 06:21:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 08:21:47 +0200 (CEST) Subject: SUSE-CU-2021:138-1: Security update of suse/sle15 Message-ID: <20210505062147.70C87B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:138-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.904 Container Release : 8.2.904 Severity : important Type : security References : 1182899 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) From sle-updates at lists.suse.com Wed May 5 16:15:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:15:51 +0200 (CEST) Subject: SUSE-RU-2021:1511-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20210505161551.4AA91FF53@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1511-1 Rating: moderate References: #1131670 #1178072 #1181124 #1181474 #1183959 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-prometheus-prometheus: - Uyuni: `hostname` label is now set to FQDN instead of IP grafana: - Update to version 7.4.2: * Make Datetime local (No date if today) working (#31274) (#31275) * "Release: Updated versions in package to 7.4.2" (#31272) * [v7.4.x] Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#31269) * Snapshots: Disallow anonymous user to create snapshots (#31263) (#31266) * only update usagestats every 30min (#31131) (#31262) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) (#31248) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) (#31245) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) (#31246) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193, #31244) * LibraryPanels: Disconnect before connect during dashboard save (#31235) (#31238) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) (#31239) * Variables: Adds back default option for data source variable (#31208) (#31232) * IPv6: Support host address configured with enclosing square brackets (#31226) (#31228) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179, #31224) * Remove last synchronisation field from LDAP debug view (#30984) (#31221) * [v7.4.x]: Sync drone config from master to stable release branch (#31213) * DataSourceSrv: Filter out non queryable data sources by default (#31144) (#31214) * Alerting: Fix modal text for deleting obsolete notifier (#31171) (#31209) * Variables: Fixes missing empty elements from regex filters (#31156) (#31201) * DashboardLinks: Fixes links always cause full page reload (#31178) (#31181) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) (#31162) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) (#31176) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) (#31170) - Fix "inconsistent vendoring" build failure - Update to version 7.4.1: * "Release: Updated versions in package to 7.4.1" (#31128) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) (#31127) * MuxWriter: Handle error for already closed file (#31119) (#31120) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) (#31117) * Exemplars: Change CTA style (#30880) (#31105) * test: add support for timeout to be passed in for addDatasource (#30736) (#31090) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) (#31100) * Elasticsearch: fix log row context erroring out (#31088) (#31094) * test: update addDashboard flow for v7.4.0 changes (#31059) (#31084) * Usage stats: Adds source/distributor setting (#31039) (#31076) * DashboardLinks: Fixes crash when link has no title (#31008) (#31050) * Make value mappings correctly interpret numeric-like strings (#30893) (#30912) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) (#31037) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) (#31032) * convert path to posix by default (#31045) (#31053) * Alerting: Fixes so notification channels are properly deleted (#31040) (#31046) * Drone: Fix deployment image (#31027) (#31029) * Graph: Fixes so graph is shown for non numeric time values (#30972) (#31014) * instrumentation: make the first database histogram bucket smaller (#30995) (#31001) * Build: Releases e2e and e2e-selectors too (#31006) (#31007) * TextPanel: Fixes so panel title is updated when variables change (#30884) (#31005) * StatPanel: Fixes issue formatting date values using unit option (#30979) (#30991) * Units: Fixes formatting of duration units (#30982) (#30986) * Elasticsearch: Show Size setting for raw_data metric (#30980) (#30983) * Logging: sourcemap support for frontend stacktraces (#30590) (#30976) * e2e: extends selector factory to plugins (#30932) (#30934) * Variables: Adds queryparam formatting option (#30858) (#30924) * Exemplars: change api to reflect latest changes (#30910) (#30915) * "Release: Updated versions in package to 7.4.0" (#30898) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) (#30896) * GrafanaUI: Add a way to persistently close InfoBox (#30716) (#30895) * [7.4.x] AlertingNG: List saved Alert definitions in Alert Rule list (30890)(30603) * Alerting: Fixes alert panel header icon not showing (#30840) (#30885) * Plugins: Requests validator (#30445) (#30877) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) (#30883) * bump grabpl version to 0.5.36 (#30874) (#30878) * Chore: remove __debug_bin (#30725) (#30857) * Grafana-ui: fixes closing modals with escape key (#30745) (#30873) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) (#30852) * Add alt text to plugin logos (#30710) (#30872) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) (#30870) * Prometheus: Set type of labels to string (#30831) (#30835) * AlertingNG: change API permissions (#30781) (#30814) * Grafana-ui: fixes no data message in Table component (#30821) (#30855) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) (#30843) * Chore: add more docs annotations (#30847) (#30851) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) (#30846) * Transforms: allow boolean in field calculations (#30802) (#30845) * CDN: Fixes cdn path when Grafana is under sub path (#30822) (#30823) * bump cypress to 6.3.0 (#30644) (#30819) * Expressions: Measure total transformation requests and elapsed time (#30514) (#30789) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) (#30811) * [v7.4.x]: Menu: Mark menu components as internal (#30801) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) (#30635) * GraphNG: Disable Plot logging by default (#30390) (#30500) * Storybook: Migrate card story to use controls (#30535) (#30549) * GraphNG: add bar alignment option (#30499) (#30790) * Variables: Clears drop down state when leaving dashboard (#30810) (#30812) * Add missing callback dependency (#30797) (#30809) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) (#30799) * Add width for Variable Editors (#30791) (#30795) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) (#30792) * PanelEdit: Trigger refresh when changing data source (#30744) (#30767) * AlertingNG: Enable UI to Save Alert Definitions (#30394) (#30548) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) (#30779) * CDN: Adds support for serving assets over a CDN (#30691) (#30776) * Explore: Update styling of buttons (#30493) (#30508) * Loki: Append refId to logs uid (#30418) (#30537) * skip symlinks to directories when generating plugin manifest (#30721) (#30738) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) (#30750) * BarChart: add alpha bar chart panel (#30323) (#30754) * Datasource: Use json-iterator configuration compatible with standard library (#30732) (#30739) * Variables: Fixes so text format will show All instead of custom all (#30730) (#30731) * AlertingNG: pause/unpause definitions via the API (#30627) (#30672) * PanelLibrary: better handling of deleted panels (#30709) (#30726) * Transform: improve the "outer join" performance/behavior (#30407) (#30722) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) (#30714) * Use connected GraphNG in Explore (#30707) (#30708) * PanelLibrary: changes casing of responses and adds meta property (#30668) (#30711) * DeployImage: Switch base images to Debian (#30684) (#30699) * Trace: trace to logs design update (#30637) (#30702) * Influx: Show all datapoints for dynamically windowed flux query (#30688) (#30703) * ci(npm-publish): add missing github package token to env vars (#30665) (#30673) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) (#30681) * Grafana-UI: Fix setting default value for MultiSelect (#30671) (#30687) * Explore: Fix jumpy live tailing (#30650) (#30677) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) (#30670) * Variables: Fixes display value when using capture groups in regex (#30636) (#30661) * Docs: Fix expressions enabled description (#30589) (#30651) * Licensing Docs: Adding license restrictions docs (#30216) (#30648) * DashboardSettings: fixes vertical scrolling (#30640) (#30643) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) (#30631) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) (#30557) * Footer: Fixes layout issue in footer (#30443) (#30494) * Variables: Fixes so queries work for numbers values too (#30602) (#30624) * Admin: Fixes so form values are filled in from backend (#30544) (#30623) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502, #30614) * NodeGraph: Add docs (#30504) (#30613) * Cloud Monitoring: Fix legend naming with display name override (#30440) (#30503) * Expressions: Add option to disable feature (#30541) (#30558) * OldGraph: Fix height issue in Firefox (#30565) (#30582) * XY Chart: fix editor error with empty frame (no fields) (#30573) (#30577) * XY Chart: share legend config with timeseries (#30559) (#30566) * DataFrame: cache frame/field index in field state (#30529) (#30560) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) (#30556) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519, #30550) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) (#30487) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) (#30528) * GraphNG: uPlot 1.6.2 (#30521) (#30522) * Chore: Upgrade grabpl version (#30486) (#30513) * grafana/ui: Fix internal import from grafana/data (#30439) (#30507) * prevent field config from being overwritten (#30437) (#30442) * Chore: upgrade NPM security vulnerabilities (#30397) (#30495) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) (#30492) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) (#30497) * Chore: adds wait to e2e test (#30488) (#30490) * Graph: Fixes so only users with correct permissions can add annotations (#30419) (#30466) * Alerting: Hides threshold handle for percentual thresholds (#30431) (#30467) * Timeseries: only migrage point size when configured (#30461) (#30470) * Expressions: Fix button icon (#30444) (#30450) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) (#30451) * Docs: Fix img link for alert notification template (#30436) (#30447) * Chore: Upgrade build pipeline tool (#30456) (#30457) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389, #30438) * "Release: Updated versions in package to 7.4.0-beta.1" (#30427) * Chore: Update what's new URL (#30423) * GraphNG: assume uPlot's series stroke is always a function (#30416) * PanelLibrary: adding library panels to Dashboard Api (#30278) * Prettier: Fixes to files that came in after main upgrade (#30410) * Cloud Monitoring: Add curated dashboards for the most popular GCP services (#29930) * Mssql integrated security (#30369) * Prettier: Upgrade to 2 (#30387) * GraphNG: sort ascending if the values appear reversed (#30405) * Docs: Grafana whats new 7.4 (#30404) * Dashboards: Adds cheat sheet toggle to supported query editors (#28857) * Docs: Update timeseries-dimensions.md (#30403) * Alerting: Evaluate data templating in alert rule name and message (#29908) * Docs: Add links to 7.3 patch release notes (#30292) * Docs: Update _index.md (#29546) * Docs: Update jaeger.md (#30401) * Expressions: Remove feature toggle (#30316) * Docs: Update tempo.md (#30399) * Docs: Update zipkin.md (#30400) * services/provisioning: Various cleanup (#30396) * DashboardSchemas: OpenAPI Schema Generation (#30242) * AlertingNG: Enforce unique alert definition title (non empty)/UID per organisation (#30380) * Licensing: Document new v7.4 options and APIs (#30217) * Auth: add expired token error and update CreateToken function (#30203) * NodeGraph: Add node graph visualization (#29706) * Add jwtTokenAuth to plugin metadata schema (#30346) * Plugins: Force POSIX style path separators for manifest generation (#30287) * Add enterprise reporting fonts to gitignore (#30385) * Field overrides: skipping overrides for properties no longer existing in plugin (#30197) * NgAlerting: View query result (#30218) * Grafana-UI: Make Card story public (#30388) * Dashboard: migrate version history list (#29970) * Search: use Card component (#29892) * PanelEvents: Isolate more for old angular query editors (#30379) * Loki: Remove showing of unique labels with the empty string value (#30363) * Chore: Lint all files for no-only-tests (#30364) * Clears errors after running new query (#30367) * Prometheus: Change exemplars endpoint (#30378) * Explore: Fix a bug where Typeahead crashes when a large amount of ite??? (#29637) * Circular vector: improve generics (#30375) * Update signing docs (#30296) * Email: change the year in templates (#30294) * grafana/ui: export TLS auth component (#30320) * Query Editor: avoid word wrap (#30373) * Transforms: add sort by transformer (#30370) * AlertingNG: Save alert instances (#30223) * GraphNG: Color series from by value scheme & change to fillGradient to gradientMode (#29893) * Chore: Remove not used PanelOptionsGrid component (#30358) * Zipkin: Remove browser access mode (#30360) * Jaeger: Remove browser access mode (#30349) * chore: bump lodash to 4.17.20 (#30359) * ToolbarButton: New emotion based component to replace all navbar, DashNavButton and scss styles (#30333) * Badge: Increase contrast, remove rocket icon for plugin beta/alpha state (#30357) * Licensing: Send map of environment variables to plugins (#30347) * Dashboards: Exit to dashboard when deleting panel from panel view / edit view (#29032) * Cloud Monitoring: MQL support (#26551) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30348) * Panel options UI: Allow collapsible categories (#30301) * Grafana-ui: Fix context menu item always using onClick instead of href (#30350) * Badge: Design improvement & reduce contrast (#30328) * make sure stats are added horizontally and not vertically (#30106) * Chore(deps): Bump google.golang.org/grpc from 1.33.1 to 1.35.0 (#30342) * Chore(deps): Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 (#30341) * Chore(deps): Bump github.com/google/uuid from 1.1.2 to 1.1.5 (#30340) * Chore(deps): Bump github.com/hashicorp/go-version from 1.2.0 to 1.2.1 (#30339) * Fix HTML character entity error (#30334) * GraphNG: fix fillBelowTo regression (#30330) * GraphNG: implement softMin/softMax for auto-scaling stabilization. close #979. (#30326) * Legend: Fixes right y-axis legend from being pushed outside the bounds of the panel (#30327) * Grafana-toolkit: Update component generator templates (#30306) * Panels: remove beta flag from stat and bargauge panels (#30324) * GraphNG: support fill below to (bands) (#30268) * grafana-cli: Fix security issue (#28888) * AlertingNG: Modify queries and transform endpoint to get datasource UIDs (#30297) * Chore: Fix missing property from ExploreGraph (#30315) * Prometheus: Add support for Exemplars (#28057) * Grafana-UI: Enhances for TimeRangePicker and TimeRangeInput (#30102) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30312) * Table: Fixes BarGauge cell display mode font size so that it is fixed to the default cell font size (#30303) * AngularGraph: Fixes issues with legend wrapping after legend refactoring (#30283) * Plugins: Add Open Distro to the list of data sources supported by sigv4 (#30308) * Chore: Moves common and response into separate packages (#30298) * GraphNG: remove y-axis position control from series color picker in the legend (#30302) * Table: migrate old-table config to new table config (#30142) * Elasticsearch: Support extended stats and percentiles in terms order by (#28910) * Docs: Update release notes index * GraphNG: stats in legend (#30251) * Grafana UI: EmptySearchResult docs (#30281) * Plugins: Use the includes.path (if exists) on sidebar includes links (#30291) * Fix spinner and broken buttons (#30286) * Graph: Consider reverse sorted data points on isOutsideRange check (#30289) * Update getting-started.md (#30257) * Backend: use sdk version (v0.81.0) without transform (gel) code (#29236) * Chore: update latest versions to 7.3.7 (#30282) * Loki: Fix hiding of series in table if labels have number values (#30185) * Loki: Lower min step to 1ms (#30135) * Prometheus: Improve autocomplete performance and remove disabling of dynamic label lookup (#30199) * Icons: Adds custom icon support ands new panel and interpolation icons (#30277) * ReleaseNotes: Updated changelog and release notes for 7.3.7 (#30280) * Grafana-ui: Allow context menu items to be open in new tab (#30141) * Cloud Monitoring: Convert datasource to use Dataframes (#29830) * GraphNG: added support to change series color from legend. (#30256) * AzureMonitor: rename labels for query type dropdown (#30143) * Decimals: Improving auto decimals logic for high numbers and scaled units (#30262) * Elasticsearch: Use minimum interval for alerts (#30049) * TimeSeriesPanel: The new graph panel now supports y-axis value mapping #30272 * CODEOWNERS: Make backend squad owners of backend style guidelines (#30266) * Auth: Add missing request headers to SigV4 middleware allowlist (#30115) * Grafana-UI: Add story/docs for FilterPill (#30252) * Grafana-UI: Add story/docs for Counter (#30253) * Backend style guide: Document JSON guidelines (#30267) * GraphNG: uPlot 1.6, hide "Show points" in Points mode, enable "dot" lineStyle (#30263) * Docs: Update prometheus.md (#30240) * Docs: Cloudwatch filter should be JSON format (#30243) * API: Add by UID routes for data sources (#29884) * Docs: Update datasource_permissions.md (#30255) * Cloudwatch: Move deep link creation to the backend (#30206) * Metrics API: Use jsoniter for JSON encoding (#30250) * Add option in database config to skip migrations for faster startup. (#30146) * Set signed in users email correctly (#30249) * Drone: Upgrade build pipeline tool (#30247) * runRequest: Fixes issue with request time range and time range returned to panels are off causing data points to be cut off (outside) (#30227) * Elasticsearch: fix handling of null values in query_builder (#30234) * Docs: help users connect to Prometheus using SigV4 (#30232) * Update documentation-markdown-guide.md (#30207) * Update documentation-markdown-guide.md (#30235) * Better logging of plugin scanning errors (#30231) * Print Node.js and Toolkit versions (#30230) * Chore: bump rollup across all packages (#29486) * Backend style guide: Document database patterns (#30219) * Chore: Bump plugin-ci-alpine Docker image version (#30225) * Legends: Refactoring and rewrites of legend components to simplify components & reuse (#30165) * Use Node.js 14.x in plugin CI (#30209) * Field overrides: extracting the field config factory into its own reusable module. (#30214) * LibraryPanels: adds connections (#30212) * PanelOptionsGroups: Only restore styles from PanelOptionsGroup (#30215) * Variables: Add deprecation warning for value group tags (#30160) * GraphNG: Hide grid for right-y axis if left x-axis exists (#30195) * Middleware: Add CSP support (#29740) * Updated image links to have newer format. (#30208) * Docs: Update usage-insights.md (#30150) * Share panel dashboard add images (#30201) * Update documentation-style-guide.md (#30202) * Docs: Fix links to transforms (#30194) * docs(badge): migrate story to use controls (#30180) * Chore(deps): Bump github.com/prometheus/common from 0.14.0 to 0.15.0 (#30188) * Fix alert definition routine stop (#30117) * Chore(deps): Bump gopkg.in/square/go-jose.v2 from 2.4.1 to 2.5.1 (#30189) * InlineSwitch: Minor story fix (#30186) * Chore(deps): Bump github.com/gosimple/slug from 1.4.2 to 1.9.0 (#30178) * Chore(deps): Bump github.com/fatih/color from 1.9.0 to 1.10.0 (#30183) * Chore(deps): Bump github.com/lib/pq from 1.3.0 to 1.9.0 (#30181) * Chore(deps): Bump github.com/hashicorp/go-plugin from 1.2.2 to 1.4.0 (#30175) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.7.0 to 0.9.0 (#30171) * Gauge: Fixes issue with all null values cause min & max to be null (#30156) * Links: Add underline on hover for links in NewsPanel (#30166) * GraphNG: Update to test dashboards (#30153) * CleanUp: Removed old panel options group component (#30157) * AngularQueryEditors: Fixes to Graphite query editor and other who refer to other queries (#30154) * Chore(deps): Bump github.com/robfig/cron/v3 from 3.0.0 to 3.0.1 (#30172) * Chore(deps): Bump github.com/urfave/cli/v2 from 2.1.1 to 2.3.0 (#30173) * Chore: Fix spelling issue (#30168) * Revise README.md. (#30145) * Chore(deps): Bump github.com/mattn/go-sqlite3 from 1.11.0 to 1.14.6 (#30174) * InlineSwitch: Added missing InlineSwitch component and fixed two places that used unaligned inline switch (#30162) * GraphNG: add new alpha XY Chart (#30096) * Elastic: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#30009) * OpenTSDB: Support request cancellation properly (#29992) * InfluxDB: Update Flux external link (#30158) * Allow dependabot to keep go packages up-to-date (#30170) * PluginState: Update comment * GraphNG: Minor polish & updates to new time series panel and move it from alpha to beta (#30163) * Share panel dashboard (#30147) * GraphNG: rename "graph3" to "timeseries" panel (#30123) * Add info about access mode (#30137) * Prometheus: Remove running of duplicated metrics query (#30108) * Prometheus: Fix autocomplete does not work on incomplete input (#29854) * GraphNG: remove graph2 panel (keep the parts needed for explore) (#30124) * Docs: Add metadata to activating licensing page (#30140) * MixedDataSource: Added missing variable support flag (#30110) * AngularPanels: Fixes issue with some panels not rendering when going into edit mode due to no height (#30113) * AngularPanels: Fixes issue with discrete panel that used the initialized event (#30133) * Explore: Make getFieldLinksForExplore more reusable (#30134) * Elasticsearch: Add Support for Serial Differencing Pipeline Aggregation (#28618) * Angular: Fixes issue with angular directive caused by angular upgrade in master (#30114) * Analytics: add data source type in data-request events (#30087) * GraphNG: "Interpolation: Step after" test (#30127) * GraphNG: check cross-axis presence when auto-padding. close #30121. (#30126) * Alerting: improve alerting default datasource search when extracting alerts (#29993) * Loki: Timeseries should not produce 0-values for missing data (#30116) * GraphNG: support dashes (#30070) * GraphNG: fix spanGaps optimization in alignDataFrames(). see #30101. (#30118) * Alerting NG: update API to expect UIDs instead of IDs (#29896) * GraphNG: Overhaul of main test dashboard and update to null & gaps dashboard (#30101) * Chore: Fix intermittent time-related test failure in explore datasource instance update (#30109) * QueryEditorRow: Ability to change query name (#29779) * Frontend: Failed to load application files message improvement IE11 (#30011) * Drone: Upgrade build pipeline tool (#30104) * Fix phrasing. (#30075) * Chore: Add CloudWatch HTTP API tests (#29691) * Elastic: Fixes so templating queries work (#30003) * Chore: Rewrite elasticsearch client test to standard library (#30093) * Chore: Rewrite tsdb influxdb test to standard library (#30091) * Fix default maximum lifetime an authenticated user can be logged in (#30030) * Instrumentation: re-enable database wrapper feature to expose counter and histogram for database queries (#29662) * Docs: Update labels to fields transform (#30086) * GraphNG: adding possibility to toggle tooltip, graph and legend for series (#29575) * Chore: Rewrite tsdb cloudmonitoring test to standard library (#30090) * Chore: Rewrite tsdb azuremonitor time grain test to standard library (#30089) * Chore: Rewrite tsdb graphite test to standard library (#30088) * Chore: Upgrade Docker build image wrt. Go/golangci-lint/Node (#30077) * Usage Stats: Calculate concurrent users as a histogram (#30006) * Elasticsearch: Fix broken alerting when using pipeline aggregations (#29903) * Drone: Fix race conditions between Enterprise and Enterprise2 (#30076) * Chore: Rewrite models datasource cache test to standard library (#30040) * Plugins: prevent app plugin from rendering with wrong location (#30017) * Update NOTICE.md * Chore: Tiny typo fix `rage` -> `range` (#30067) * Docs: loki.md: Add example of Loki data source config (#29976) * ReleaseNotes: Updated changelog and release notes for 7.3.6 (#30066) * Docs: Update usage-insights.md (#30065) * Docs: Update white-labeling.md (#30064) * Chore(deps): Bump axios from 0.19.2 to 0.21.1 (#30059) * Chore: Rewrite models tags test to standard library (#30041) * Bump actions/setup-node from v1 to v2.1.4 (#29891) * Build(deps): Bump ini from 1.3.5 to 1.3.7 (#29787) * fall back to any architecture when getting plugin's checksum #30034 (#30035) * Lerna: Update to 3.22.1 (#30057) * SeriesToRows: Fixes issue in transform so that value field is always named Value (#30054) * [dashboard api] manage error when data in dashboard table is not valid json (#29999) * use sha256 checksum instead of md5 (#30018) * Chore: Rewrite brute force login protection test to standard library (#29986) * Chore: Rewrite login auth test to standard library (#29985) * Chore: Rewrite models dashboards test to standard library (#30023) * Chore: Rewrite models dashboard acl test to standard library (#30022) * Chore: Rewrite models alert test to standard library (#30021) * Chore: Rewrite ldap login test to standard library (#29998) * Chore: Rewrite grafana login test to standard library (#29997) * Fix two ini-file typos regarding LDAP (#29843) * Chore: Changes source map devtool to inline-source-map (#30004) * Chore: Sync Enterprise go.sum (#30005) * Chore: Add Enterprise dependencies (#29994) * SQLStore: customise the limit of retrieved datasources per organisation (#29358) * Chore: update crewjam/saml library to the latest master (#29991) * Graph: Fixes so users can not add annotations in readonly dash (#29990) * Currency: add Vietnamese dong (VND) (#29983) * Drone: Update pipelines for Enterprise (#29939) * Remove the bus from teamgroupsync (#29810) * Influx: Make variable query editor input uncontrolled (#29968) * PanelLibrary: Add PATCH to the API (#29956) * PanelEvents: Isolating angular panel events into it's own event bus + more event refactoring (#29904) * Bump node-notifier from 8.0.0 to 8.0.1 (#29952) * LDAP: Update use_ssl documentation (#29964) * Docs: Missing 's' on 'logs' (#29966) * Docs: Update opentsdb.md (#29963) * Docs: Minor typo correction (#29962) * librarypanels: Fix JSON field casing in tests (#29954) * TemplateSrv: Do not throw error for an unknown format but use glob as fallback and warn in the console (#29955) * PanelLibrary: Adds uid and renames title to name (#29944) * Docs: Fix raw format variable docs (#29945) * RedirectResponse: Implement all of api.Response (#29946) * PanelLibrary: Adds get and getAll to the api (#29772) * Chore: Remove duplicate interpolateString test (#29941) * Chore: Rewrite influxdb query parser test to standard library (#29940) * Folders: Removes the possibility to delete the General folder (#29902) * Chore: Convert tsdb request test to standard library (#29936) * Chore: Convert tsdb interval test to standard library (#29935) * Docs: Update configuration.md (#29912) * Docs: Update organization_roles.md (#29911) * Docs: Update _index.md (#29918) * GraphNG: bring back tooltip (#29910) * Ng Alerting: Remove scroll and fix SplitPane limiters (#29906) * Dashboard: Migrating dashboard settings to react (#27561) * Minor correction to explanation on correct MS SQL usage. (#29889) * AlertingNG: Create a scheduler to evaluate alert definitions (#29305) * Add changelog items for 7.3.6, 7.2.3 and 6.7.5 (#29901) * bump stable to 7.3.6 (#29899) * Upgrade go deps. (#29900) * Expressions: Replace query input fields with select. (#29816) * PanelEdit: Update UI if panel plugin changes field config (#29898) * Elasticsearch: Remove timeSrv dependency (#29770) * PanelEdit: Need new data after plugin change (#29874) * Chore(toolkit): disable react/prop-types for eslint config (#29888) * Field Config API: Add ability to hide field option or disable it from the overrides (#29879) * SharedQuery: Fixes shared query editor now showing queries (#29849) * GraphNG: support fill gradient (#29765) * Backend style guide: Add more guidelines (#29871) * Keep query keys consistent (#29855) * Alerting: Copy frame field labels to time series tags (#29886) * Update configure-docker.md (#29883) * Usage Stats: Introduce an interface for usage stats service (#29882) * DataFrame: add a writable flag to fields (#29869) * InlineForms: Changes to make inline forms more flexible for query editors (#29782) * Usage Stats: Allow to add additional metrics to the stats (#29774) * Fix the broken link of XORM documentation (#29865) * Move colors demo under theme colors (#29873) * Dashboard: Increase folder name size in search dashboard (#29821) * MSSQL: Config UI touches (#29834) * QueryOptions: Open QueryEditors: run queries after changing group options #29864 * GraphNG: uPlot 1.5.2, dynamic stroke/fill, Flot-style hover points (#29866) * Variables: Fixes so numerical sortorder works for options with null values (#29846) * GraphNG: only initialize path builders once (#29863) * GraphNG: Do not set fillColor from GraphNG only opacity (#29851) * add an example cloudwatch resource_arns() query that uses multiple tags (ref: #29499) (#29838) * Backend: Remove more globals (#29644) * MS SQL: Fix MS SQL add data source UI issues (#29832) * Display palette and colors for dark and light themes in storybook (#29848) * Docs: Fix broken link in logs-panel (#29833) * Docs: Add info about typing of connected props to Redux style guide (#29842) * Loki: Remove unnecessary deduplication (#29421) * Varibles: Fixes so clicking on Selected will not include All (#29844) * Explore/Logs: Correctly display newlines in detected fields (#29541) * Link suppliers: getLinks API update (#29757) * Select: Changes default menu placement for Select from auto to bottom (#29837) * Chore: Automatically infer types for dashgrid connected components (#29818) * Chore: Remove unused Loki and Cloudwatch syntax providers (#29686) * Pass row (#29839) * GraphNG: Context menu (#29745) * GraphNG: Enable scale distribution configuration (#29684) * Explore: Improve Explore performance but removing unnecessary re-renders (#29752) * DashboardDS: Fixes display of long queries (#29808) * Sparkline: Fixes issue with sparkline that sent in custom fillColor instead of fillOpacity (#29825) * Chore: Disable default golangci-lint filter (#29751) * Update style guide with correct usage of MS SQL (#29829) * QueryEditor: do not auto refresh on every update (#29762) * Chore: remove unused datasource status enum (#29827) * Expressions: support ${my var} syntax (#29819) * Docs: Update types-options.md (#29777) * Chore: Enable more go-ruleguard rules (#29781) * GraphNG: Load uPlot path builders lazily (#29813) * Elasticsearch: ensure query model has timeField configured in datasource settings (#29807) * Chore: Use Header.Set method instead of Header.Add (#29804) * Allow dependabot to check actions (#28159) * Grafana-UI: Support optgroup for MultiSelect (#29805) * Sliders: Update behavior and style tweak (#29795) * Grafana-ui: Fix collapsible children sizing (#29776) * Style guide: Document avoidance of globals in Go code (#29803) * Chore: Rewrite opentsdb test to standard library (#29792) * CloudWatch: Add support for AWS DirectConnect ConnectionErrorCount metric (#29583) * GraphNG: uPlot 1.5.1 (#29789) * GraphNG: update uPlot v1.5.0 (#29763) * Added httpMethod to webhook (#29780) * @grafana-runtime: Throw error if health check fails in DataSourceWithBackend (#29743) * Explore: Fix remounting of query row (#29771) * Expressions: Add placeholders to hint on input (#29773) * Alerting: Next gen Alerting page (#28397) * GraphNG: Add test dashboard for null & and gaps rendering (#29769) * Expressions: Field names from refId (#29755) * Plugins: Add support for signature manifest V2 (#29240) * Chore: Configure go-ruleguard via golangci-lint (#28419) * Move middleware context handler logic to service (#29605) * AlertListPanel: Add options to sort by Time(asc) and Time(desc) (#29764) * PanelLibrary: Adds delete Api (#29741) * Tracing: Release trace to logs feature (#29443) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29753) * DataSourceSettings: Add servername field to DataSource TLS config (#29279) * Chore: update stable and testing versions (#29748) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29744) * Elasticsearch: View in context feature for logs (#28764) * Chore: Disable gosec on certain line (#29382) * Logging: log frontend errors caught by ErrorBoundary, including component stack (#29345) * ChangePassword: improved keyboard navigation (#29567) * GrafanaDataSource: Fix selecting -- Grafana -- data source, broken after recent changes (#29737) * Docs: added version note for rename by regex transformation. (#29735) * @grafana/ui: Fix UI issues for cascader button dropdown and query input (#29727) * Docs: Update configuration.md (#29728) * Docs: Remove survey (#29549) * Logging: rate limit fronted logging endpoint (#29272) * API: add Status() to RedirectResponse (#29722) * Elasticsearch: Deprecate browser access mode (#29649) * Elasticsearch: Fix query initialization action (#29652) * PanelLibrary: Adds api and db to create Library/Shared/Reusable Panel (#29642) * Transformer: Rename metrics based on regex (#29281) * Variables: Fixes upgrade of legacy Prometheus queries (#29704) * Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29650) * DataFrame: add path and description metadata (#29695) * Alerting: Use correct time series name override from frame fields (#29693) * GraphNG: fix bars migration and support color and linewidth (#29697) * PanelHeader: Fix panel header description inline code wrapping (#29628) * Bugfix 29848: Remove annotation_tag entries as part of annotations cleanup (#29534) * GraphNG: simple settings migration from flot panel (#29599) * GraphNG: replace bizcharts with uPlot for sparklines (#29632) * GitHubActions: Update node version in github action (#29683) * Adds go dep used by an Enterprise feature. (#29645) * Typescript: Raise strict error limit for enterprise (#29688) * Remove unnecessary escaping (#29677) * Update getting-started-prometheus.md (#29678) * instrumentation: align label name with our other projects (#29514) * Typescript: Fixing typescript strict error, and separate check from publishing (#29679) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) * Docs: Plugin schema updates (#28232) * RadioButton: Fix flex issue in master for radio buttons (#29664) * Update getting-started.md (#29670) * Expr: fix time unit typo in ds queries (#29668) * Expr: make reduction nan/null more consistent (#29665) * Expr: fix func argument panic (#29663) * Update documentation-style-guide.md (#29661) * Update documentation-markdown-guide.md (#29659) * Docs: Changed image format (#29658) * Expr: fix failure to execute due to OrgID (#29653) * GraphNG: rename "points" to "showPoints" (#29635) * Expressions: Restore showing expression query editor even if main data source is not mixed (#29656) * GraphNG: time range should match the panel timeRange (#29596) * Support svg embedded favicons in whitelabeling (#29436) * Add changelog to docs style guide (#29581) * Loki: Retry web socket connection when connection is closed abnormally (#29438) * GraphNG: Fix annotations and exemplars plugins (#29613) * Chore: Rewrite tsdb sql engine test to standard library (#29590) * GraphNG: fix and optimize spanNulls (#29633) * Build(deps): Bump highlight.js from 10.4.0 to 10.4.1 (#29625) * Cloudwatch: session cache should use UTC consistently (#29627) * GraphNG: rename GraphMode to DrawStyle (#29623) * GraphNG: add spanNulls config option (#29512) * Docs: add docs for concatenate transformer (#28667) * Stat/Gauge: expose explicit font sizing (#29476) * GraphNG: add gaps/nulls support to staircase & smooth interpolation modes (#29593) * grafana/ui: Migrate Field knobs to controls (#29433) * Prometheus: Fix link to Prometheus graph in dashboard (#29543) * Build: Publish next and latest npm channels to Github (#29615) * Update broken aliases (#29603) * API: add ID to snapshot API responses (#29600) * Elasticsearch: Migrate queryeditor to React (#28033) * QueryGroup & DataSourceSrv & DataSourcePicker changes simplify usage, error handling and reduce duplication, support for uid (#29542) * Elastic: Fixes config UI issues (#29608) * GraphNG: Fix issues with plugins not retrieving plot instance (#29585) * middleware: Make scenario test functions take a testing.T argument (#29564) * Grafana/ui: Storybook controls understand component types (#29574) * Login: Fixes typo in tooltip (#29604) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) * Chore: Rewrite sqlstore migration test to use standard library (#29589) * Chore: Rewrite tsdb prometheus test to standard library (#29592) * Security: Add gosec G304 auditing annotations (#29578) * Chore: Rewrite tsdb testdatasource scenarios test to standard library (#29591) * Docs: Add missing key to enable SigV4 for provisioning Elasticsearch data source (#29584) * Add Microsoft.Network/natGateways (#29479) * Update documentation-style-guide.md (#29586) * @grafana/ui: Add bell-slash to available icons (#29579) * Alert: Fix forwardRef warning (#29577) * Update documentation-style-guide.md (#29580) * Chore: Upgrade typescript to 4.1 (#29493) * PanelLibrary: Adds library_panel table (#29565) * Make build docker full fix (#29570) * Build: move canary packages to github (#29411) * Devenv: Add default db for influxdb (#29371) * Chore: Check errors from Close calls (#29562) * GraphNG: support auto and explicit axis width (#29553) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) * Middleware: Rewrite tests to use standard library (#29535) * Overrides: show category on the overrides (#29556) * GraphNG: Bars, Staircase, Smooth modes (#29359) * Docs: Fix docs sync actions (#29551) * Chore: Update dev guide node version for Mac (#29548) * Docs: Update formatting-multi-value-variables.md (#29547) * Arrow: toArray() on nullable values should include null values (#29520) * Docs: Update syntax.md (#29545) * NodeJS: Update to LTS (14) (#29467) * Docs: Update repeat-panels-or-rows.md (#29540) * 3 minor changes, including updating the title TOC (#29501) * Auth proxy: Return standard error type (#29502) * Data: use pre-defined output array length in vectorToArray() (#29516) * Dashboards: hide playlist edit functionality from viewers and snapshots link from unauthenticated users (#28992) * docker: use yarn to build (#29538) * QueryEditors: Refactoring & rewriting out dependency on PanelModel (#29419) * Chore: skip flaky tests (#29537) * Graph NG: Invalidate uPlot config on timezone changes (#29531) * IntelliSense: Fix autocomplete and highlighting for Loki, Prometheus, Cloudwatch (#29381) * Variables: Fixes Textbox current value persistence (#29481) * OptionsEditor: simplify the options editor interfaces (#29518) * Icon: Changed the icon for signing in (#29530) * fixes bug with invalid handler name for metrics (#29529) * Middleware: Simplifications (#29491) * GraphNG: simplify effects responsible for plot updates/initialization (#29496) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) * AzureMonitor: Unit MilliSeconds naming (#29399) * Devenv: update mysql_tests and postgres_tests blocks for allowing dynamically change of underlying docker image (#29525) * Chore: Enable remaining eslint-plugin-react rules (#29519) * Docs/Transformations: Add documentation about Binary operations in Add field from calculation (#29511) * Datasources: fixed long error message overflowing container (#29440) * docker: fix Dockerfile after Gruntfile.js removed (#29515) * Chore: Adds Panel Library featuretoggle (#29521) * Docs: Update filter-variables-with-regex.md (#29508) * Docs: InfluxDB_V2 datasource: adding an example on how to add InfluxQL as a datasource (#29490) * Loki: Add query type and line limit to query editor in dashboard (#29356) * Docs: Added Security Group support to Azure Auth (#29418) * DataLinks: Removes getDataSourceSettingsByUid from applyFieldOverrides (#29447) * Bug: trace viewer doesn't show more than 300 spans (#29377) * Live: publish all dashboard changes to a single channel (#29474) * Chore: Enable eslint-plugin-react partial rules (#29428) * Alerting: Update alertDef.ts with more time options (#29498) * DataSourceSrv: Look up data source by uid and name transparently (#29449) * Instrumentation: Add examplars for request histograms (#29357) * Variables: Fixes Constant variable persistence confusion (#29407) * Docs: Fix broken link for plugins (#29346) * Prometheus: don't override displayName property (#29441) * Grunt: Removes grunt dependency and replaces some of its usage (#29461) * Transformation: added support for excluding/including rows based on their values. (#26884) * Chore: Enable exhaustive linter (#29458) * Field overrides: added matcher to match all fields within frame/query. (#28872) * Log: Use os.Open to open file for reading (#29483) * MinMax: keep global min/main in field state (#29406) * ReactGridLayout: Update dependency to 1.2 (#29455) * Jest: Upgrade to latest (#29450) * Chore: bump grafana-ui rollup dependencies (#29315) * GraphNG: use uPlot's native ms support (#29445) * Alerting: Add support for Sensu Go notification channel (#28012) * adds tracing for all bus calls that passes ctx (#29434) * prometheus: Improve IsAPIError's documentation (#29432) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29430) * Elasticsearch: Fix index pattern not working with multiple base sections (#28348) * Plugins: Add support for includes' icon (#29416) * Docs: fixing frontend docs issue where enums ending up in wrong folder level. (#29429) * Variables: Fixes issue with upgrading legacy queries (#29375) * Queries: Extract queries from dashboard (#29349) * Docs: docker -> Docker (#29331) * PanelEvents: Refactors and removes unnecessary events, fixes panel editor update issue when panel options change (#29414) * Fix: Correct panel edit uistate migration (#29413) * Alerting: Improve Prometheus Alert Rule error message (#29390) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) * remove insecure cipher suit as default option (#29378) * * prometheus fix variables fetching when customQueryParameters used #28907 (#28949) * Chore: Removes observableTester (#29369) * Chore: Adds e2e tests for Variables (#29341) * Fix gosec finding of unhandled errors (#29398) * Getting started with Grafana and MS SQL (#29401) * Arrow: cast timestams to Number (#29402) * Docs: Add Cloud content links (#29317) * PanelEditor: allow access to the eventBus from panel options (#29327) * GraphNG: support x != time in library (#29353) * removes unused golint file (#29391) * prefer server cipher suites (#29379) * Panels/DashList: Fix order of recent dashboards (#29366) * Core: Move SplitPane layout from PanelEdit. (#29266) * Drone: Upgrade build pipeline tool (#29365) * Update yarn.lock to use latest rc-util (#29313) * Variables: Adds description field (#29332) * Chore: Update latest.json (#29351) * Drone: Upload artifacts for release branch builds (#29297) * Docs: fixing link issues in auto generated frontend docs. (#29326) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) * Devenv: adding default credentials for influxdb (#29344) * Drone: Check CUE dashboard schemas (#29334) * Backend: fix IPv6 address parsing erroneous (#28585) * dashboard-schemas cue 3.0.0 compatible (#29352) * Update documentation-style-guide.md (#29354) * Docs: Update requirements.md (#29350) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29347) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29338) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) * Add an option to hide certain users in the UI (#28942) * Guardian: Rewrite tests from goconvey (#29292) * Docs: Fix editor role and alert notification channel description (#29301) * Docs: Improve custom Docker image instructions (#29263) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 * Chore: Bump storybook to v6 (#28926) * ReleaseNotes: Updates release notes link in package.json (master) (#29329) * Docs: Accurately reflecting available variables (#29302) * Heatmap: Fixes issue introduced by new eventbus (#29322) * Dashboard Schemas (#28793) * devenv: Add docker load test which authenticates with API key (#28905) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) * InfluxDB: update flux library and support boolean label values (#29310) * Explore/Logs: Update Parsed fields to Detected fields (#28881) * GraphNG: Init refactorings and fixes (#29275) * fixing a broken relref link (#29312) * Drone: Upgrade build pipeline tool (#29308) * decreasing frontend docs threshold. (#29304) * Docker: update docker root group docs and docker image (#29222) * WebhookNotifier: Convert tests away from goconvey (#29291) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) * [graph-ng] add temporal DataFrame alignment/outerJoin & move null-asZero pass inside (#29250) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) * make it possible to hide change password link in profile menu (#29246) * Theme: Add missing color type (#29265) * Chore: Allow reducerTester to work with every data type & payload-less actions (#29241) * Explore/Prometheus: Update default query type option to "Both" (#28935) * Loki/Explore: Add query type selector (#28817) * Variables: New Variables are stored immediately (#29178) * reduce severity level to warning (#28939) * Units: Changes FLOP/s to FLOPS and some other rates per second units get /s suffix (#28825) * Docs: Remove duplicate "Transformations overview" topics from the TOC (#29247) * Docs: Fixed broken relrefs and chanfed TOC entry name from Alerting to Alerts. (#29251) * Docs: Remove duplicate Panel overview topic. (#29248) * Increase search limit on team add user and improve placeholder (#29258) * Fix warnings for conflicting style rules (#29249) * Make backwards compatible (#29212) * Minor cosmetic markdown tweaks in docs/cloudwatch.md (#29238) * Getting Started: Updated index topic, removed "what-is-grafana", and adjusted weight o??? (#29216) * BarGauge: Fix story for BarGauge, caused knobs to show for other stories (#29232) * Update glossary to add hyperlinks to Explore and Transformation entries (#29217) * Chore: Enable errorlint linter (#29227) * TimeRegions: Fixed issue with time regions and tresholds due to angular js upgrade (#29229) * CloudWatch: Support request cancellation properly (#28865) * CloudMonitoring: Support request cancellation properly (#28847) * Chore: Handle wrapped errors (#29223) * Expressions: Move GEL into core as expressions (#29072) * Chore: remove compress:release grunt task (#29225) * Refactor/Explore: Inline datasource actions into initialisation (#28953) * Fix README typo (#29219) * Grafana UI: Card API refactor (#29034) * Plugins: Changed alertlist alert url to view instead of edit (#29060) * React: Upgrading react to v17, wip (#29057) * Gauge: Tweaks short value auto-sizing (#29197) * BackendSrv: support binary responseType like $http did (#29004) * GraphNG: update the options config (#28917) * Backend: Fix build (#29206) * Permissions: Validate against Team/User permission role update (#29101) * ESlint: React fixes part 1 (#29062) * Tests: Adds expects for observables (#28929) * Variables: Adds new Api that allows proper QueryEditors for Query variables (#28217) * Introduce eslint-plugin-react (#29053) * Automation: Adds GitHub release action (#29194) * Refactor declarative series configuration to a config builder (#29106) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29189) * Panels: fix positioning of the header title (#29167) * trace user login and datasource name instead of id (#29183) * playlist: Improve test (#29120) * Drone: Fix publish-packages invocation (#29179) * Table: Fix incorrect condtition for rendering table filter (#29165) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29169) * CloudWatch: added HTTP API Gateway specific metrics and dimensions (#28780) * Release: Adding release notes for 7.3.3 (#29168) * SQL: Define primary key for tables without it (#22255) * changed link format from MD to HTML (#29163) * Backend: Rename variables for style conformance (#29097) * Docs: Fixes what'new menu and creates index page, adds first draft of release notes to docs (#29158) * Drone: Upgrade build pipeline tool and build image (#29161) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#29160) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29159) * Chore: Upgrade Go etc in build images (#29157) * Chore: Remove unused Go code (#28852) * API: Rewrite tests from goconvey (#29091) * Chore: Fix linting issues caught by ruleguard (#28799) * Fix panic when using complex dynamic URLs in app plugin routes (#27977) * Snapshots: Fixes so that dashboard snapshots show data when using Stat, Gauge, BarGauge or Table panels (#29031) * Fix authomation text: remove hyphen (#29149) * respect fronted-logging.enabled flag (#29107) * build paths in an os independent way (#29143) * Provisioning: always pin app to the sidebar when enabled (#29084) * Automation: Adds new changelog actions (#29142) * Chore: Rewrite preferences test from GoConvey to stdlib and testify (#29129) * Chore: Upgrade Go dev tools (#29124) * Automation: Adding version bump action * DataFrames: add utility function to check if structure has changed (#29006) * Drone: Fix Drone config verification for enterprise on Windows (#29118) * Chore: Require OrgId to be specified in delete playlist command (#29117) * Plugin proxy: Handle URL parsing errors (#29093) * Drone: Verify Drone config at beginning of pipelines (#29071) * Legend/GraphNG: Refactoring legend types and options (#29067) * Doc: Update documentation-style-guide.md (#29082) * Chore: Bumps types for jest (#29098) * LogsPanel: Fix scrolling in dashboards (#28974) * sort alphabetically unique labels, labels and parsed fields (#29030) * Data source proxy: Convert 401 from data source to 400 (#28962) * Plugins: Implement testDatasource for Jaeger (#28916) * Update react-testing-library (#29061) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) * StatPanel: Fixes hanging issue when all values are zero (#29077) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) * Chore: Convert API tests to standard Go lib (#29009) * Update README.md (#29075) * Update CODEOWNERS (#28906) * Enhance automation text for missing information (#29052) * GraphNG: Adding ticks test dashboard and improves tick spacing (#29044) * Chore: Migrate Dashboard List panel to React (#28607) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) * Plugins: Bring back coreplugin package (#29064) * Add 'EventBusName' dimension to CloudWatch 'AWS/Events' namespace (#28402) * CloudWatch: Add support for AWS/ClientVPN metrics and dimensions (#29055) * AlertingNG: manage and evaluate alert definitions via the API (#28377) * Fix linting issues (#28811) * Logging: Log frontend errors (#28073) * Fix for multi-value template variable for project selector (#29042) * Chore: Rewrite test helpers from GoConvey to stdlib (#28919) * GraphNG: Fixed axis measurements (#29036) * Fix links to logql docs (#29037) * latest 7.3.2 (#29041) * Elasticsearch: Add Moving Function Pipeline Aggregation (#28131) * changelog 7.3.2 (#29038) * MutableDataFrame: Remove unique field name constraint and values field index and unused/seldom used stuff (#27573) * Fix prometheus docs related to query variable (#29027) * Explore: support ANSI colors in live logs (#28895) * Docs: Add documentation about log levels (#28975) * Dashboard: remove usage of Legacyforms (#28707) * Docs: Troubleshoot starting docker containers on Mac (#28754) * Elasticsearch: interpolate variables in Filters Bucket Aggregation (#28969) * Chore: Bump build pipeline version (#29023) * Annotations: Fixes error when trying to create annotation when dashboard is unsaved (#29013) * TraceViewer: Make sure it does not break when no trace is passed (#28909) * Thresholds: Fixes color assigned to null values (#29010) * Backend: Remove unused code (#28933) * Fix documentation (#28998) * Tracing: Add setting for sampling server (#29011) * Logs Panel: Fix inconsistent higlighting (#28971) * MySQL: Update README.md (#29003) * IntervalVariable: Fix variable tooltip (#28988) * StatPanels: Fixes auto min max when latest value is zero (#28982) * Chore: Fix SQL related Go variable naming (#28887) * MSSQL: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#28809) * Variables: Fixes loading with a custom all value in url (#28958) * Backend: Adds route for well-known change password URL (#28788) * docs: fix repeated dashboards link (#29002) * LogsPanel: Don't show scroll bars when not needed (#28972) * Drone: Fix docs building (#28986) * StatPanel: Fixed center of values in edge case scenarios (#28968) * Update getting-started-prometheus.md (#28502) * Docs: fix relref (#28977) * Docs: Minor docs update * Docs: Another workflow docs update * Docs: Workflow minor edit * Docs: Another minor edit * Docs: Update PR workflow docs * Docs: Update bot docs * StatPanels: set default to last (#28617) * Tracing: log traceID in request logger (#28952) * start tracking usage stats for tempo (#28948) * Docs: Update bot docs * GrafanaBot: Update labels and commands and adds docs (#28950) * Docs: updates for file-based menu (#28500) * Grot: Added command/label to close feature requests with standard message (#28937) * GraphNG: Restore focus option (#28946) * Docs: Fix links (#28945) * Short URL: Cleanup unvisited/stale short URLs (#28867) * GraphNG: Using new VizLayout, moving Legend into GraphNG and some other refactorings (#28913) * CloudWatch Logs: Change what we use to measure progress (#28912) * Chore: use jest without grunt (#28558) * Chore: Split Explore redux code into multiple sections (#28819) * TestData: Fix issue with numeric inputs in TestData query editor (#28936) * setting: Fix tests on Mac (#28886) * Plugins signing: Fix docs urls (#28930) * Field color: handling color changes when switching panel types (#28875) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) * CodeEditor: added support for javascript language (#28818) * Update CHANGELOG.md (#28928) * Plugins: allow override when allowing unsigned plugins (#28901) * Chore: Fix spelling issue (#28904) * Grafana-UI: LoadingPlaceholder docs (#28874) * Gauge: making sure threshold panel json is correct before render (#28898) * Chore: Rewrite test in GoConvey to stdlib and testify (#28918) * Update documentation-style-guide.md (#28908) * Adding terms to glossary (#28884) * Devenv: Fix Prometheus basic auth proxy (#28889) * API: replace SendLoginLogCommand with LoginHook (#28777) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) * Loki: Correct grammar in DerivedFields.tsx (#28885) * Docs: Update list of Enterprise plugins (#28882) * Live: update centrifuge and the ChannelHandler api (#28843) * Update share-panel.md (#28880) * CRLF (#28822) * PanelHeader: show streaming indicator (and allow unsubscribe) (#28682) * Docs: Plugin signing docs (#28671) * Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Elasticsearch: Filter pipeline aggregations from order by options (#28620) * Variables: added __user.email to global variable (#28853) * Fix titles case and add missing punctuation marks (#28713) * VizLayout: Simple viz layout component for legend placement and scaling (#28820) * Chore: Fix staticcheck issues (#28860) * Chore: Fix staticcheck issues (#28854) * Disable selecting enterprise plugins with no license (#28758) * Tempo: fix test data source (#28836) * Prometheus: fix missing labels from value (#28842) * Chore: Fix issues found by staticcheck (#28802) * Chore: Remove dead code (#28664) * Units: added support to handle negative fractional numbers. (#28849) * Variables: Adds variables inspection (#25214) * Marked: Upgrade and always sanitize by default (#28796) * Currency: add Philippine peso currency (PHP) (#28823) * Alert: Remove z-index on Alert component so that it does not overlay ontop of other content (#28834) * increase blob column size for encrypted dashboard data (#28831) * Gauge: Improve font size auto sizing (#28797) * grafana/toolkit: allow builds with lint warnings (#28810) * core and grafana/toolkit: Use latest version of grafana-eslint-conifg (#28816) * Icon: Replace font awesome icons where possible (#28757) * Remove homelinks panel (#28808) * StatPanels: Add new calculation option for percentage difference (#26369) * Dashboard: Add Datetime local (No date if today) option in panel axes' units (#28011) * Variables: Adds named capture groups to variable regex (#28625) * Panel inspect: Interpolate variables in panel inspect title (#28779) * grafana/toolkit: Drop console and debugger statements by default when building plugin with toolkit (#28776) * Variables: Fixes URL values for dependent variables (#28798) * Graph: Fixes event emit function error (#28795) * Adds storybook integrity check to drone config (#28785) * Live: improve broadcast semantics and avoid double posting (#28765) * Events: Remove unused or unnecessary events (#28783) * Docs: added code comments to frontend packages. (#28784) * Plugin Dockerfiles: Upgrade Go, golangci-lint, gcloud SDK (#28767) * Dependencies: Update angularjs to 1.8.2 (#28736) * EventBus: Introduces new event bus with emitter backward compatible interface (#27564) * ColorSchemes: Add new color scheme (#28719) * Docs: Add NGINX example for using websockets to Loki (#27998) * Docs: Made usage of config/configuration consistent #19270 (#28167) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) * Drone: Upgrade build pipeline tool (#28769) * devenv: Upgrade MSSQL Docker image (#28749) * Docs: Add docs for InfoBox component (#28705) * Reoeragnization. (#28760) * gtime: Add ParseDuration function (#28525) * Explore: Remove redundant decodeURI and fix urls (#28697) * Dashboard: fix view panel mode for Safari / iOS (#28702) * Provisioning: Fixed problem with getting started panel being added to custom home dashboard (#28750) * LoginPage: Removed auto-capitalization from the login form (#28716) * Plugin page: Fix dom validation warning (#28737) * Migration: Remove LegacyForms from dashboard folder permissions (#28564) * Dependencies: Remove unused dependency (#28711) * AlertRuleList: Add keys to alert rule items (#28735) * Chore: Pin nginx base image in nginx proxy Dockerfiles (#28730) * Drone: Upgrade build-pipeline tool (#28728) * TableFilters: Fixes filtering with field overrides (#28690) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) * Fix typo in unsigned plugin warning (#28709) * Chore: Convert sqlstore annotation test from GoConvey to testify (#28715) * updates from https://github.com/grafana/grafana/pull/28679 (#28708) * Chore: Add some scenario tests for Explore (#28534) * Update latest version to 7.3.1 (#28701) * Changelog update - 7.3.1 (#28699) * Drone: Don't build on Windows for PRs (#28663) * Build: changing docs docker image to prevent setting up frontend devenv. (#28670) * Prometheus: Fix copy paste behaving as cut and paste (#28622) * Loki: Fix error when some queries return zero results (#28645) * Chore: allow higher nodejs version than 12 (#28624) * TextPanel: Fixes problems where text panel would show old content (#28643) * PanelMenu: Fixes panel submenu not being accessible for panels close to the right edge of the screen (#28666) * Cloudwatch: Fix duplicate metric data (#28642) * Add info about CSV download for Excel in What's new article (#28661) * Docs: Describe pipeline aggregation changes in v7.3 (#28660) * Plugins: Fix descendent frontend plugin signature validation (#28638) * Docker: use root group in the custom Dockerfile (#28639) * Bump rxjs to 6.6.3 (#28657) * StatPanel: Fixed value being under graph and reduced likley hood for white and dark value text mixing (#28641) * Table: Fix image cell mode so that it works with value mappings (#28644) * Build: support custom build tags (#28609) * Plugin signing: Fix copy on signed plugin notice (#28633) * Dashboard: Fix navigation from one SoloPanelPage to another one (#28578) * CloudWatch: Improve method name, performance optimization (#28632) * Developer guide: Update wrt. Windows (#28559) * Docs: Update graph panel for tabs (#28552) * update latest.json (#28603) * Docs: data source insights (#28542) * Field config API: add slider editor (#28007) * changelog: update for 7.3.0 (#28602) * Update uPlot to 1.2.2 and align timestamps config with new uPLot API (#28569) * Live: updated the reference to use lazy loaded Monaco in code editor. (#28597) * Dashboard: Allow add panel for viewers_can_edit (#28570) * Docs: Data source provisioning and sigV4 (#28593) * Docs: Additional 7.3 upgrade notes (#28592) * CI: Add GCC to Windows Docker image (#28562) * CloudWatch Logs queue and websocket support (#28176) * Explore/Loki: Update docs and cheatsheet (#28541) * Grafana-UI: Add Card component (#28216) * AddDatasource: Improve plugin categories (#28584) * StatPanel: Fixes BizChart error max: yyy should not be less than min zzz (#28587) * docs: a few tweaks for clarity and readability (#28579) * API: Reducing some api docs errors (#28575) * Grafana-UI: ContextMenu docs (#28508) * Short URL: Update last seen at when visiting a short URL (#28565) * Fix backend build on Windows (#28557) * add value prop (#28561) * Plugin signing: UI information (#28469) * Use fetch API in InfluxDB data source (#28555) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) * Docs: Update generic-oauth.md (#28517) * GCS image uploader: Add tests (#28521) * Move metrics collector queries to config (#28549) * Plugins: Fix plugin URL paths on Windows (#28548) * API: add login username in SendLoginLogCommand (#28544) * AzureMonitor: Support decimal (as float64) type in analytics/logs (#28480) * Auth: Fix SigV4 request verification step for Amazon Elasticsearch Service (#28481) * Grafana/ui: auto focus threshold editor input (#28360) * Docs: SigV4 What's New and AWS Elasticsearch documentation (#28506) * Drone: Upgrade build pipeline tool (#28533) * Drone: Refactor version branch pipeline logic (#28531) * Drone: Upgrade build-pipeline tool (#28520) * Docs: Update field color scheme docs and 7.3 what's new (#28496) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) * Currency: Adds Indonesian IDR currency (#28363) * Chore: Fix flaky sqlstore annotation test (#28527) * Checkbox: Fix component sample typo (#28518) * Image uploader: Fix uploading of images to GCS (#26493) * OAuth: Support Forward OAuth Identity for backend data source plugins (#27055) * Updated documentation style guide (#28488) * Cloud Monitoring: Fix help section for aliases (#28499) * Docs: what's new in enterprise 7.3 (#28472) * Plugins: Track plugin signing errors and expose them to the frontend (#28219) * Elasticsearch: Fix handling of errors when testing data source (#28498) * Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158) * Drone: Don't build Windows installer for version branches (#28494) * Docs: Grafana Enterprise auditing feature (#28356) * Drone: Add version branch pipeline (#28490) * Getting Started section rehaul (#28090) * Docs: Add survey content (#28446) * Docs: Update prometheus.md (#28483) * Docs: Add view settings and view stats (#28155) * Remove entry from 7.3.0-beta2 Changelog (#28478) * Circle: Remove release pipeline (#28474) * Update latest.json (#28476) * Switch default version to Graphite 1.1 (#28471) * Plugin page: update readme icon (#28465) * Chore: Update changelog (#28473) * Explore: parse time range fix (#28467) * Alerting: Log alert warnings for obsolete notifiers when extracting alerts and remove spammy error (#28162) * Shorten url: Unification across Explore and Dashboards (#28434) * Explore: Support wide data frames (#28393) * Docs: updated cmd to build docs locally to generate docs prior to building site. (#28371) * Live: support real time measurements (alpha) (#28022) * CloudWatch/Athena - valid metrics and dimensions. (#28436) * Chore: Use net.JoinHostPort (#28421) * Chore: Upgrade grafana-eslint to latest (#28444) * Fix cut off icon (#28442) * Docs: Add shared (#28411) * Loki: Visually distinguish error logs for LogQL2 (#28359) * Database; Remove database metric feature flag and update changelog (#28438) * TestData: multiple arrow requests should return multiple frames (#28417) * Docs: Test survey code (#28437) * Docs: improved github action that syncs docs to website (#28277) * update latest.json with latest stable version (#28433) * 7.2.2 changelog update (#28406) * plugins: Don't exit on duplicate plugin (#28390) * API: Query database from /api/health endpoint (#28349) * Chore: Fix conversion of a 64-bit integer to a lower bit size type uint (#28425) * Prometheus: fix parsing of infinite sample values (#28287) (#28288) * Chore: Rewrite some tests to use testify (#28420) * Plugins: do not remount app plugin on nav change (#28105) * App Plugins: Add backend support (#28272) * Chore: react hooks eslint fixes in grafana-ui (#28026) * ci-e2e: Add Git (#28410) * TestData: Remove useEffect that triggeres query on component load (#28321) * FieldColor: Remove inverted color scheme (#28408) * Chore: Set timezone for tests to non utc. (#28405) * Chore: fix jsdoc desc and return (#28383) * Docs: Fixing v51 link (#28396) * fixes windows crlf warning (#28346) * Grafana/ui: pass html attributes to segment (#28316) * Alerting: Return proper status code when trying to create alert notification channel with duplicate name or uid (#28043) * OAuth: Able to skip auto login (#28357) * CloudWatch: Fix custom metrics (#28391) * Docs: Adds basic frontend data request concepts (#28253) * Instrumentation: Add histogram for request duration (#28364) * remove status label from histogram (#28387) * OAuth: configurable user name attribute (#28286) * Component/NewsPanel: Add rel="noopener" to NewsPanel links (#28379) * Webpack: Split out unicons and bizcharts (#28374) * Explore: Fix date formatting in url for trace logs link (#28381) * Docs: Add activate-license (#28156) * Instrumentation: Add counters and histograms for database queries (#28236) * Docs: Make tables formatting more consistent (#28164) * CloudWatch: Adding support for additional Amazon CloudFront metrics (#28378) * Add unique ids to query editor fields (#28376) * Plugins: Compose filesystem paths with filepath.Join (#28375) * Explore: Minor tweaks to exemplars marble (#28366) * Instrumentation: Adds environment_info metric (#28355) * AzureMonitor: Fix capitalization of NetApp 'volumes' namespace (#28369) * ColorSchemes: Adds more color schemes and text colors that depend on the background (#28305) * Automation: Update backport github action trigger (#28352) * Dashboard links: Places drop down list so it's always visible (#28330) * Docs: Add missing records from grafana-ui 7.2.1 CHANGELOG (#28302) * Templating: Replace all '$tag' in tag values query (#28343) * Docs: Add docs for valuepicker (#28327) * Git: Create .gitattributes for windows line endings (#28340) * Update auth-proxy.md (#28339) * area/grafana/toolkit: update e2e docker image (#28335) * AlertingNG: remove warn/crit from eval prototype (#28334) * Automation: Tweaks to more info message (#28332) * Loki: Run instant query only when doing metric query (#28325) * SAML: IdP-initiated SSO docs (#28280) * IssueTriage: Needs more info automation and messages (#28137) * GraphNG: Use AxisSide enum (#28320) * BackendSrv: Fixes queue countdown when unsubscribe is before response (#28323) * Automation: Add backport github action (#28318) * Build(deps): Bump http-proxy from 1.18.0 to 1.18.1 (#27507) * Bump handlebars from 4.4.3 to 4.7.6 (#27416) * Bump tree-kill from 1.2.1 to 1.2.2 (#27405) * Loki: Base maxDataPoints limits on query type (#28298) * Explore: respect min_refresh_interval (#27988) * Drone: Use ${DRONE_TAG} in release pipelines, since it should work (#28299) * Graph NG: fix toggling queries and extract Graph component from graph3 panel (#28290) * fix: for graph size not taking up full height or width * should only ignore the file in the grafana mixin root folder (#28306) * Drone: Fix grafana-mixin linting (#28308) * SQLStore: Run tests as integration tests (#28265) * Chore: Add cloud-middleware as code owners (#28310) * API: Fix short URLs (#28300) * CloudWatch: Add EC2CapacityReservations Namespace (#28309) * Jaeger: timeline collapser to show icons (#28284) * update latest.json with latest beta version (#28293) * Update changelog (#28292) * Docs : - Added period (#28260) * Add monitoring mixing for Grafana (#28285) * Chore: Update package.json (#28291) * Drone: Fix enterprise release pipeline (#28289) * Alerting: Append appSubUrl to back button on channel form (#28282) - Rework package Makefile & README now that Grunt is gone - Update to version 7.3.6: * fixes for saml vulnerability * [v7.3.x] Fix: Correct panel edit uistate migration (#29413) (#29711) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) (#29726) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) (#29723) * "Release: Updated versions in package to 7.3.5" (#29710) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) (#29709) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) (#29708) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) (#29707) * [v7.3.x] Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29705) * Alerting: Use correct time series name override from frame fields (#29693) (#29698) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) (#29687) * Adds go dep used by an Enterprise feature. (#29645) (#29690) * instrumentation: align label name with our other projects (#29514) (#29685) * Instrumentation: Add examplars for request histograms (#29357) (#29682) * Login: Fixes typo in tooltip (#29604) (#29606) * fixes bug with invalid handler name for metrics (#29529) (#29532) * AzureMonitor: Unit MilliSeconds naming (#29399) (#29526) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) (#29527) * Bug: trace viewer doesn't show more than 300 spans (#29377) (#29504) * Prometheus: don't override displayName property (#29441) (#29488) * resolve conflicts (#29415) * Drone: Upgrade build pipeline tool (#29365) (#29368) * Drone: Upload artifacts for release branch builds (#29297) (#29364) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) (#29363) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) (#29343) * Docs: Fix editor role and alert notification channel description (#29301) (#29337) * "Release: Updated versions in package to 7.3.4" (#29336) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 (#29335) * Backport of InfluxDB: update flux library and support boolean label values #29333 * ReleaseNotes: Update link in package.json (#29328) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) (#29323) * Drone: Upgrade build pipeline tool (#29308) (#29309) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) (#29285) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) (#29278) * Increase search limit on team add user and improve placeholder (#29258) (#29261) * Drone: Sync with master (#29205) * Drone: Fix publish-packages invocation (#29179) (#29184) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) (#29180) * Table: Fix incorrect condtition for rendering table filter (#29165) (#29181) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) (#29177) * Drone: Upgrade build pipeline tool and build image (#29161) (#29162) * Release: Updated versions in package to 7.3.3 (#29126) * git cherry-pick -x 0f3bebb38daa488e108881ce17d4f68167a834e6 (#29155) * Build: support custom build tags (#28609) (#29128) * Revert "Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088)" (#29151) * Provisioning: always pin app to the sidebar when enabled (#29084) (#29146) * build paths in an os independent way (#29143) (#29147) * Chore: Upgrade Go dev tools (#29124) (#29132) * Automatin: set node version * Automation: Adding version bump action * Drone: Fix Drone config verification for enterprise on Windows (#29118) (#29119) * [v7.3.x] Drone: Verify Drone config at beginning of pipelines (#29111) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) (#29068) * [v7.3.x] StatPanel: Fixes hanging issue when all values are zero (#29087) * Data source proxy: Convert 401 from data source to 400 (#28962) (#29095) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) (#29086) * Fix for multi-value template variable for project selector (#29042) (#29054) * Thresholds: Fixes color assigned to null values (#29010) (#29018) * [v7.3.x] Chore: Bump build pipeline version (#29025) * Release v7.3.2 (#29024) * Fix conflict (#29020) * StatPanels: Fixes auto min max when latest value is zero (#28982) (#29007) * Tracing: Add setting for sampling server (#29011) (#29015) * Gauge: making sure threshold panel json is correct before render (#28898) (#28984) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) (#28985) * Explore: Remove redundant decodeURI and fix urls (#28697) (#28963) * [v7.3.x] Drone: Fix docs building (#28987) * Alerting: Append appSubUrl to back button on channel form (#28282) (#28983) * Plugins: allow override when allowing unsigned plugins (#28901) (#28927) * CloudWatch Logs: Change what we use to measure progress (#28912) (#28964) * Tracing: log traceID in request logger (#28952) (#28959) * Panel inspect: Interpolate variables in panel inspect title (#28779) (#28801) * UsageStats: start tracking usage stats for tempo (#28948) (#28951) * Short URL: Cleanup unvisited/stale short URLs (#28867) (#28944) * Plugins signing: Fix docs urls (#28930) (#28934) * Chore: Fix spelling issue (#28904) (#28925) * API: replace SendLoginLogCommand with LoginHook (#28777) (#28891) * Elasticsearch: Exclude pipeline aggregations from order by options (#28620) (#28873) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826, #28890) * Disable selecting enterprise plugins with no license (#28758) (#28859) * Tempo: fix test data source (#28836) (#28856) * Prometheus: fix missing labels from value (#28842) (#28855) * Units: added support to handle negative fractional numbers. (#28849) (#28851) * increase blob column size for encrypted dashboard data (#28831) (#28832) * Gauge: Improve font size auto sizing (#28797) (#28828) * Variables: Fixes URL values for dependent variables (#28798) (#28800) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) (#28774) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) (#28704) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) (#28775) * Plugin page: Fix dom validation warning (#28737) (#28741) * Dashboard: fix view panel mode for Safari / iOS (#28702) (#28755) * Fix typo in unsigned plugin warning (#28709) (#28722) * TableFilters: Fixes filtering with field overrides (#28690) (#28727) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) (#28726) * Prometheus: Fix copy paste behaving as cut and paste (#28622) (#28691) mgr-daemon: - Update the translations from weblate rhnlib: - Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959) spacecmd: - Update translation strings - Add group_addconfigchannel and group_removeconfigchannel - Add group_listconfigchannels and configchannel_listgroups - Handle SIGPIPE without user-visible Exception (bsc#1181124) - Fix spacecmd compat with Python 3 spacewalk-client-tools: - Update the translations from weblate supportutils-plugin-salt: - Fix yaml.load() warnings and issues with Python versions (bsc#1178072) (bsc#1181474) - Fix errors when collecting data for salt-minion (bsc#1131670) suseRegisterInfo: - Add support for Amazon Linux 2 - Add support for Alibaba Cloud Linux 2 zypp-plugin-spacewalk: - Support for "allow vendor change" for patching/upgrading Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-1511=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.22.1-6.15.1 grafana-7.4.2-4.12.1 - SUSE Manager Tools 15-BETA (noarch): mgr-daemon-4.2.6-4.9.1 python3-rhnlib-4.2.3-6.15.1 python3-spacewalk-check-4.2.9-6.27.1 python3-spacewalk-client-setup-4.2.9-6.27.1 python3-spacewalk-client-tools-4.2.9-6.27.1 python3-suseRegisterInfo-4.2.3-6.12.1 python3-zypp-plugin-spacewalk-1.0.9-6.12.1 spacecmd-4.2.7-6.21.1 spacewalk-check-4.2.9-6.27.1 spacewalk-client-setup-4.2.9-6.27.1 spacewalk-client-tools-4.2.9-6.27.1 supportutils-plugin-salt-1.1.5-5.6.1 suseRegisterInfo-4.2.3-6.12.1 zypp-plugin-spacewalk-1.0.9-6.12.1 References: https://bugzilla.suse.com/1131670 https://bugzilla.suse.com/1178072 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181474 https://bugzilla.suse.com/1183959 From sle-updates at lists.suse.com Wed May 5 16:17:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:17:13 +0200 (CEST) Subject: SUSE-RU-2021:1506-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20210505161713.B801DFF53@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1506-1 Rating: moderate References: #1179831 #1181124 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Improvements on "ansiblegate" module: * New methods: ansible.targets / ansible.discover_playbooks * General bugfixes - Regression fix of salt-ssh on processing some targets - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Update target fix for salt-ssh to process targets list (bsc#1179831) - Add notify beacon for Debian/Ubuntu systems - Add core grains support for AlmaLinux and Alibaba Could Linux - Allow vendor change option with zypper spacecmd: - Update translation strings - Add group_addconfigchannel and group_removeconfigchannel - Add group_listconfigchannels and configchannel_listgroups - Handle SIGPIPE without user-visible Exception (bsc#1181124) - Fix spacecmd compat with Python 3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-x86_64-2021-1506=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (all): salt-common-3002.2+ds-1+2.17.1 salt-minion-3002.2+ds-1+2.17.1 scap-security-guide-debian-0.1.54-2.3.1 spacecmd-4.2.7-2.12.1 References: https://bugzilla.suse.com/1179831 https://bugzilla.suse.com/1181124 From sle-updates at lists.suse.com Wed May 5 16:18:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:18:21 +0200 (CEST) Subject: SUSE-RU-2021:1502-1: moderate: Recommended Beta update for Salt Message-ID: <20210505161821.1E20DFF53@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1502-1 Rating: moderate References: #1179831 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: salt: - Improvements on "ansiblegate" module: * New methods: ansible.targets / ansible.discover_playbooks - Regression fix of salt-ssh on processing some targets - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Update target fix for salt-ssh to process targets list (bsc#1179831) - Add notify beacon for Debian/Ubuntu systems - Add core grains support for AlmaLinux and Alibaba Could Linux - Allow vendor change option with zypper Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-1502=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-8.36.1 salt-3002.2-8.36.1 salt-api-3002.2-8.36.1 salt-cloud-3002.2-8.36.1 salt-doc-3002.2-8.36.1 salt-master-3002.2-8.36.1 salt-minion-3002.2-8.36.1 salt-proxy-3002.2-8.36.1 salt-ssh-3002.2-8.36.1 salt-standalone-formulas-configuration-3002.2-8.36.1 salt-syndic-3002.2-8.36.1 - SUSE Manager Tools 15-BETA (noarch): salt-bash-completion-3002.2-8.36.1 salt-fish-completion-3002.2-8.36.1 salt-zsh-completion-3002.2-8.36.1 References: https://bugzilla.suse.com/1179831 From sle-updates at lists.suse.com Wed May 5 16:19:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:19:25 +0200 (CEST) Subject: SUSE-RU-2021:1503-1: moderate: Recommended Beta update for Salt Message-ID: <20210505161925.5F1E2FF53@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1503-1 Rating: moderate References: #1131670 #1177474 #1178072 #1179831 #1181368 #1181474 #1182281 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Prevent breaking Ansible filter modules (bsc#1177474) supportutils-plugin-salt: - Fix yaml.load() warnings and issues with Python versions (bsc#1178072, bsc#1181474) - Fix errors when collecting data for salt-minion (bsc#1131670) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-1503=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): python2-salt-3000-49.32.1 python3-salt-3000-49.32.1 salt-3000-49.32.1 salt-doc-3000-49.32.1 salt-minion-3000-49.32.1 - SUSE Manager Tools 12-BETA (noarch): supportutils-plugin-salt-1.1.5-9.6.1 References: https://bugzilla.suse.com/1131670 https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1178072 https://bugzilla.suse.com/1179831 https://bugzilla.suse.com/1181368 https://bugzilla.suse.com/1181474 https://bugzilla.suse.com/1182281 From sle-updates at lists.suse.com Wed May 5 16:21:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:21:01 +0200 (CEST) Subject: SUSE-RU-2021:1510-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20210505162101.28BB8FF53@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1510-1 Rating: moderate References: #1151558 #1181124 #1183959 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-prometheus-node_exporter: - Update to 1.1.2 * Bug fixes + Handle errors from disabled PSI subsystem #1983 + Sanitize strings from /sys/class/power_supply #1984 + Silence missing netclass errors #1986 - Trim old specfile constructs - Migrate to obs_scm - Migrate to go_modules - Update to 1.1.1 * Bug fixes + Fix ineffassign issue #1957 + Fix some noisy log lines #1962 - Update to 1.1.0 * Changes + Improve filter flag names #1743 + Add btrfs and powersupplyclass to list of exporters enabled by default #1897 * Features + Add fibre channel collector #1786 + Expose cpu bugs and flags as info metrics. #1788 + Add network_route collector #1811 + Add zoneinfo collector #1922 * Enhancements + Add more InfiniBand counters #1694 + Add flag to aggr ipvs metrics to avoid high cardinality metrics #1709 + Adding backlog/current queue length to qdisc collector #1732 + Include TCP OutRsts in netstat metrics #1733 + Add pool size to entropy collector #1753 + Remove CGO dependencies for OpenBSD amd64 #1774 + bcache: add writeback_rate_debug stats #1658 + Add check state for mdadm arrays via node_md_state metric #1810 + Expose XFS inode statistics #1870 + Expose zfs zpool state #1878 + Added an ability to pass collector.supervisord.url via SUPERVISORD_URL environment variable #1947 * Bug fixes + filesystem_freebsd: Fix label values #1728 + Fix various procfs parsing errors #1735 + Handle no data from powersupplyclass #1747 + udp_queues_linux.go: change upd to udp in two error strings #1769 + Fix node_scrape_collector_success behaviour #1816 + Fix NodeRAIDDegraded to not use a string rule expressions #1827 + Fix node_md_disks state label from fail to failed #1862 + Handle EPERM for syscall in timex collector #1938 + bcache: fix typo in a metric name #1943 + Fix XFS read/write stats (https://github.com/prometheus/procfs/pull/343) - Do not include sources (bsc#1151558) - Remove rc symlink golang-github-prometheus-prometheus: - Uyuni: `hostname` label is now set to FQDN instead of IP grafana: - Update to version 7.4.2: * Make Datetime local (No date if today) working (#31274) (#31275) * "Release: Updated versions in package to 7.4.2" (#31272) * [v7.4.x] Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#31269) * Snapshots: Disallow anonymous user to create snapshots (#31263) (#31266) * only update usagestats every 30min (#31131) (#31262) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) (#31248) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) (#31245) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) (#31246) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) (#31244) * LibraryPanels: Disconnect before connect during dashboard save (#31235) (#31238) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) (#31239) * Variables: Adds back default option for data source variable (#31208) (#31232) * IPv6: Support host address configured with enclosing square brackets (#31226) (#31228) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) (#31224) * Remove last synchronisation field from LDAP debug view (#30984) (#31221) * [v7.4.x]: Sync drone config from master to stable release branch (#31213) * DataSourceSrv: Filter out non queryable data sources by default (#31144) (#31214) * Alerting: Fix modal text for deleting obsolete notifier (#31171) (#31209) * Variables: Fixes missing empty elements from regex filters (#31156) (#31201) * DashboardLinks: Fixes links always cause full page reload (#31178) (#31181) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) (#31162) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) (#31176) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) (#31170) - Fix "inconsistent vendoring" build failure - Update to version 7.4.1: * "Release: Updated versions in package to 7.4.1" (#31128) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) (#31127) * MuxWriter: Handle error for already closed file (#31119) (#31120) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) (#31117) * Exemplars: Change CTA style (#30880) (#31105) * test: add support for timeout to be passed in for addDatasource (#30736) (#31090) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) (#31100) * Elasticsearch: fix log row context erroring out (#31088) (#31094) * test: update addDashboard flow for v7.4.0 changes (#31059) (#31084) * Usage stats: Adds source/distributor setting (#31039) (#31076) * DashboardLinks: Fixes crash when link has no title (#31008) (#31050) * Make value mappings correctly interpret numeric-like strings (#30893) (#30912) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) (#31037) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) (#31032) * convert path to posix by default (#31045) (#31053) * Alerting: Fixes so notification channels are properly deleted (#31040) (#31046) * Drone: Fix deployment image (#31027) (#31029) * Graph: Fixes so graph is shown for non numeric time values (#30972) (#31014) * instrumentation: make the first database histogram bucket smaller (#30995) (#31001) * Build: Releases e2e and e2e-selectors too (#31006) (#31007) * TextPanel: Fixes so panel title is updated when variables change (#30884) (#31005) * StatPanel: Fixes issue formatting date values using unit option (#30979) (#30991) * Units: Fixes formatting of duration units (#30982) (#30986) * Elasticsearch: Show Size setting for raw_data metric (#30980) (#30983) * Logging: sourcemap support for frontend stacktraces (#30590) (#30976) * e2e: extends selector factory to plugins (#30932) (#30934) * Variables: Adds queryparam formatting option (#30858) (#30924) * Exemplars: change api to reflect latest changes (#30910) (#30915) * "Release: Updated versions in package to 7.4.0" (#30898) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) (#30896) * GrafanaUI: Add a way to persistently close InfoBox (#30716) (#30895) * [7.4.x] AlertingNG: List saved Alert definitions in Alert Rule list (30890)(30603) * Alerting: Fixes alert panel header icon not showing (#30840) (#30885) * Plugins: Requests validator (#30445) (#30877) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) (#30883) * bump grabpl version to 0.5.36 (#30874) (#30878) * Chore: remove __debug_bin (#30725) (#30857) * Grafana-ui: fixes closing modals with escape key (#30745) (#30873) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) (#30852) * Add alt text to plugin logos (#30710) (#30872) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) (#30870) * Prometheus: Set type of labels to string (#30831) (#30835) * AlertingNG: change API permissions (#30781) (#30814) * Grafana-ui: fixes no data message in Table component (#30821) (#30855) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825, #30843) * Chore: add more docs annotations (#30847) (#30851) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) (#30846) * Transforms: allow boolean in field calculations (#30802) (#30845) * CDN: Fixes cdn path when Grafana is under sub path (#30822) (#30823) * bump cypress to 6.3.0 (#30644) (#30819) * Expressions: Measure total transformation requests and elapsed time (#30514) (#30789) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) (#30811) * [v7.4.x]: Menu: Mark menu components as internal (#30801) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) (#30635) * GraphNG: Disable Plot logging by default (#30390) (#30500) * Storybook: Migrate card story to use controls (#30535) (#30549) * GraphNG: add bar alignment option (#30499) (#30790) * Variables: Clears drop down state when leaving dashboard (#30810) (#30812) * Add missing callback dependency (#30797) (#30809) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) (#30799) * Add width for Variable Editors (#30791) (#30795) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) (#30792) * PanelEdit: Trigger refresh when changing data source (#30744) (#30767) * AlertingNG: Enable UI to Save Alert Definitions (#30394) (#30548) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) (#30779) * CDN: Adds support for serving assets over a CDN (#30691) (#30776) * Explore: Update styling of buttons (#30493) (#30508) * Loki: Append refId to logs uid (#30418) (#30537) * skip symlinks to directories when generating plugin manifest (#30721) (#30738) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) (#30750) * BarChart: add alpha bar chart panel (#30323) (#30754) * Datasource: Use json-iterator configuration compatible with standard library (#30732) (#30739) * Variables: Fixes so text format will show All instead of custom all (#30730) (#30731) * AlertingNG: pause/unpause definitions via the API (#30627) (#30672) * PanelLibrary: better handling of deleted panels (#30709) (#30726) * Transform: improve the "outer join" performance/behavior (#30407) (#30722) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) (#30714) * Use connected GraphNG in Explore (#30707) (#30708) * PanelLibrary: changes casing of responses and adds meta property (#30668) (#30711) * DeployImage: Switch base images to Debian (#30684) (#30699) * Trace: trace to logs design update (#30637) (#30702) * Influx: Show all datapoints for dynamically windowed flux query (#30688) (#30703) * ci(npm-publish): add missing github package token to env vars (#30665) (#30673) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) (#30681) * Grafana-UI: Fix setting default value for MultiSelect (#30671) (#30687) * Explore: Fix jumpy live tailing (#30650) (#30677) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) (#30670) * Variables: Fixes display value when using capture groups in regex (#30636) (#30661) * Docs: Fix expressions enabled description (#30589) (#30651) * Licensing Docs: Adding license restrictions docs (#30216) (#30648) * DashboardSettings: fixes vertical scrolling (#30640) (#30643) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) (#30631) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) (#30557) * Footer: Fixes layout issue in footer (#30443) (#30494) * Variables: Fixes so queries work for numbers values too (#30602) (#30624) * Admin: Fixes so form values are filled in from backend (#30544) (#30623) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502, #30614) * NodeGraph: Add docs (#30504) (#30613) * Cloud Monitoring: Fix legend naming with display name override (#30440) (#30503) * Expressions: Add option to disable feature (#30541) (#30558) * OldGraph: Fix height issue in Firefox (#30565) (#30582) * XY Chart: fix editor error with empty frame (no fields) (#30573) (#30577) * XY Chart: share legend config with timeseries (#30559) (#30566) * DataFrame: cache frame/field index in field state (#30529) (#30560) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) (#30556) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) (#30550) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) (#30487) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) (#30528) * GraphNG: uPlot 1.6.2 (#30521) (#30522) * Chore: Upgrade grabpl version (#30486) (#30513) * grafana/ui: Fix internal import from grafana/data (#30439) (#30507) * prevent field config from being overwritten (#30437) (#30442) * Chore: upgrade NPM security vulnerabilities (#30397) (#30495) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) (#30492) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) (#30497) * Chore: adds wait to e2e test (#30488) (#30490) * Graph: Fixes so only users with correct permissions can add annotations (#30419) (#30466) * Alerting: Hides threshold handle for percentual thresholds (#30431) (#30467) * Timeseries: only migrage point size when configured (#30461) (#30470) * Expressions: Fix button icon (#30444) (#30450) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) (#30451) * Docs: Fix img link for alert notification template (#30436) (#30447) * Chore: Upgrade build pipeline tool (#30456) (#30457) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) (#30438) * "Release: Updated versions in package to 7.4.0-beta.1" (#30427) * Chore: Update what's new URL (#30423) * GraphNG: assume uPlot's series stroke is always a function (#30416) * PanelLibrary: adding library panels to Dashboard Api (#30278) * Prettier: Fixes to files that came in after main upgrade (#30410) * Cloud Monitoring: Add curated dashboards for the most popular GCP services (#29930) * Mssql integrated security (#30369) * Prettier: Upgrade to 2 (#30387) * GraphNG: sort ascending if the values appear reversed (#30405) * Docs: Grafana whats new 7.4 (#30404) * Dashboards: Adds cheat sheet toggle to supported query editors (#28857) * Docs: Update timeseries-dimensions.md (#30403) * Alerting: Evaluate data templating in alert rule name and message (#29908) * Docs: Add links to 7.3 patch release notes (#30292) * Docs: Update _index.md (#29546) * Docs: Update jaeger.md (#30401) * Expressions: Remove feature toggle (#30316) * Docs: Update tempo.md (#30399) * Docs: Update zipkin.md (#30400) * services/provisioning: Various cleanup (#30396) * DashboardSchemas: OpenAPI Schema Generation (#30242) * AlertingNG: Enforce unique alert definition title (non empty)/UID per organisation (#30380) * Licensing: Document new v7.4 options and APIs (#30217) * Auth: add expired token error and update CreateToken function (#30203) * NodeGraph: Add node graph visualization (#29706) * Add jwtTokenAuth to plugin metadata schema (#30346) * Plugins: Force POSIX style path separators for manifest generation (#30287) * Add enterprise reporting fonts to gitignore (#30385) * Field overrides: skipping overrides for properties no longer existing in plugin (#30197) * NgAlerting: View query result (#30218) * Grafana-UI: Make Card story public (#30388) * Dashboard: migrate version history list (#29970) * Search: use Card component (#29892) * PanelEvents: Isolate more for old angular query editors (#30379) * Loki: Remove showing of unique labels with the empty string value (#30363) * Chore: Lint all files for no-only-tests (#30364) * Clears errors after running new query (#30367) * Prometheus: Change exemplars endpoint (#30378) * Explore: Fix a bug where Typeahead crashes when a large amount of ite??? (#29637) * Circular vector: improve generics (#30375) * Update signing docs (#30296) * Email: change the year in templates (#30294) * grafana/ui: export TLS auth component (#30320) * Query Editor: avoid word wrap (#30373) * Transforms: add sort by transformer (#30370) * AlertingNG: Save alert instances (#30223) * GraphNG: Color series from by value scheme & change to fillGradient to gradientMode (#29893) * Chore: Remove not used PanelOptionsGrid component (#30358) * Zipkin: Remove browser access mode (#30360) * Jaeger: Remove browser access mode (#30349) * chore: bump lodash to 4.17.20 (#30359) * ToolbarButton: New emotion based component to replace all navbar, DashNavButton and scss styles (#30333) * Badge: Increase contrast, remove rocket icon for plugin beta/alpha state (#30357) * Licensing: Send map of environment variables to plugins (#30347) * Dashboards: Exit to dashboard when deleting panel from panel view / edit view (#29032) * Cloud Monitoring: MQL support (#26551) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30348) * Panel options UI: Allow collapsible categories (#30301) * Grafana-ui: Fix context menu item always using onClick instead of href (#30350) * Badge: Design improvement & reduce contrast (#30328) * make sure stats are added horizontally and not vertically (#30106) * Chore(deps): Bump google.golang.org/grpc from 1.33.1 to 1.35.0 (#30342) * Chore(deps): Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 (#30341) * Chore(deps): Bump github.com/google/uuid from 1.1.2 to 1.1.5 (#30340) * Chore(deps): Bump github.com/hashicorp/go-version from 1.2.0 to 1.2.1 (#30339) * Fix HTML character entity error (#30334) * GraphNG: fix fillBelowTo regression (#30330) * GraphNG: implement softMin/softMax for auto-scaling stabilization. close #979. (#30326) * Legend: Fixes right y-axis legend from being pushed outside the bounds of the panel (#30327) * Grafana-toolkit: Update component generator templates (#30306) * Panels: remove beta flag from stat and bargauge panels (#30324) * GraphNG: support fill below to (bands) (#30268) * grafana-cli: Fix security issue (#28888) * AlertingNG: Modify queries and transform endpoint to get datasource UIDs (#30297) * Chore: Fix missing property from ExploreGraph (#30315) * Prometheus: Add support for Exemplars (#28057) * Grafana-UI: Enhances for TimeRangePicker and TimeRangeInput (#30102) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30312) * Table: Fixes BarGauge cell display mode font size so that it is fixed to the default cell font size (#30303) * AngularGraph: Fixes issues with legend wrapping after legend refactoring (#30283) * Plugins: Add Open Distro to the list of data sources supported by sigv4 (#30308) * Chore: Moves common and response into separate packages (#30298) * GraphNG: remove y-axis position control from series color picker in the legend (#30302) * Table: migrate old-table config to new table config (#30142) * Elasticsearch: Support extended stats and percentiles in terms order by (#28910) * Docs: Update release notes index * GraphNG: stats in legend (#30251) * Grafana UI: EmptySearchResult docs (#30281) * Plugins: Use the includes.path (if exists) on sidebar includes links (#30291) * Fix spinner and broken buttons (#30286) * Graph: Consider reverse sorted data points on isOutsideRange check (#30289) * Update getting-started.md (#30257) * Backend: use sdk version (v0.81.0) without transform (gel) code (#29236) * Chore: update latest versions to 7.3.7 (#30282) * Loki: Fix hiding of series in table if labels have number values (#30185) * Loki: Lower min step to 1ms (#30135) * Prometheus: Improve autocomplete performance and remove disabling of dynamic label lookup (#30199) * Icons: Adds custom icon support ands new panel and interpolation icons (#30277) * ReleaseNotes: Updated changelog and release notes for 7.3.7 (#30280) * Grafana-ui: Allow context menu items to be open in new tab (#30141) * Cloud Monitoring: Convert datasource to use Dataframes (#29830) * GraphNG: added support to change series color from legend. (#30256) * AzureMonitor: rename labels for query type dropdown (#30143) * Decimals: Improving auto decimals logic for high numbers and scaled units (#30262) * Elasticsearch: Use minimum interval for alerts (#30049) * TimeSeriesPanel: The new graph panel now supports y-axis value mapping #30272 * CODEOWNERS: Make backend squad owners of backend style guidelines (#30266) * Auth: Add missing request headers to SigV4 middleware allowlist (#30115) * Grafana-UI: Add story/docs for FilterPill (#30252) * Grafana-UI: Add story/docs for Counter (#30253) * Backend style guide: Document JSON guidelines (#30267) * GraphNG: uPlot 1.6, hide "Show points" in Points mode, enable "dot" lineStyle (#30263) * Docs: Update prometheus.md (#30240) * Docs: Cloudwatch filter should be JSON format (#30243) * API: Add by UID routes for data sources (#29884) * Docs: Update datasource_permissions.md (#30255) * Cloudwatch: Move deep link creation to the backend (#30206) * Metrics API: Use jsoniter for JSON encoding (#30250) * Add option in database config to skip migrations for faster startup. (#30146) * Set signed in users email correctly (#30249) * Drone: Upgrade build pipeline tool (#30247) * runRequest: Fixes issue with request time range and time range returned to panels are off causing data points to be cut off (outside) (#30227) * Elasticsearch: fix handling of null values in query_builder (#30234) * Docs: help users connect to Prometheus using SigV4 (#30232) * Update documentation-markdown-guide.md (#30207) * Update documentation-markdown-guide.md (#30235) * Better logging of plugin scanning errors (#30231) * Print Node.js and Toolkit versions (#30230) * Chore: bump rollup across all packages (#29486) * Backend style guide: Document database patterns (#30219) * Chore: Bump plugin-ci-alpine Docker image version (#30225) * Legends: Refactoring and rewrites of legend components to simplify components & reuse (#30165) * Use Node.js 14.x in plugin CI (#30209) * Field overrides: extracting the field config factory into its own reusable module. (#30214) * LibraryPanels: adds connections (#30212) * PanelOptionsGroups: Only restore styles from PanelOptionsGroup (#30215) * Variables: Add deprecation warning for value group tags (#30160) * GraphNG: Hide grid for right-y axis if left x-axis exists (#30195) * Middleware: Add CSP support (#29740) * Updated image links to have newer format. (#30208) * Docs: Update usage-insights.md (#30150) * Share panel dashboard add images (#30201) * Update documentation-style-guide.md (#30202) * Docs: Fix links to transforms (#30194) * docs(badge): migrate story to use controls (#30180) * Chore(deps): Bump github.com/prometheus/common from 0.14.0 to 0.15.0 (#30188) * Fix alert definition routine stop (#30117) * Chore(deps): Bump gopkg.in/square/go-jose.v2 from 2.4.1 to 2.5.1 (#30189) * InlineSwitch: Minor story fix (#30186) * Chore(deps): Bump github.com/gosimple/slug from 1.4.2 to 1.9.0 (#30178) * Chore(deps): Bump github.com/fatih/color from 1.9.0 to 1.10.0 (#30183) * Chore(deps): Bump github.com/lib/pq from 1.3.0 to 1.9.0 (#30181) * Chore(deps): Bump github.com/hashicorp/go-plugin from 1.2.2 to 1.4.0 (#30175) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.7.0 to 0.9.0 (#30171) * Gauge: Fixes issue with all null values cause min & max to be null (#30156) * Links: Add underline on hover for links in NewsPanel (#30166) * GraphNG: Update to test dashboards (#30153) * CleanUp: Removed old panel options group component (#30157) * AngularQueryEditors: Fixes to Graphite query editor and other who refer to other queries (#30154) * Chore(deps): Bump github.com/robfig/cron/v3 from 3.0.0 to 3.0.1 (#30172) * Chore(deps): Bump github.com/urfave/cli/v2 from 2.1.1 to 2.3.0 (#30173) * Chore: Fix spelling issue (#30168) * Revise README.md. (#30145) * Chore(deps): Bump github.com/mattn/go-sqlite3 from 1.11.0 to 1.14.6 (#30174) * InlineSwitch: Added missing InlineSwitch component and fixed two places that used unaligned inline switch (#30162) * GraphNG: add new alpha XY Chart (#30096) * Elastic: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#30009) * OpenTSDB: Support request cancellation properly (#29992) * InfluxDB: Update Flux external link (#30158) * Allow dependabot to keep go packages up-to-date (#30170) * PluginState: Update comment * GraphNG: Minor polish & updates to new time series panel and move it from alpha to beta (#30163) * Share panel dashboard (#30147) * GraphNG: rename "graph3" to "timeseries" panel (#30123) * Add info about access mode (#30137) * Prometheus: Remove running of duplicated metrics query (#30108) * Prometheus: Fix autocomplete does not work on incomplete input (#29854) * GraphNG: remove graph2 panel (keep the parts needed for explore) (#30124) * Docs: Add metadata to activating licensing page (#30140) * MixedDataSource: Added missing variable support flag (#30110) * AngularPanels: Fixes issue with some panels not rendering when going into edit mode due to no height (#30113) * AngularPanels: Fixes issue with discrete panel that used the initialized event (#30133) * Explore: Make getFieldLinksForExplore more reusable (#30134) * Elasticsearch: Add Support for Serial Differencing Pipeline Aggregation (#28618) * Angular: Fixes issue with angular directive caused by angular upgrade in master (#30114) * Analytics: add data source type in data-request events (#30087) * GraphNG: "Interpolation: Step after" test (#30127) * GraphNG: check cross-axis presence when auto-padding. close #30121. (#30126) * Alerting: improve alerting default datasource search when extracting alerts (#29993) * Loki: Timeseries should not produce 0-values for missing data (#30116) * GraphNG: support dashes (#30070) * GraphNG: fix spanGaps optimization in alignDataFrames(). see #30101. (#30118) * Alerting NG: update API to expect UIDs instead of IDs (#29896) * GraphNG: Overhaul of main test dashboard and update to null & gaps dashboard (#30101) * Chore: Fix intermittent time-related test failure in explore datasource instance update (#30109) * QueryEditorRow: Ability to change query name (#29779) * Frontend: Failed to load application files message improvement IE11 (#30011) * Drone: Upgrade build pipeline tool (#30104) * Fix phrasing. (#30075) * Chore: Add CloudWatch HTTP API tests (#29691) * Elastic: Fixes so templating queries work (#30003) * Chore: Rewrite elasticsearch client test to standard library (#30093) * Chore: Rewrite tsdb influxdb test to standard library (#30091) * Fix default maximum lifetime an authenticated user can be logged in (#30030) * Instrumentation: re-enable database wrapper feature to expose counter and histogram for database queries (#29662) * Docs: Update labels to fields transform (#30086) * GraphNG: adding possibility to toggle tooltip, graph and legend for series (#29575) * Chore: Rewrite tsdb cloudmonitoring test to standard library (#30090) * Chore: Rewrite tsdb azuremonitor time grain test to standard library (#30089) * Chore: Rewrite tsdb graphite test to standard library (#30088) * Chore: Upgrade Docker build image wrt. Go/golangci-lint/Node (#30077) * Usage Stats: Calculate concurrent users as a histogram (#30006) * Elasticsearch: Fix broken alerting when using pipeline aggregations (#29903) * Drone: Fix race conditions between Enterprise and Enterprise2 (#30076) * Chore: Rewrite models datasource cache test to standard library (#30040) * Plugins: prevent app plugin from rendering with wrong location (#30017) * Update NOTICE.md * Chore: Tiny typo fix `rage` -> `range` (#30067) * Docs: loki.md: Add example of Loki data source config (#29976) * ReleaseNotes: Updated changelog and release notes for 7.3.6 (#30066) * Docs: Update usage-insights.md (#30065) * Docs: Update white-labeling.md (#30064) * Chore(deps): Bump axios from 0.19.2 to 0.21.1 (#30059) * Chore: Rewrite models tags test to standard library (#30041) * Bump actions/setup-node from v1 to v2.1.4 (#29891) * Build(deps): Bump ini from 1.3.5 to 1.3.7 (#29787) * fall back to any architecture when getting plugin's checksum #30034 (#30035) * Lerna: Update to 3.22.1 (#30057) * SeriesToRows: Fixes issue in transform so that value field is always named Value (#30054) * [dashboard api] manage error when data in dashboard table is not valid json (#29999) * use sha256 checksum instead of md5 (#30018) * Chore: Rewrite brute force login protection test to standard library (#29986) * Chore: Rewrite login auth test to standard library (#29985) * Chore: Rewrite models dashboards test to standard library (#30023) * Chore: Rewrite models dashboard acl test to standard library (#30022) * Chore: Rewrite models alert test to standard library (#30021) * Chore: Rewrite ldap login test to standard library (#29998) * Chore: Rewrite grafana login test to standard library (#29997) * Fix two ini-file typos regarding LDAP (#29843) * Chore: Changes source map devtool to inline-source-map (#30004) * Chore: Sync Enterprise go.sum (#30005) * Chore: Add Enterprise dependencies (#29994) * SQLStore: customise the limit of retrieved datasources per organisation (#29358) * Chore: update crewjam/saml library to the latest master (#29991) * Graph: Fixes so users can not add annotations in readonly dash (#29990) * Currency: add Vietnamese dong (VND) (#29983) * Drone: Update pipelines for Enterprise (#29939) * Remove the bus from teamgroupsync (#29810) * Influx: Make variable query editor input uncontrolled (#29968) * PanelLibrary: Add PATCH to the API (#29956) * PanelEvents: Isolating angular panel events into it's own event bus + more event refactoring (#29904) * Bump node-notifier from 8.0.0 to 8.0.1 (#29952) * LDAP: Update use_ssl documentation (#29964) * Docs: Missing 's' on 'logs' (#29966) * Docs: Update opentsdb.md (#29963) * Docs: Minor typo correction (#29962) * librarypanels: Fix JSON field casing in tests (#29954) * TemplateSrv: Do not throw error for an unknown format but use glob as fallback and warn in the console (#29955) * PanelLibrary: Adds uid and renames title to name (#29944) * Docs: Fix raw format variable docs (#29945) * RedirectResponse: Implement all of api.Response (#29946) * PanelLibrary: Adds get and getAll to the api (#29772) * Chore: Remove duplicate interpolateString test (#29941) * Chore: Rewrite influxdb query parser test to standard library (#29940) * Folders: Removes the possibility to delete the General folder (#29902) * Chore: Convert tsdb request test to standard library (#29936) * Chore: Convert tsdb interval test to standard library (#29935) * Docs: Update configuration.md (#29912) * Docs: Update organization_roles.md (#29911) * Docs: Update _index.md (#29918) * GraphNG: bring back tooltip (#29910) * Ng Alerting: Remove scroll and fix SplitPane limiters (#29906) * Dashboard: Migrating dashboard settings to react (#27561) * Minor correction to explanation on correct MS SQL usage. (#29889) * AlertingNG: Create a scheduler to evaluate alert definitions (#29305) * Add changelog items for 7.3.6, 7.2.3 and 6.7.5 (#29901) * bump stable to 7.3.6 (#29899) * Upgrade go deps. (#29900) * Expressions: Replace query input fields with select. (#29816) * PanelEdit: Update UI if panel plugin changes field config (#29898) * Elasticsearch: Remove timeSrv dependency (#29770) * PanelEdit: Need new data after plugin change (#29874) * Chore(toolkit): disable react/prop-types for eslint config (#29888) * Field Config API: Add ability to hide field option or disable it from the overrides (#29879) * SharedQuery: Fixes shared query editor now showing queries (#29849) * GraphNG: support fill gradient (#29765) * Backend style guide: Add more guidelines (#29871) * Keep query keys consistent (#29855) * Alerting: Copy frame field labels to time series tags (#29886) * Update configure-docker.md (#29883) * Usage Stats: Introduce an interface for usage stats service (#29882) * DataFrame: add a writable flag to fields (#29869) * InlineForms: Changes to make inline forms more flexible for query editors (#29782) * Usage Stats: Allow to add additional metrics to the stats (#29774) * Fix the broken link of XORM documentation (#29865) * Move colors demo under theme colors (#29873) * Dashboard: Increase folder name size in search dashboard (#29821) * MSSQL: Config UI touches (#29834) * QueryOptions: Open QueryEditors: run queries after changing group options #29864 * GraphNG: uPlot 1.5.2, dynamic stroke/fill, Flot-style hover points (#29866) * Variables: Fixes so numerical sortorder works for options with null values (#29846) * GraphNG: only initialize path builders once (#29863) * GraphNG: Do not set fillColor from GraphNG only opacity (#29851) * add an example cloudwatch resource_arns() query that uses multiple tags (ref: #29499) (#29838) * Backend: Remove more globals (#29644) * MS SQL: Fix MS SQL add data source UI issues (#29832) * Display palette and colors for dark and light themes in storybook (#29848) * Docs: Fix broken link in logs-panel (#29833) * Docs: Add info about typing of connected props to Redux style guide (#29842) * Loki: Remove unnecessary deduplication (#29421) * Varibles: Fixes so clicking on Selected will not include All (#29844) * Explore/Logs: Correctly display newlines in detected fields (#29541) * Link suppliers: getLinks API update (#29757) * Select: Changes default menu placement for Select from auto to bottom (#29837) * Chore: Automatically infer types for dashgrid connected components (#29818) * Chore: Remove unused Loki and Cloudwatch syntax providers (#29686) * Pass row (#29839) * GraphNG: Context menu (#29745) * GraphNG: Enable scale distribution configuration (#29684) * Explore: Improve Explore performance but removing unnecessary re-renders (#29752) * DashboardDS: Fixes display of long queries (#29808) * Sparkline: Fixes issue with sparkline that sent in custom fillColor instead of fillOpacity (#29825) * Chore: Disable default golangci-lint filter (#29751) * Update style guide with correct usage of MS SQL (#29829) * QueryEditor: do not auto refresh on every update (#29762) * Chore: remove unused datasource status enum (#29827) * Expressions: support ${my var} syntax (#29819) * Docs: Update types-options.md (#29777) * Chore: Enable more go-ruleguard rules (#29781) * GraphNG: Load uPlot path builders lazily (#29813) * Elasticsearch: ensure query model has timeField configured in datasource settings (#29807) * Chore: Use Header.Set method instead of Header.Add (#29804) * Allow dependabot to check actions (#28159) * Grafana-UI: Support optgroup for MultiSelect (#29805) * Sliders: Update behavior and style tweak (#29795) * Grafana-ui: Fix collapsible children sizing (#29776) * Style guide: Document avoidance of globals in Go code (#29803) * Chore: Rewrite opentsdb test to standard library (#29792) * CloudWatch: Add support for AWS DirectConnect ConnectionErrorCount metric (#29583) * GraphNG: uPlot 1.5.1 (#29789) * GraphNG: update uPlot v1.5.0 (#29763) * Added httpMethod to webhook (#29780) * @grafana-runtime: Throw error if health check fails in DataSourceWithBackend (#29743) * Explore: Fix remounting of query row (#29771) * Expressions: Add placeholders to hint on input (#29773) * Alerting: Next gen Alerting page (#28397) * GraphNG: Add test dashboard for null & and gaps rendering (#29769) * Expressions: Field names from refId (#29755) * Plugins: Add support for signature manifest V2 (#29240) * Chore: Configure go-ruleguard via golangci-lint (#28419) * Move middleware context handler logic to service (#29605) * AlertListPanel: Add options to sort by Time(asc) and Time(desc) (#29764) * PanelLibrary: Adds delete Api (#29741) * Tracing: Release trace to logs feature (#29443) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29753) * DataSourceSettings: Add servername field to DataSource TLS config (#29279) * Chore: update stable and testing versions (#29748) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29744) * Elasticsearch: View in context feature for logs (#28764) * Chore: Disable gosec on certain line (#29382) * Logging: log frontend errors caught by ErrorBoundary, including component stack (#29345) * ChangePassword: improved keyboard navigation (#29567) * GrafanaDataSource: Fix selecting -- Grafana -- data source, broken after recent changes (#29737) * Docs: added version note for rename by regex transformation. (#29735) * @grafana/ui: Fix UI issues for cascader button dropdown and query input (#29727) * Docs: Update configuration.md (#29728) * Docs: Remove survey (#29549) * Logging: rate limit fronted logging endpoint (#29272) * API: add Status() to RedirectResponse (#29722) * Elasticsearch: Deprecate browser access mode (#29649) * Elasticsearch: Fix query initialization action (#29652) * PanelLibrary: Adds api and db to create Library/Shared/Reusable Panel (#29642) * Transformer: Rename metrics based on regex (#29281) * Variables: Fixes upgrade of legacy Prometheus queries (#29704) * Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29650) * DataFrame: add path and description metadata (#29695) * Alerting: Use correct time series name override from frame fields (#29693) * GraphNG: fix bars migration and support color and linewidth (#29697) * PanelHeader: Fix panel header description inline code wrapping (#29628) * Bugfix 29848: Remove annotation_tag entries as part of annotations cleanup (#29534) * GraphNG: simple settings migration from flot panel (#29599) * GraphNG: replace bizcharts with uPlot for sparklines (#29632) * GitHubActions: Update node version in github action (#29683) * Adds go dep used by an Enterprise feature. (#29645) * Typescript: Raise strict error limit for enterprise (#29688) * Remove unnecessary escaping (#29677) * Update getting-started-prometheus.md (#29678) * instrumentation: align label name with our other projects (#29514) * Typescript: Fixing typescript strict error, and separate check from publishing (#29679) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) * Docs: Plugin schema updates (#28232) * RadioButton: Fix flex issue in master for radio buttons (#29664) * Update getting-started.md (#29670) * Expr: fix time unit typo in ds queries (#29668) * Expr: make reduction nan/null more consistent (#29665) * Expr: fix func argument panic (#29663) * Update documentation-style-guide.md (#29661) * Update documentation-markdown-guide.md (#29659) * Docs: Changed image format (#29658) * Expr: fix failure to execute due to OrgID (#29653) * GraphNG: rename "points" to "showPoints" (#29635) * Expressions: Restore showing expression query editor even if main data source is not mixed (#29656) * GraphNG: time range should match the panel timeRange (#29596) * Support svg embedded favicons in whitelabeling (#29436) * Add changelog to docs style guide (#29581) * Loki: Retry web socket connection when connection is closed abnormally (#29438) * GraphNG: Fix annotations and exemplars plugins (#29613) * Chore: Rewrite tsdb sql engine test to standard library (#29590) * GraphNG: fix and optimize spanNulls (#29633) * Build(deps): Bump highlight.js from 10.4.0 to 10.4.1 (#29625) * Cloudwatch: session cache should use UTC consistently (#29627) * GraphNG: rename GraphMode to DrawStyle (#29623) * GraphNG: add spanNulls config option (#29512) * Docs: add docs for concatenate transformer (#28667) * Stat/Gauge: expose explicit font sizing (#29476) * GraphNG: add gaps/nulls support to staircase & smooth interpolation modes (#29593) * grafana/ui: Migrate Field knobs to controls (#29433) * Prometheus: Fix link to Prometheus graph in dashboard (#29543) * Build: Publish next and latest npm channels to Github (#29615) * Update broken aliases (#29603) * API: add ID to snapshot API responses (#29600) * Elasticsearch: Migrate queryeditor to React (#28033) * QueryGroup & DataSourceSrv & DataSourcePicker changes simplify usage, error handling and reduce duplication, support for uid (#29542) * Elastic: Fixes config UI issues (#29608) * GraphNG: Fix issues with plugins not retrieving plot instance (#29585) * middleware: Make scenario test functions take a testing.T argument (#29564) * Grafana/ui: Storybook controls understand component types (#29574) * Login: Fixes typo in tooltip (#29604) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) * Chore: Rewrite sqlstore migration test to use standard library (#29589) * Chore: Rewrite tsdb prometheus test to standard library (#29592) * Security: Add gosec G304 auditing annotations (#29578) * Chore: Rewrite tsdb testdatasource scenarios test to standard library (#29591) * Docs: Add missing key to enable SigV4 for provisioning Elasticsearch data source (#29584) * Add Microsoft.Network/natGateways (#29479) * Update documentation-style-guide.md (#29586) * @grafana/ui: Add bell-slash to available icons (#29579) * Alert: Fix forwardRef warning (#29577) * Update documentation-style-guide.md (#29580) * Chore: Upgrade typescript to 4.1 (#29493) * PanelLibrary: Adds library_panel table (#29565) * Make build docker full fix (#29570) * Build: move canary packages to github (#29411) * Devenv: Add default db for influxdb (#29371) * Chore: Check errors from Close calls (#29562) * GraphNG: support auto and explicit axis width (#29553) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) * Middleware: Rewrite tests to use standard library (#29535) * Overrides: show category on the overrides (#29556) * GraphNG: Bars, Staircase, Smooth modes (#29359) * Docs: Fix docs sync actions (#29551) * Chore: Update dev guide node version for Mac (#29548) * Docs: Update formatting-multi-value-variables.md (#29547) * Arrow: toArray() on nullable values should include null values (#29520) * Docs: Update syntax.md (#29545) * NodeJS: Update to LTS (14) (#29467) * Docs: Update repeat-panels-or-rows.md (#29540) * 3 minor changes, including updating the title TOC (#29501) * Auth proxy: Return standard error type (#29502) * Data: use pre-defined output array length in vectorToArray() (#29516) * Dashboards: hide playlist edit functionality from viewers and snapshots link from unauthenticated users (#28992) * docker: use yarn to build (#29538) * QueryEditors: Refactoring & rewriting out dependency on PanelModel (#29419) * Chore: skip flaky tests (#29537) * Graph NG: Invalidate uPlot config on timezone changes (#29531) * IntelliSense: Fix autocomplete and highlighting for Loki, Prometheus, Cloudwatch (#29381) * Variables: Fixes Textbox current value persistence (#29481) * OptionsEditor: simplify the options editor interfaces (#29518) * Icon: Changed the icon for signing in (#29530) * fixes bug with invalid handler name for metrics (#29529) * Middleware: Simplifications (#29491) * GraphNG: simplify effects responsible for plot updates/initialization (#29496) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) * AzureMonitor: Unit MilliSeconds naming (#29399) * Devenv: update mysql_tests and postgres_tests blocks for allowing dynamically change of underlying docker image (#29525) * Chore: Enable remaining eslint-plugin-react rules (#29519) * Docs/Transformations: Add documentation about Binary operations in Add field from calculation (#29511) * Datasources: fixed long error message overflowing container (#29440) * docker: fix Dockerfile after Gruntfile.js removed (#29515) * Chore: Adds Panel Library featuretoggle (#29521) * Docs: Update filter-variables-with-regex.md (#29508) * Docs: InfluxDB_V2 datasource: adding an example on how to add InfluxQL as a datasource (#29490) * Loki: Add query type and line limit to query editor in dashboard (#29356) * Docs: Added Security Group support to Azure Auth (#29418) * DataLinks: Removes getDataSourceSettingsByUid from applyFieldOverrides (#29447) * Bug: trace viewer doesn't show more than 300 spans (#29377) * Live: publish all dashboard changes to a single channel (#29474) * Chore: Enable eslint-plugin-react partial rules (#29428) * Alerting: Update alertDef.ts with more time options (#29498) * DataSourceSrv: Look up data source by uid and name transparently (#29449) * Instrumentation: Add examplars for request histograms (#29357) * Variables: Fixes Constant variable persistence confusion (#29407) * Docs: Fix broken link for plugins (#29346) * Prometheus: don't override displayName property (#29441) * Grunt: Removes grunt dependency and replaces some of its usage (#29461) * Transformation: added support for excluding/including rows based on their values. (#26884) * Chore: Enable exhaustive linter (#29458) * Field overrides: added matcher to match all fields within frame/query. (#28872) * Log: Use os.Open to open file for reading (#29483) * MinMax: keep global min/main in field state (#29406) * ReactGridLayout: Update dependency to 1.2 (#29455) * Jest: Upgrade to latest (#29450) * Chore: bump grafana-ui rollup dependencies (#29315) * GraphNG: use uPlot's native ms support (#29445) * Alerting: Add support for Sensu Go notification channel (#28012) * adds tracing for all bus calls that passes ctx (#29434) * prometheus: Improve IsAPIError's documentation (#29432) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29430) * Elasticsearch: Fix index pattern not working with multiple base sections (#28348) * Plugins: Add support for includes' icon (#29416) * Docs: fixing frontend docs issue where enums ending up in wrong folder level. (#29429) * Variables: Fixes issue with upgrading legacy queries (#29375) * Queries: Extract queries from dashboard (#29349) * Docs: docker -> Docker (#29331) * PanelEvents: Refactors and removes unnecessary events, fixes panel editor update issue when panel options change (#29414) * Fix: Correct panel edit uistate migration (#29413) * Alerting: Improve Prometheus Alert Rule error message (#29390) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) * remove insecure cipher suit as default option (#29378) * * prometheus fix variables fetching when customQueryParameters used #28907 (#28949) * Chore: Removes observableTester (#29369) * Chore: Adds e2e tests for Variables (#29341) * Fix gosec finding of unhandled errors (#29398) * Getting started with Grafana and MS SQL (#29401) * Arrow: cast timestams to Number (#29402) * Docs: Add Cloud content links (#29317) * PanelEditor: allow access to the eventBus from panel options (#29327) * GraphNG: support x != time in library (#29353) * removes unused golint file (#29391) * prefer server cipher suites (#29379) * Panels/DashList: Fix order of recent dashboards (#29366) * Core: Move SplitPane layout from PanelEdit. (#29266) * Drone: Upgrade build pipeline tool (#29365) * Update yarn.lock to use latest rc-util (#29313) * Variables: Adds description field (#29332) * Chore: Update latest.json (#29351) * Drone: Upload artifacts for release branch builds (#29297) * Docs: fixing link issues in auto generated frontend docs. (#29326) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) * Devenv: adding default credentials for influxdb (#29344) * Drone: Check CUE dashboard schemas (#29334) * Backend: fix IPv6 address parsing erroneous (#28585) * dashboard-schemas cue 3.0.0 compatible (#29352) * Update documentation-style-guide.md (#29354) * Docs: Update requirements.md (#29350) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29347) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29338) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) * Add an option to hide certain users in the UI (#28942) * Guardian: Rewrite tests from goconvey (#29292) * Docs: Fix editor role and alert notification channel description (#29301) * Docs: Improve custom Docker image instructions (#29263) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 * Chore: Bump storybook to v6 (#28926) * ReleaseNotes: Updates release notes link in package.json (master) (#29329) * Docs: Accurately reflecting available variables (#29302) * Heatmap: Fixes issue introduced by new eventbus (#29322) * Dashboard Schemas (#28793) * devenv: Add docker load test which authenticates with API key (#28905) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) * InfluxDB: update flux library and support boolean label values (#29310) * Explore/Logs: Update Parsed fields to Detected fields (#28881) * GraphNG: Init refactorings and fixes (#29275) * fixing a broken relref link (#29312) * Drone: Upgrade build pipeline tool (#29308) * decreasing frontend docs threshold. (#29304) * Docker: update docker root group docs and docker image (#29222) * WebhookNotifier: Convert tests away from goconvey (#29291) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) * [graph-ng] add temporal DataFrame alignment/outerJoin & move null-asZero pass inside (#29250) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) * make it possible to hide change password link in profile menu (#29246) * Theme: Add missing color type (#29265) * Chore: Allow reducerTester to work with every data type & payload-less actions (#29241) * Explore/Prometheus: Update default query type option to "Both" (#28935) * Loki/Explore: Add query type selector (#28817) * Variables: New Variables are stored immediately (#29178) * reduce severity level to warning (#28939) * Units: Changes FLOP/s to FLOPS and some other rates per second units get /s suffix (#28825) * Docs: Remove duplicate "Transformations overview" topics from the TOC (#29247) * Docs: Fixed broken relrefs and chanfed TOC entry name from Alerting to Alerts. (#29251) * Docs: Remove duplicate Panel overview topic. (#29248) * Increase search limit on team add user and improve placeholder (#29258) * Fix warnings for conflicting style rules (#29249) * Make backwards compatible (#29212) * Minor cosmetic markdown tweaks in docs/cloudwatch.md (#29238) * Getting Started: Updated index topic, removed "what-is-grafana", and adjusted weight o??? (#29216) * BarGauge: Fix story for BarGauge, caused knobs to show for other stories (#29232) * Update glossary to add hyperlinks to Explore and Transformation entries (#29217) * Chore: Enable errorlint linter (#29227) * TimeRegions: Fixed issue with time regions and tresholds due to angular js upgrade (#29229) * CloudWatch: Support request cancellation properly (#28865) * CloudMonitoring: Support request cancellation properly (#28847) * Chore: Handle wrapped errors (#29223) * Expressions: Move GEL into core as expressions (#29072) * Chore: remove compress:release grunt task (#29225) * Refactor/Explore: Inline datasource actions into initialisation (#28953) * Fix README typo (#29219) * Grafana UI: Card API refactor (#29034) * Plugins: Changed alertlist alert url to view instead of edit (#29060) * React: Upgrading react to v17, wip (#29057) * Gauge: Tweaks short value auto-sizing (#29197) * BackendSrv: support binary responseType like $http did (#29004) * GraphNG: update the options config (#28917) * Backend: Fix build (#29206) * Permissions: Validate against Team/User permission role update (#29101) * ESlint: React fixes part 1 (#29062) * Tests: Adds expects for observables (#28929) * Variables: Adds new Api that allows proper QueryEditors for Query variables (#28217) * Introduce eslint-plugin-react (#29053) * Automation: Adds GitHub release action (#29194) * Refactor declarative series configuration to a config builder (#29106) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29189) * Panels: fix positioning of the header title (#29167) * trace user login and datasource name instead of id (#29183) * playlist: Improve test (#29120) * Drone: Fix publish-packages invocation (#29179) * Table: Fix incorrect condtition for rendering table filter (#29165) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29169) * CloudWatch: added HTTP API Gateway specific metrics and dimensions (#28780) * Release: Adding release notes for 7.3.3 (#29168) * SQL: Define primary key for tables without it (#22255) * changed link format from MD to HTML (#29163) * Backend: Rename variables for style conformance (#29097) * Docs: Fixes what'new menu and creates index page, adds first draft of release notes to docs (#29158) * Drone: Upgrade build pipeline tool and build image (#29161) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#29160) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29159) * Chore: Upgrade Go etc in build images (#29157) * Chore: Remove unused Go code (#28852) * API: Rewrite tests from goconvey (#29091) * Chore: Fix linting issues caught by ruleguard (#28799) * Fix panic when using complex dynamic URLs in app plugin routes (#27977) * Snapshots: Fixes so that dashboard snapshots show data when using Stat, Gauge, BarGauge or Table panels (#29031) * Fix authomation text: remove hyphen (#29149) * respect fronted-logging.enabled flag (#29107) * build paths in an os independent way (#29143) * Provisioning: always pin app to the sidebar when enabled (#29084) * Automation: Adds new changelog actions (#29142) * Chore: Rewrite preferences test from GoConvey to stdlib and testify (#29129) * Chore: Upgrade Go dev tools (#29124) * Automation: Adding version bump action * DataFrames: add utility function to check if structure has changed (#29006) * Drone: Fix Drone config verification for enterprise on Windows (#29118) * Chore: Require OrgId to be specified in delete playlist command (#29117) * Plugin proxy: Handle URL parsing errors (#29093) * Drone: Verify Drone config at beginning of pipelines (#29071) * Legend/GraphNG: Refactoring legend types and options (#29067) * Doc: Update documentation-style-guide.md (#29082) * Chore: Bumps types for jest (#29098) * LogsPanel: Fix scrolling in dashboards (#28974) * sort alphabetically unique labels, labels and parsed fields (#29030) * Data source proxy: Convert 401 from data source to 400 (#28962) * Plugins: Implement testDatasource for Jaeger (#28916) * Update react-testing-library (#29061) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) * StatPanel: Fixes hanging issue when all values are zero (#29077) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) * Chore: Convert API tests to standard Go lib (#29009) * Update README.md (#29075) * Update CODEOWNERS (#28906) * Enhance automation text for missing information (#29052) * GraphNG: Adding ticks test dashboard and improves tick spacing (#29044) * Chore: Migrate Dashboard List panel to React (#28607) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) * Plugins: Bring back coreplugin package (#29064) * Add 'EventBusName' dimension to CloudWatch 'AWS/Events' namespace (#28402) * CloudWatch: Add support for AWS/ClientVPN metrics and dimensions (#29055) * AlertingNG: manage and evaluate alert definitions via the API (#28377) * Fix linting issues (#28811) * Logging: Log frontend errors (#28073) * Fix for multi-value template variable for project selector (#29042) * Chore: Rewrite test helpers from GoConvey to stdlib (#28919) * GraphNG: Fixed axis measurements (#29036) * Fix links to logql docs (#29037) * latest 7.3.2 (#29041) * Elasticsearch: Add Moving Function Pipeline Aggregation (#28131) * changelog 7.3.2 (#29038) * MutableDataFrame: Remove unique field name constraint and values field index and unused/seldom used stuff (#27573) * Fix prometheus docs related to query variable (#29027) * Explore: support ANSI colors in live logs (#28895) * Docs: Add documentation about log levels (#28975) * Dashboard: remove usage of Legacyforms (#28707) * Docs: Troubleshoot starting docker containers on Mac (#28754) * Elasticsearch: interpolate variables in Filters Bucket Aggregation (#28969) * Chore: Bump build pipeline version (#29023) * Annotations: Fixes error when trying to create annotation when dashboard is unsaved (#29013) * TraceViewer: Make sure it does not break when no trace is passed (#28909) * Thresholds: Fixes color assigned to null values (#29010) * Backend: Remove unused code (#28933) * Fix documentation (#28998) * Tracing: Add setting for sampling server (#29011) * Logs Panel: Fix inconsistent higlighting (#28971) * MySQL: Update README.md (#29003) * IntervalVariable: Fix variable tooltip (#28988) * StatPanels: Fixes auto min max when latest value is zero (#28982) * Chore: Fix SQL related Go variable naming (#28887) * MSSQL: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#28809) * Variables: Fixes loading with a custom all value in url (#28958) * Backend: Adds route for well-known change password URL (#28788) * docs: fix repeated dashboards link (#29002) * LogsPanel: Don't show scroll bars when not needed (#28972) * Drone: Fix docs building (#28986) * StatPanel: Fixed center of values in edge case scenarios (#28968) * Update getting-started-prometheus.md (#28502) * Docs: fix relref (#28977) * Docs: Minor docs update * Docs: Another workflow docs update * Docs: Workflow minor edit * Docs: Another minor edit * Docs: Update PR workflow docs * Docs: Update bot docs * StatPanels: set default to last (#28617) * Tracing: log traceID in request logger (#28952) * start tracking usage stats for tempo (#28948) * Docs: Update bot docs * GrafanaBot: Update labels and commands and adds docs (#28950) * Docs: updates for file-based menu (#28500) * Grot: Added command/label to close feature requests with standard message (#28937) * GraphNG: Restore focus option (#28946) * Docs: Fix links (#28945) * Short URL: Cleanup unvisited/stale short URLs (#28867) * GraphNG: Using new VizLayout, moving Legend into GraphNG and some other refactorings (#28913) * CloudWatch Logs: Change what we use to measure progress (#28912) * Chore: use jest without grunt (#28558) * Chore: Split Explore redux code into multiple sections (#28819) * TestData: Fix issue with numeric inputs in TestData query editor (#28936) * setting: Fix tests on Mac (#28886) * Plugins signing: Fix docs urls (#28930) * Field color: handling color changes when switching panel types (#28875) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) * CodeEditor: added support for javascript language (#28818) * Update CHANGELOG.md (#28928) * Plugins: allow override when allowing unsigned plugins (#28901) * Chore: Fix spelling issue (#28904) * Grafana-UI: LoadingPlaceholder docs (#28874) * Gauge: making sure threshold panel json is correct before render (#28898) * Chore: Rewrite test in GoConvey to stdlib and testify (#28918) * Update documentation-style-guide.md (#28908) * Adding terms to glossary (#28884) * Devenv: Fix Prometheus basic auth proxy (#28889) * API: replace SendLoginLogCommand with LoginHook (#28777) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) * Loki: Correct grammar in DerivedFields.tsx (#28885) * Docs: Update list of Enterprise plugins (#28882) * Live: update centrifuge and the ChannelHandler api (#28843) * Update share-panel.md (#28880) * CRLF (#28822) * PanelHeader: show streaming indicator (and allow unsubscribe) (#28682) * Docs: Plugin signing docs (#28671) * Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Elasticsearch: Filter pipeline aggregations from order by options (#28620) * Variables: added __user.email to global variable (#28853) * Fix titles case and add missing punctuation marks (#28713) * VizLayout: Simple viz layout component for legend placement and scaling (#28820) * Chore: Fix staticcheck issues (#28860) * Chore: Fix staticcheck issues (#28854) * Disable selecting enterprise plugins with no license (#28758) * Tempo: fix test data source (#28836) * Prometheus: fix missing labels from value (#28842) * Chore: Fix issues found by staticcheck (#28802) * Chore: Remove dead code (#28664) * Units: added support to handle negative fractional numbers. (#28849) * Variables: Adds variables inspection (#25214) * Marked: Upgrade and always sanitize by default (#28796) * Currency: add Philippine peso currency (PHP) (#28823) * Alert: Remove z-index on Alert component so that it does not overlay ontop of other content (#28834) * increase blob column size for encrypted dashboard data (#28831) * Gauge: Improve font size auto sizing (#28797) * grafana/toolkit: allow builds with lint warnings (#28810) * core and grafana/toolkit: Use latest version of grafana-eslint-conifg (#28816) * Icon: Replace font awesome icons where possible (#28757) * Remove homelinks panel (#28808) * StatPanels: Add new calculation option for percentage difference (#26369) * Dashboard: Add Datetime local (No date if today) option in panel axes' units (#28011) * Variables: Adds named capture groups to variable regex (#28625) * Panel inspect: Interpolate variables in panel inspect title (#28779) * grafana/toolkit: Drop console and debugger statements by default when building plugin with toolkit (#28776) * Variables: Fixes URL values for dependent variables (#28798) * Graph: Fixes event emit function error (#28795) * Adds storybook integrity check to drone config (#28785) * Live: improve broadcast semantics and avoid double posting (#28765) * Events: Remove unused or unnecessary events (#28783) * Docs: added code comments to frontend packages. (#28784) * Plugin Dockerfiles: Upgrade Go, golangci-lint, gcloud SDK (#28767) * Dependencies: Update angularjs to 1.8.2 (#28736) * EventBus: Introduces new event bus with emitter backward compatible interface (#27564) * ColorSchemes: Add new color scheme (#28719) * Docs: Add NGINX example for using websockets to Loki (#27998) * Docs: Made usage of config/configuration consistent #19270 (#28167) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) * Drone: Upgrade build pipeline tool (#28769) * devenv: Upgrade MSSQL Docker image (#28749) * Docs: Add docs for InfoBox component (#28705) * Reoeragnization. (#28760) * gtime: Add ParseDuration function (#28525) * Explore: Remove redundant decodeURI and fix urls (#28697) * Dashboard: fix view panel mode for Safari / iOS (#28702) * Provisioning: Fixed problem with getting started panel being added to custom home dashboard (#28750) * LoginPage: Removed auto-capitalization from the login form (#28716) * Plugin page: Fix dom validation warning (#28737) * Migration: Remove LegacyForms from dashboard folder permissions (#28564) * Dependencies: Remove unused dependency (#28711) * AlertRuleList: Add keys to alert rule items (#28735) * Chore: Pin nginx base image in nginx proxy Dockerfiles (#28730) * Drone: Upgrade build-pipeline tool (#28728) * TableFilters: Fixes filtering with field overrides (#28690) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) * Fix typo in unsigned plugin warning (#28709) * Chore: Convert sqlstore annotation test from GoConvey to testify (#28715) * updates from https://github.com/grafana/grafana/pull/28679 (#28708) * Chore: Add some scenario tests for Explore (#28534) * Update latest version to 7.3.1 (#28701) * Changelog update - 7.3.1 (#28699) * Drone: Don't build on Windows for PRs (#28663) * Build: changing docs docker image to prevent setting up frontend devenv. (#28670) * Prometheus: Fix copy paste behaving as cut and paste (#28622) * Loki: Fix error when some queries return zero results (#28645) * Chore: allow higher nodejs version than 12 (#28624) * TextPanel: Fixes problems where text panel would show old content (#28643) * PanelMenu: Fixes panel submenu not being accessible for panels close to the right edge of the screen (#28666) * Cloudwatch: Fix duplicate metric data (#28642) * Add info about CSV download for Excel in What's new article (#28661) * Docs: Describe pipeline aggregation changes in v7.3 (#28660) * Plugins: Fix descendent frontend plugin signature validation (#28638) * Docker: use root group in the custom Dockerfile (#28639) * Bump rxjs to 6.6.3 (#28657) * StatPanel: Fixed value being under graph and reduced likley hood for white and dark value text mixing (#28641) * Table: Fix image cell mode so that it works with value mappings (#28644) * Build: support custom build tags (#28609) * Plugin signing: Fix copy on signed plugin notice (#28633) * Dashboard: Fix navigation from one SoloPanelPage to another one (#28578) * CloudWatch: Improve method name, performance optimization (#28632) * Developer guide: Update wrt. Windows (#28559) * Docs: Update graph panel for tabs (#28552) * update latest.json (#28603) * Docs: data source insights (#28542) * Field config API: add slider editor (#28007) * changelog: update for 7.3.0 (#28602) * Update uPlot to 1.2.2 and align timestamps config with new uPLot API (#28569) * Live: updated the reference to use lazy loaded Monaco in code editor. (#28597) * Dashboard: Allow add panel for viewers_can_edit (#28570) * Docs: Data source provisioning and sigV4 (#28593) * Docs: Additional 7.3 upgrade notes (#28592) * CI: Add GCC to Windows Docker image (#28562) * CloudWatch Logs queue and websocket support (#28176) * Explore/Loki: Update docs and cheatsheet (#28541) * Grafana-UI: Add Card component (#28216) * AddDatasource: Improve plugin categories (#28584) * StatPanel: Fixes BizChart error max: yyy should not be less than min zzz (#28587) * docs: a few tweaks for clarity and readability (#28579) * API: Reducing some api docs errors (#28575) * Grafana-UI: ContextMenu docs (#28508) * Short URL: Update last seen at when visiting a short URL (#28565) * Fix backend build on Windows (#28557) * add value prop (#28561) * Plugin signing: UI information (#28469) * Use fetch API in InfluxDB data source (#28555) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) * Docs: Update generic-oauth.md (#28517) * GCS image uploader: Add tests (#28521) * Move metrics collector queries to config (#28549) * Plugins: Fix plugin URL paths on Windows (#28548) * API: add login username in SendLoginLogCommand (#28544) * AzureMonitor: Support decimal (as float64) type in analytics/logs (#28480) * Auth: Fix SigV4 request verification step for Amazon Elasticsearch Service (#28481) * Grafana/ui: auto focus threshold editor input (#28360) * Docs: SigV4 What's New and AWS Elasticsearch documentation (#28506) * Drone: Upgrade build pipeline tool (#28533) * Drone: Refactor version branch pipeline logic (#28531) * Drone: Upgrade build-pipeline tool (#28520) * Docs: Update field color scheme docs and 7.3 what's new (#28496) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) * Currency: Adds Indonesian IDR currency (#28363) * Chore: Fix flaky sqlstore annotation test (#28527) * Checkbox: Fix component sample typo (#28518) * Image uploader: Fix uploading of images to GCS (#26493) * OAuth: Support Forward OAuth Identity for backend data source plugins (#27055) * Updated documentation style guide (#28488) * Cloud Monitoring: Fix help section for aliases (#28499) * Docs: what's new in enterprise 7.3 (#28472) * Plugins: Track plugin signing errors and expose them to the frontend (#28219) * Elasticsearch: Fix handling of errors when testing data source (#28498) * Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158) * Drone: Don't build Windows installer for version branches (#28494) * Docs: Grafana Enterprise auditing feature (#28356) * Drone: Add version branch pipeline (#28490) * Getting Started section rehaul (#28090) * Docs: Add survey content (#28446) * Docs: Update prometheus.md (#28483) * Docs: Add view settings and view stats (#28155) * Remove entry from 7.3.0-beta2 Changelog (#28478) * Circle: Remove release pipeline (#28474) * Update latest.json (#28476) * Switch default version to Graphite 1.1 (#28471) * Plugin page: update readme icon (#28465) * Chore: Update changelog (#28473) * Explore: parse time range fix (#28467) * Alerting: Log alert warnings for obsolete notifiers when extracting alerts and remove spammy error (#28162) * Shorten url: Unification across Explore and Dashboards (#28434) * Explore: Support wide data frames (#28393) * Docs: updated cmd to build docs locally to generate docs prior to building site. (#28371) * Live: support real time measurements (alpha) (#28022) * CloudWatch/Athena - valid metrics and dimensions. (#28436) * Chore: Use net.JoinHostPort (#28421) * Chore: Upgrade grafana-eslint to latest (#28444) * Fix cut off icon (#28442) * Docs: Add shared (#28411) * Loki: Visually distinguish error logs for LogQL2 (#28359) * Database; Remove database metric feature flag and update changelog (#28438) * TestData: multiple arrow requests should return multiple frames (#28417) * Docs: Test survey code (#28437) * Docs: improved github action that syncs docs to website (#28277) * update latest.json with latest stable version (#28433) * 7.2.2 changelog update (#28406) * plugins: Don't exit on duplicate plugin (#28390) * API: Query database from /api/health endpoint (#28349) * Chore: Fix conversion of a 64-bit integer to a lower bit size type uint (#28425) * Prometheus: fix parsing of infinite sample values (#28287) (#28288) * Chore: Rewrite some tests to use testify (#28420) * Plugins: do not remount app plugin on nav change (#28105) * App Plugins: Add backend support (#28272) * Chore: react hooks eslint fixes in grafana-ui (#28026) * ci-e2e: Add Git (#28410) * TestData: Remove useEffect that triggeres query on component load (#28321) * FieldColor: Remove inverted color scheme (#28408) * Chore: Set timezone for tests to non utc. (#28405) * Chore: fix jsdoc desc and return (#28383) * Docs: Fixing v51 link (#28396) * fixes windows crlf warning (#28346) * Grafana/ui: pass html attributes to segment (#28316) * Alerting: Return proper status code when trying to create alert notification channel with duplicate name or uid (#28043) * OAuth: Able to skip auto login (#28357) * CloudWatch: Fix custom metrics (#28391) * Docs: Adds basic frontend data request concepts (#28253) * Instrumentation: Add histogram for request duration (#28364) * remove status label from histogram (#28387) * OAuth: configurable user name attribute (#28286) * Component/NewsPanel: Add rel="noopener" to NewsPanel links (#28379) * Webpack: Split out unicons and bizcharts (#28374) * Explore: Fix date formatting in url for trace logs link (#28381) * Docs: Add activate-license (#28156) * Instrumentation: Add counters and histograms for database queries (#28236) * Docs: Make tables formatting more consistent (#28164) * CloudWatch: Adding support for additional Amazon CloudFront metrics (#28378) * Add unique ids to query editor fields (#28376) * Plugins: Compose filesystem paths with filepath.Join (#28375) * Explore: Minor tweaks to exemplars marble (#28366) * Instrumentation: Adds environment_info metric (#28355) * AzureMonitor: Fix capitalization of NetApp 'volumes' namespace (#28369) * ColorSchemes: Adds more color schemes and text colors that depend on the background (#28305) * Automation: Update backport github action trigger (#28352) * Dashboard links: Places drop down list so it's always visible (#28330) * Docs: Add missing records from grafana-ui 7.2.1 CHANGELOG (#28302) * Templating: Replace all '$tag' in tag values query (#28343) * Docs: Add docs for valuepicker (#28327) * Git: Create .gitattributes for windows line endings (#28340) * Update auth-proxy.md (#28339) * area/grafana/toolkit: update e2e docker image (#28335) * AlertingNG: remove warn/crit from eval prototype (#28334) * Automation: Tweaks to more info message (#28332) * Loki: Run instant query only when doing metric query (#28325) * SAML: IdP-initiated SSO docs (#28280) * IssueTriage: Needs more info automation and messages (#28137) * GraphNG: Use AxisSide enum (#28320) * BackendSrv: Fixes queue countdown when unsubscribe is before response (#28323) * Automation: Add backport github action (#28318) * Build(deps): Bump http-proxy from 1.18.0 to 1.18.1 (#27507) * Bump handlebars from 4.4.3 to 4.7.6 (#27416) * Bump tree-kill from 1.2.1 to 1.2.2 (#27405) * Loki: Base maxDataPoints limits on query type (#28298) * Explore: respect min_refresh_interval (#27988) * Drone: Use ${DRONE_TAG} in release pipelines, since it should work (#28299) * Graph NG: fix toggling queries and extract Graph component from graph3 panel (#28290) * fix: for graph size not taking up full height or width * should only ignore the file in the grafana mixin root folder (#28306) * Drone: Fix grafana-mixin linting (#28308) * SQLStore: Run tests as integration tests (#28265) * Chore: Add cloud-middleware as code owners (#28310) * API: Fix short URLs (#28300) * CloudWatch: Add EC2CapacityReservations Namespace (#28309) * Jaeger: timeline collapser to show icons (#28284) * update latest.json with latest beta version (#28293) * Update changelog (#28292) * Docs : - Added period (#28260) * Add monitoring mixing for Grafana (#28285) * Chore: Update package.json (#28291) * Drone: Fix enterprise release pipeline (#28289) * Alerting: Append appSubUrl to back button on channel form (#28282) - Rework package Makefile & README now that Grunt is gone - Update to version 7.3.6: * fixes for saml vulnerability * [v7.3.x] Fix: Correct panel edit uistate migration (#29413) (#29711) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) (#29726) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) (#29723) * "Release: Updated versions in package to 7.3.5" (#29710) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) (#29709) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) (#29708) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) (#29707) * [v7.3.x] Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29705) * Alerting: Use correct time series name override from frame fields (#29693) (#29698) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) (#29687) * Adds go dep used by an Enterprise feature. (#29645) (#29690) * instrumentation: align label name with our other projects (#29514) (#29685) * Instrumentation: Add examplars for request histograms (#29357) (#29682) * Login: Fixes typo in tooltip (#29604) (#29606) * fixes bug with invalid handler name for metrics (#29529) (#29532) * AzureMonitor: Unit MilliSeconds naming (#29399) (#29526) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) (#29527) * Bug: trace viewer doesn't show more than 300 spans (#29377) (#29504) * Prometheus: don't override displayName property (#29441) (#29488) * resolve conflicts (#29415) * Drone: Upgrade build pipeline tool (#29365) (#29368) * Drone: Upload artifacts for release branch builds (#29297) (#29364) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) (#29363) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) (#29343) * Docs: Fix editor role and alert notification channel description (#29301) (#29337) * "Release: Updated versions in package to 7.3.4" (#29336) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 (#29335) * Backport of InfluxDB: update flux library and support boolean label values #29333 * ReleaseNotes: Update link in package.json (#29328) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) (#29323) * Drone: Upgrade build pipeline tool (#29308) (#29309) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) (#29285) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) (#29278) * Increase search limit on team add user and improve placeholder (#29258) (#29261) * Drone: Sync with master (#29205) * Drone: Fix publish-packages invocation (#29179) (#29184) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) (#29180) * Table: Fix incorrect condtition for rendering table filter (#29165) (#29181) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) (#29177) * Drone: Upgrade build pipeline tool and build image (#29161) (#29162) * Release: Updated versions in package to 7.3.3 (#29126) * git cherry-pick -x 0f3bebb38daa488e108881ce17d4f68167a834e6 (#29155) * Build: support custom build tags (#28609) (#29128) * Revert "Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088)" (#29151) * Provisioning: always pin app to the sidebar when enabled (#29084) (#29146) * build paths in an os independent way (#29143) (#29147) * Chore: Upgrade Go dev tools (#29124) (#29132) * Automatin: set node version * Automation: Adding version bump action * Drone: Fix Drone config verification for enterprise on Windows (#29118) (#29119) * [v7.3.x] Drone: Verify Drone config at beginning of pipelines (#29111) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) (#29068) * [v7.3.x] StatPanel: Fixes hanging issue when all values are zero (#29087) * Data source proxy: Convert 401 from data source to 400 (#28962) (#29095) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) (#29086) * Fix for multi-value template variable for project selector (#29042) (#29054) * Thresholds: Fixes color assigned to null values (#29010) (#29018) * [v7.3.x] Chore: Bump build pipeline version (#29025) * Release v7.3.2 (#29024) * Fix conflict (#29020) * StatPanels: Fixes auto min max when latest value is zero (#28982) (#29007) * Tracing: Add setting for sampling server (#29011) (#29015) * Gauge: making sure threshold panel json is correct before render (#28898) (#28984) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) (#28985) * Explore: Remove redundant decodeURI and fix urls (#28697) (#28963) * [v7.3.x] Drone: Fix docs building (#28987) * Alerting: Append appSubUrl to back button on channel form (#28282) (#28983) * Plugins: allow override when allowing unsigned plugins (#28901) (#28927) * CloudWatch Logs: Change what we use to measure progress (#28912) (#28964) * Tracing: log traceID in request logger (#28952) (#28959) * Panel inspect: Interpolate variables in panel inspect title (#28779) (#28801) * UsageStats: start tracking usage stats for tempo (#28948) (#28951) * Short URL: Cleanup unvisited/stale short URLs (#28867) (#28944) * Plugins signing: Fix docs urls (#28930) (#28934) * Chore: Fix spelling issue (#28904) (#28925) * API: replace SendLoginLogCommand with LoginHook (#28777) (#28891) * Elasticsearch: Exclude pipeline aggregations from order by options (#28620) (#28873) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) (#28890) * Disable selecting enterprise plugins with no license (#28758) (#28859) * Tempo: fix test data source (#28836) (#28856) * Prometheus: fix missing labels from value (#28842) (#28855) * Units: added support to handle negative fractional numbers. (#28849) (#28851) * increase blob column size for encrypted dashboard data (#28831) (#28832) * Gauge: Improve font size auto sizing (#28797) (#28828) * Variables: Fixes URL values for dependent variables (#28798) (#28800) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) (#28774) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) (#28704) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) (#28775) * Plugin page: Fix dom validation warning (#28737) (#28741) * Dashboard: fix view panel mode for Safari / iOS (#28702) (#28755) * Fix typo in unsigned plugin warning (#28709) (#28722) * TableFilters: Fixes filtering with field overrides (#28690) (#28727) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) (#28726) * Prometheus: Fix copy paste behaving as cut and paste (#28622) (#28691) mgr-daemon: - Update the translations from weblate rhnlib: - Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959) spacecmd: - Update translation strings - Add group_addconfigchannel and group_removeconfigchannel - Add group_listconfigchannels and configchannel_listgroups - Handle SIGPIPE without user-visible Exception (bsc#1181124) - Fix spacecmd compat with Python 3 spacewalk-client-tools: - Update the translations from weblate suseRegisterInfo: - Add support for Amazon Linux 2 - Add support for Alibaba Cloud Linux 2 zypp-plugin-spacewalk: - Support for "allow vendor change" for patching/upgrading Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-1510=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.1.2-4.9.1 golang-github-prometheus-prometheus-2.22.1-4.15.1 grafana-7.4.2-4.12.1 - SUSE Manager Tools 12-BETA (noarch): mgr-daemon-4.2.6-4.9.1 python2-rhnlib-4.2.3-24.15.1 python2-spacewalk-check-4.2.9-55.27.1 python2-spacewalk-client-setup-4.2.9-55.27.1 python2-spacewalk-client-tools-4.2.9-55.27.1 python2-suseRegisterInfo-4.2.3-28.12.1 python2-zypp-plugin-spacewalk-1.0.9-33.12.1 spacecmd-4.2.7-41.21.1 spacewalk-check-4.2.9-55.27.1 spacewalk-client-setup-4.2.9-55.27.1 spacewalk-client-tools-4.2.9-55.27.1 suseRegisterInfo-4.2.3-28.12.1 zypp-plugin-spacewalk-1.0.9-33.12.1 References: https://bugzilla.suse.com/1151558 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1183959 From sle-updates at lists.suse.com Wed May 5 16:22:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:22:15 +0200 (CEST) Subject: SUSE-RU-2021:1505-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20210505162215.950C3FF53@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1505-1 Rating: moderate References: #1177474 #1179831 #1181124 #1181368 #1182281 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) spacecmd: - Update translation strings - Add group_addconfigchannel and group_removeconfigchannel - Add group_listconfigchannels and configchannel_listgroups - Handle SIGPIPE without user-visible Exception (bsc#1181124) - Fix spacecmd compat with Python 3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-BETA-x86_64-2021-1505=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA (all): salt-common-3000+ds-1+2.12.1 salt-minion-3000+ds-1+2.12.1 scap-security-guide-debian-0.1.54-2.3.1 spacecmd-4.2.7-2.12.1 References: https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1179831 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181368 https://bugzilla.suse.com/1182281 From sle-updates at lists.suse.com Wed May 5 16:23:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:23:42 +0200 (CEST) Subject: SUSE-RU-2021:1514-1: moderate: Recommended update for branding-SLE Message-ID: <20210505162342.09203FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1514-1 Rating: moderate References: #1183594 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for branding-SLE fixes the following issues: - Replace the initrd update with generic macros to fix an issue after kernel updates. (bsc#1183594) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1514=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1514=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gdm-branding-SLE-15-20.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): branding-SLE-15-20.6.1 grub2-branding-SLE-15-20.6.1 plymouth-branding-SLE-15-20.6.1 wallpaper-branding-SLE-15-20.6.1 References: https://bugzilla.suse.com/1183594 From sle-updates at lists.suse.com Wed May 5 16:24:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:24:47 +0200 (CEST) Subject: SUSE-RU-2021:14718-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20210505162447.24106FF53@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14718-1 Rating: moderate References: #1177474 #1179831 #1181124 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Improvements on "ansiblegate" module: * New methods: ansible.targets / ansible.discover_playbooks * General bugfixes - Regression fix of salt-ssh on processing some targets - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Update target fix for salt-ssh to process targets list (bsc#1179831) - Add notify beacon for Debian/Ubuntu systems - Add core grains support for AlmaLinux and Alibaba Could Linux - Allow vendor change option with zypper - Virt.network_update: handle missing ipv4 netmask attribute - Set distro requirement to oldest supported version in requirements/base.txt - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) - Don't require python3-certifi spacecmd: - Update translation strings - Add group_addconfigchannel and group_removeconfigchannel - Add group_listconfigchannels and configchannel_listgroups - Handle SIGPIPE without user-visible Exception (bsc#1181124) - Fix spacecmd compat with Python 3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu184ct-client-tools-beta-202104-14718=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (all): salt-common-3002.2+ds-1+27.37.1 salt-minion-3002.2+ds-1+27.37.1 scap-security-guide-ubuntu-0.1.54-2.3.1 spacecmd-4.2.7-2.21.1 References: https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1179831 https://bugzilla.suse.com/1181124 From sle-updates at lists.suse.com Wed May 5 16:27:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:27:35 +0200 (CEST) Subject: SUSE-RU-2021:14721-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20210505162735.E53AAFF53@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14721-1 Rating: moderate References: #1131670 #1178072 #1181124 #1181474 #1183959 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-wrouesnel-postgres_exporter: - Add support for `aarch64` mgr-daemon: - Update the translations from weblate rhnlib: - Require missing `python-backports.ssl_match_hostname` on SUSE Linux Enterprise 11 (bsc#1183959) spacecmd: - Update translation strings - Add `group_addconfigchannel` and `group_removeconfigchannel` - Add `group_listconfigchannels` and `configchannel_listgroups` - Handle `SIGPIPE` without user-visible Exception (bsc#1181124) - Fix `spacecmd` compatibility with Python 3 spacewalk-client-tools: - Update the translations from weblate supportutils-plugin-salt: - Fix `yaml.load()` warnings and issues with Python versions (bsc#1178072, bsc#1181474) - Fix errors when collecting data for `salt-minion` (bsc#1131670) suseRegisterInfo: - Add support for Amazon Linux 2 - Add support for Alibaba Cloud Linux 2 zypp-plugin-spacewalk: - 1.0.9 - Support for "allow vendor change" for patching/upgrading Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA: zypper in -t patch slesctsp4-client-tools-beta-202104-14721=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA: zypper in -t patch slesctsp3-client-tools-beta-202104-14721=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (i586 ia64 ppc64 s390x x86_64): mgr-daemon-4.2.6-8.9.1 python2-rhnlib-4.2.3-15.15.1 python2-spacewalk-check-4.2.9-30.27.1 python2-spacewalk-client-setup-4.2.9-30.27.1 python2-spacewalk-client-tools-4.2.9-30.27.1 python2-suseRegisterInfo-4.2.3-9.12.1 python2-zypp-plugin-spacewalk-1.0.9-30.12.1 spacecmd-4.2.7-21.21.1 spacewalk-check-4.2.9-30.27.1 spacewalk-client-setup-4.2.9-30.27.1 spacewalk-client-tools-4.2.9-30.27.1 suseRegisterInfo-4.2.3-9.12.1 zypp-plugin-spacewalk-1.0.9-30.12.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (i586 x86_64): golang-github-wrouesnel-postgres_exporter-0.4.7-8.9.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (noarch): supportutils-plugin-salt-1.1.5-9.6.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (i586 ia64 ppc64 s390x x86_64): mgr-daemon-4.2.6-8.9.1 python2-rhnlib-4.2.3-15.15.1 python2-spacewalk-check-4.2.9-30.27.1 python2-spacewalk-client-setup-4.2.9-30.27.1 python2-spacewalk-client-tools-4.2.9-30.27.1 python2-suseRegisterInfo-4.2.3-9.12.1 python2-zypp-plugin-spacewalk-1.0.9-30.12.1 spacecmd-4.2.7-21.21.1 spacewalk-check-4.2.9-30.27.1 spacewalk-client-setup-4.2.9-30.27.1 spacewalk-client-tools-4.2.9-30.27.1 suseRegisterInfo-4.2.3-9.12.1 zypp-plugin-spacewalk-1.0.9-30.12.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (i586 x86_64): golang-github-wrouesnel-postgres_exporter-0.4.7-8.9.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (noarch): supportutils-plugin-salt-1.1.5-9.6.1 References: https://bugzilla.suse.com/1131670 https://bugzilla.suse.com/1178072 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181474 https://bugzilla.suse.com/1183959 From sle-updates at lists.suse.com Wed May 5 16:29:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:29:04 +0200 (CEST) Subject: SUSE-RU-2021:14719-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20210505162904.B4935FF53@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14719-1 Rating: moderate References: #1179831 #1181124 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Improvements on "ansiblegate" module: * New methods: ansible.targets / ansible.discover_playbooks * General bugfixes - Regression fix of salt-ssh on processing some targets - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Update target fix for salt-ssh to process targets list (bsc#1179831) - Add notify beacon for Debian/Ubuntu systems - Add core grains support for AlmaLinux and Alibaba Could Linux - Allow vendor change option with zypper spacecmd: - Update translation strings - Add group_addconfigchannel and group_removeconfigchannel - Add group_listconfigchannels and configchannel_listgroups - Handle SIGPIPE without user-visible Exception (bsc#1181124) - Fix spacecmd compat with Python 3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu204ct-client-tools-beta-202104-14719=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (amd64): libopenscap-dev-1.2.16-1build1~uyuni1 libopenscap-perl-1.2.16-1build1~uyuni1 libopenscap8-1.2.16-1build1~uyuni1 libopenscap8-dbg-1.2.16-1build1~uyuni1 python-openscap-1.2.16-1build1~uyuni1 - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (all): salt-common-3002.2+ds-1+2.22.1 salt-minion-3002.2+ds-1+2.22.1 scap-security-guide-ubuntu-0.1.54-2.3.1 spacecmd-4.2.7-2.15.1 References: https://bugzilla.suse.com/1179831 https://bugzilla.suse.com/1181124 From sle-updates at lists.suse.com Wed May 5 16:31:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:31:16 +0200 (CEST) Subject: SUSE-RU-2021:14717-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20210505163116.231D1FF53@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14717-1 Rating: moderate References: #1177474 #1179831 #1181124 #1181368 #1182281 Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) spacecmd: - Update translation strings - Add group_addconfigchannel and group_removeconfigchannel - Add group_listconfigchannels and configchannel_listgroups - Handle SIGPIPE without user-visible Exception (bsc#1181124) - Fix spacecmd compat with Python 3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu164ct-client-tools-beta-202104-14717=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA (all): salt-common-3000+ds-1+9.29.1 salt-minion-3000+ds-1+9.29.1 spacecmd-4.2.7-2.21.1 References: https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1179831 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181368 https://bugzilla.suse.com/1182281 From sle-updates at lists.suse.com Wed May 5 16:32:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 18:32:45 +0200 (CEST) Subject: SUSE-RU-2021:1513-1: moderate: Recommended update for subscription-matcher Message-ID: <20210505163245.2EF23FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for subscription-matcher ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1513-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for subscription-matcher fixes the following issue: - Relax `xstream` version requiring a version >= 1.4.15 with `xstream` <= 1.5 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-1513=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): subscription-matcher-0.26-3.9.1 References: From sle-updates at lists.suse.com Wed May 5 19:15:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 21:15:43 +0200 (CEST) Subject: SUSE-RU-2021:1519-1: moderate: Recommended update for mdadm Message-ID: <20210505191543.CA9D1FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1519-1 Rating: moderate References: #1181341 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issues: - Avoids a useless re-sync in cluster-md/mdadm (bsc#1181341) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1519=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mdadm-4.1-4.17.1 mdadm-debuginfo-4.1-4.17.1 mdadm-debugsource-4.1-4.17.1 References: https://bugzilla.suse.com/1181341 From sle-updates at lists.suse.com Wed May 5 19:16:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 21:16:48 +0200 (CEST) Subject: SUSE-OU-2021:1515-1: Optional update for grubby Message-ID: <20210505191648.54D06FF53@maintenance.suse.de> SUSE Optional Update: Optional update for grubby ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:1515-1 Rating: low References: #1185283 ECO-3364 PM-2498 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that has one optional fix and contains two features can now be installed. Description: This patch shipps grubby for the first time to the Public Cloud Module for SLE 15 SP2. It is optional to install. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1515=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): grubby-20200210.99d10a3-5.3.1 grubby-debuginfo-20200210.99d10a3-5.3.1 grubby-debugsource-20200210.99d10a3-5.3.1 References: https://bugzilla.suse.com/1185283 From sle-updates at lists.suse.com Wed May 5 19:17:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 21:17:51 +0200 (CEST) Subject: SUSE-RU-2021:1516-1: moderate: Recommended update for container-selinux Message-ID: <20210505191751.C442EFF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for container-selinux ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1516-1 Rating: moderate References: #1185030 Affected Products: SUSE MicroOS 5.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for container-selinux fixes the following issues: - Fixed the container runtime binary labels (bsc#1185030) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1516=1 Package List: - SUSE MicroOS 5.0 (noarch): container-selinux-2.145.0-3.3.1 References: https://bugzilla.suse.com/1185030 From sle-updates at lists.suse.com Wed May 5 19:18:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 21:18:54 +0200 (CEST) Subject: SUSE-RU-2021:1520-1: Recommended update for installation-images Message-ID: <20210505191854.25170FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for installation-images ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1520-1 Rating: low References: #1178688 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for installation-images fixes the following issues: - Rebuilt to include the latest patches for an issue in the system installation routine (bsc#1178688) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1520=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): tftpboot-installation-SLE-15-SP2-aarch64-14.477-3.13.1 tftpboot-installation-SLE-15-SP2-ppc64le-14.477-3.13.1 tftpboot-installation-SLE-15-SP2-s390x-14.477-3.13.1 tftpboot-installation-SLE-15-SP2-x86_64-14.477-3.13.1 References: https://bugzilla.suse.com/1178688 From sle-updates at lists.suse.com Wed May 5 19:19:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 21:19:59 +0200 (CEST) Subject: SUSE-RU-2021:1517-1: moderate: Recommended update for open-iscsi Message-ID: <20210505191959.3BDDBFF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1517-1 Rating: moderate References: #1179908 #1183421 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for open-iscsi fixes the following issues: - Enabled asynchronous logins for iscsi.service (bsc#1183421) - Fixed a login issue when target is delayed Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1517=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1517=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): iscsiuio-0.7.8.6-22.14.1 iscsiuio-debuginfo-0.7.8.6-22.14.1 libopeniscsiusr0_2_0-2.1.4-22.14.1 libopeniscsiusr0_2_0-debuginfo-2.1.4-22.14.1 open-iscsi-2.1.4-22.14.1 open-iscsi-debuginfo-2.1.4-22.14.1 open-iscsi-debugsource-2.1.4-22.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.6-22.14.1 iscsiuio-debuginfo-0.7.8.6-22.14.1 libopeniscsiusr0_2_0-2.1.4-22.14.1 libopeniscsiusr0_2_0-debuginfo-2.1.4-22.14.1 open-iscsi-2.1.4-22.14.1 open-iscsi-debuginfo-2.1.4-22.14.1 open-iscsi-debugsource-2.1.4-22.14.1 open-iscsi-devel-2.1.4-22.14.1 References: https://www.suse.com/security/cve/CVE-2020-13987.html https://www.suse.com/security/cve/CVE-2020-13988.html https://www.suse.com/security/cve/CVE-2020-17437.html https://www.suse.com/security/cve/CVE-2020-17438.html https://bugzilla.suse.com/1179908 https://bugzilla.suse.com/1183421 From sle-updates at lists.suse.com Wed May 5 19:21:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 21:21:12 +0200 (CEST) Subject: SUSE-RU-2021:1100-2: moderate: Recommended update for sapconf Message-ID: <20210505192112.5EEE2FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1100-2 Rating: moderate References: #1176061 #1179524 #1182314 #1182906 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: - Added sapconf_check and supportconfig plugin for sapconf - Added change log message for 'MIN_PERF_PCT' parameter to reduce the spot light (bsc#1179524) - Added an additional check to detect an active saptune service to improve log messages (bsc#1182314) - sapconf.service starts now automatically during package update, if tuned is running with sapconf as profile (bsc#1176061) - sapconf.service will now only be disabled if saptune is active (bsc#1182906) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1100=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1100=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1100=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1100=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1100=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1100=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1100=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1100=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1100=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1100=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1100=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1100=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1100=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): sapconf-5.0.2-7.15.1 - SUSE Manager Retail Branch Server 4.0 (noarch): sapconf-5.0.2-7.15.1 - SUSE Manager Proxy 4.0 (noarch): sapconf-5.0.2-7.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): sapconf-5.0.2-7.15.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): sapconf-5.0.2-7.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): sapconf-5.0.2-7.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): sapconf-5.0.2-7.15.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): sapconf-5.0.2-7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): sapconf-5.0.2-7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): sapconf-5.0.2-7.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): sapconf-5.0.2-7.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): sapconf-5.0.2-7.15.1 - SUSE Enterprise Storage 6 (noarch): sapconf-5.0.2-7.15.1 - SUSE CaaS Platform 4.0 (noarch): sapconf-5.0.2-7.15.1 References: https://bugzilla.suse.com/1176061 https://bugzilla.suse.com/1179524 https://bugzilla.suse.com/1182314 https://bugzilla.suse.com/1182906 From sle-updates at lists.suse.com Wed May 5 19:22:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 21:22:36 +0200 (CEST) Subject: SUSE-OU-2021:1518-1: Optional update for postgresql10 and postgresql12 Message-ID: <20210505192236.0CC23FF53@maintenance.suse.de> SUSE Optional Update: Optional update for postgresql10 and postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:1518-1 Rating: low References: #1179945 #1183118 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: This update for postgresql10 and postgresql12 does not fix any user visible issues for customers of SLE. It is therefore optional to install. The changes introduced with this package do only affect openSUSE and Tumbleweed. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1518=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-1518=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1518=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql10-contrib-10.16-8.32.1 postgresql10-contrib-debuginfo-10.16-8.32.1 postgresql10-debuginfo-10.16-8.32.1 postgresql10-debugsource-10.16-8.32.1 postgresql10-devel-10.16-8.32.1 postgresql10-devel-debuginfo-10.16-8.32.1 postgresql10-plperl-10.16-8.32.1 postgresql10-plperl-debuginfo-10.16-8.32.1 postgresql10-plpython-10.16-8.32.1 postgresql10-plpython-debuginfo-10.16-8.32.1 postgresql10-pltcl-10.16-8.32.1 postgresql10-pltcl-debuginfo-10.16-8.32.1 postgresql10-server-10.16-8.32.1 postgresql10-server-debuginfo-10.16-8.32.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql10-docs-10.16-8.32.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql10-10.16-8.32.1 postgresql10-contrib-10.16-8.32.1 postgresql10-contrib-debuginfo-10.16-8.32.1 postgresql10-debuginfo-10.16-8.32.1 postgresql10-debugsource-10.16-8.32.1 postgresql10-devel-10.16-8.32.1 postgresql10-devel-debuginfo-10.16-8.32.1 postgresql10-plperl-10.16-8.32.1 postgresql10-plperl-debuginfo-10.16-8.32.1 postgresql10-plpython-10.16-8.32.1 postgresql10-plpython-debuginfo-10.16-8.32.1 postgresql10-pltcl-10.16-8.32.1 postgresql10-pltcl-debuginfo-10.16-8.32.1 postgresql10-server-10.16-8.32.1 postgresql10-server-debuginfo-10.16-8.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql10-10.16-8.32.1 postgresql10-debuginfo-10.16-8.32.1 postgresql10-debugsource-10.16-8.32.1 References: https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1183118 From sle-updates at lists.suse.com Wed May 5 19:23:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 21:23:46 +0200 (CEST) Subject: SUSE-RU-2021:1522-1: important: Recommended update for drbd Message-ID: <20210505192346.05736FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1522-1 Rating: important References: #1154084 #1174783 #1178388 #1178501 #1182570 #1183970 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for drbd fixes the following issue: - Disconnect when invalid dual primaries (bsc#1183970). - Build error with -Wreturn-type (bsc#1178388). - Fixed of GFP flag to alloc memory(58dd62ef8) (bsc#1174783, bsc#1178501). - Fixed of double call drbd_backing_device (bsc#1154084). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-1522=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): drbd-kmp-rt-9.0.14+git.62f906cf_k4.12.14_10.40-4.6.1 drbd-kmp-rt-debuginfo-9.0.14+git.62f906cf_k4.12.14_10.40-4.6.1 References: https://bugzilla.suse.com/1154084 https://bugzilla.suse.com/1174783 https://bugzilla.suse.com/1178388 https://bugzilla.suse.com/1178501 https://bugzilla.suse.com/1182570 https://bugzilla.suse.com/1183970 From sle-updates at lists.suse.com Wed May 5 19:25:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 21:25:18 +0200 (CEST) Subject: SUSE-SU-2021:1523-1: moderate: Security update for libxml2 Message-ID: <20210505192518.8D502FF53@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1523-1 Rating: moderate References: #1185408 #1185409 #1185410 Cross-References: CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVSS scores: CVE-2021-3516 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3517 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3518 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1523=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-1523=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-1523=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1523=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1523=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libxml2-2-2.9.7-3.31.1 libxml2-2-debuginfo-2.9.7-3.31.1 libxml2-debugsource-2.9.7-3.31.1 libxml2-tools-2.9.7-3.31.1 libxml2-tools-debuginfo-2.9.7-3.31.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.31.1 python2-libxml2-python-2.9.7-3.31.1 python2-libxml2-python-debuginfo-2.9.7-3.31.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.31.1 python2-libxml2-python-2.9.7-3.31.1 python2-libxml2-python-debuginfo-2.9.7-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.31.1 libxml2-2-debuginfo-2.9.7-3.31.1 libxml2-debugsource-2.9.7-3.31.1 libxml2-devel-2.9.7-3.31.1 libxml2-tools-2.9.7-3.31.1 libxml2-tools-debuginfo-2.9.7-3.31.1 python-libxml2-python-debugsource-2.9.7-3.31.1 python3-libxml2-python-2.9.7-3.31.1 python3-libxml2-python-debuginfo-2.9.7-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libxml2-2-32bit-2.9.7-3.31.1 libxml2-2-32bit-debuginfo-2.9.7-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.31.1 libxml2-2-debuginfo-2.9.7-3.31.1 libxml2-debugsource-2.9.7-3.31.1 libxml2-devel-2.9.7-3.31.1 libxml2-tools-2.9.7-3.31.1 libxml2-tools-debuginfo-2.9.7-3.31.1 python-libxml2-python-debugsource-2.9.7-3.31.1 python3-libxml2-python-2.9.7-3.31.1 python3-libxml2-python-debuginfo-2.9.7-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libxml2-2-32bit-2.9.7-3.31.1 libxml2-2-32bit-debuginfo-2.9.7-3.31.1 References: https://www.suse.com/security/cve/CVE-2021-3516.html https://www.suse.com/security/cve/CVE-2021-3517.html https://www.suse.com/security/cve/CVE-2021-3518.html https://bugzilla.suse.com/1185408 https://bugzilla.suse.com/1185409 https://bugzilla.suse.com/1185410 From sle-updates at lists.suse.com Wed May 5 19:26:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 May 2021 21:26:35 +0200 (CEST) Subject: SUSE-SU-2021:1524-1: moderate: Security update for libxml2 Message-ID: <20210505192635.648A1FF53@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1524-1 Rating: moderate References: #1185408 #1185409 #1185410 Cross-References: CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVSS scores: CVE-2021-3516 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3517 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3518 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1524=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1524=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.40.1 libxml2-devel-2.9.4-46.40.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.40.1 libxml2-2-debuginfo-2.9.4-46.40.1 libxml2-debugsource-2.9.4-46.40.1 libxml2-tools-2.9.4-46.40.1 libxml2-tools-debuginfo-2.9.4-46.40.1 python-libxml2-2.9.4-46.40.1 python-libxml2-debuginfo-2.9.4-46.40.1 python-libxml2-debugsource-2.9.4-46.40.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libxml2-2-32bit-2.9.4-46.40.1 libxml2-2-debuginfo-32bit-2.9.4-46.40.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libxml2-doc-2.9.4-46.40.1 References: https://www.suse.com/security/cve/CVE-2021-3516.html https://www.suse.com/security/cve/CVE-2021-3517.html https://www.suse.com/security/cve/CVE-2021-3518.html https://bugzilla.suse.com/1185408 https://bugzilla.suse.com/1185409 https://bugzilla.suse.com/1185410 From sle-updates at lists.suse.com Wed May 5 22:15:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 00:15:40 +0200 (CEST) Subject: SUSE-RU-2021:1525-1: moderate: Recommended update for rook Message-ID: <20210505221540.AB2ECFF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for rook ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1525-1 Rating: moderate References: Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for rook fixes the following issues: - updated ceph-csi to v3.2.1 * Use latest Ceph API for setting dashboard and rgw credentials * Redact secret info from reconcile diffs in debug logs) * Continue to get available devices if failed to get a device info * Include RGW pods in list for rescheduling from failed node * Enforce pg_auto_scaler on rgw pools * Prevent voluntary mon drain while another mon is failing over * Avoid restarting all encrypted OSDs on cluster growth * Set secret type on external cluster script * Fix init container "expand-encrypted-bluefs" for encrypted OSDs * Fail pool creation if the sub failure domain is the same as the failure domain * Set default backend for vault and remove temp key for encrypted OSDs Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-1525=1 Package List: - SUSE Enterprise Storage 7 (noarch): rook-ceph-helm-charts-1.5.10+git4.g309ad2f64-3.18.1 rook-k8s-yaml-1.5.10+git4.g309ad2f64-3.18.1 References: From sle-updates at lists.suse.com Thu May 6 06:01:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 08:01:37 +0200 (CEST) Subject: SUSE-CU-2021:139-1: Security update of ses/7/ceph/ceph Message-ID: <20210506060137.65263B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: ses/7/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:139-1 Container Tags : ses/7/ceph/ceph:15.2.11.83 , ses/7/ceph/ceph:15.2.11.83.4.183 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus Container Release : 4.183 Severity : important Type : security References : 1165780 1177047 1178219 1178219 1178680 1180836 1181976 1182611 1182791 1182899 1183074 1183791 1183801 1183899 1183936 1184136 1184231 1184401 1184690 1185408 1185409 1185410 CVE-2021-20288 CVE-2021-20305 CVE-2021-3156 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container ses/7/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1275-1 Released: Tue Apr 20 14:31:26 2021 Summary: Security update for sudo Type: security Severity: important References: 1183936,CVE-2021-3156 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1321-1 Released: Mon Apr 26 15:10:40 2021 Summary: Recommended update for strongswan Type: recommended Severity: low References: This update for strongswan fixes the following issues: - Added rcstrongswan-starter to this package. Please refer to the README.SUSE file to get more information about its usage. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1419-1 Released: Thu Apr 29 06:20:30 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1178219 This update for dracut fixes the following issues: - Fix for adding timeout to umount calls. (bsc#1178219) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1475-1 Released: Tue May 4 08:59:27 2021 Summary: Security update for ceph Type: security Severity: important References: 1183074,1183899,1184231,CVE-2021-20288 This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074). * disk gets replaced with no rocksdb/wal (bsc#1184231). * BlueStore handles huge(>4GB) writes from RocksDB to BlueFS poorly, potentially causing data corruption (bsc#1183899). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1521-1 Released: Wed May 5 17:52:55 2021 Summary: Recommended update for ceph-iscsi Type: recommended Severity: moderate References: 1182611 This update for ceph-iscsi fixes the following issues: -Fix for the gateway when it fails to start using SSL. (bsc#1182611) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 6 06:04:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 08:04:11 +0200 (CEST) Subject: SUSE-CU-2021:140-1: Security update of ses/7/rook/ceph Message-ID: <20210506060411.A20B3B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: ses/7/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:140-1 Container Tags : ses/7/rook/ceph:1.5.10 , ses/7/rook/ceph:1.5.10.4 , ses/7/rook/ceph:1.5.10.4.1.1581 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus Container Release : 1.1581 Severity : important Type : security References : 1165780 1177047 1178219 1178680 1180836 1181976 1182611 1182791 1182899 1183074 1183791 1183801 1183899 1183936 1184136 1184231 1184401 1184690 1185408 1185409 1185410 CVE-2021-20288 CVE-2021-20305 CVE-2021-3156 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container ses/7/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1275-1 Released: Tue Apr 20 14:31:26 2021 Summary: Security update for sudo Type: security Severity: important References: 1183936,CVE-2021-3156 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1475-1 Released: Tue May 4 08:59:27 2021 Summary: Security update for ceph Type: security Severity: important References: 1183074,1183899,1184231,CVE-2021-20288 This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074). * disk gets replaced with no rocksdb/wal (bsc#1184231). * BlueStore handles huge(>4GB) writes from RocksDB to BlueFS poorly, potentially causing data corruption (bsc#1183899). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1521-1 Released: Wed May 5 17:52:55 2021 Summary: Recommended update for ceph-iscsi Type: recommended Severity: moderate References: 1182611 This update for ceph-iscsi fixes the following issues: -Fix for the gateway when it fails to start using SSL. (bsc#1182611) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1525-1 Released: Wed May 5 20:04:16 2021 Summary: Recommended update for rook Type: recommended Severity: moderate References: This update for rook fixes the following issues: - updated ceph-csi to v3.2.1 * Use latest Ceph API for setting dashboard and rgw credentials * Redact secret info from reconcile diffs in debug logs) * Continue to get available devices if failed to get a device info * Include RGW pods in list for rescheduling from failed node * Enforce pg_auto_scaler on rgw pools * Prevent voluntary mon drain while another mon is failing over * Avoid restarting all encrypted OSDs on cluster growth * Set secret type on external cluster script * Fix init container 'expand-encrypted-bluefs' for encrypted OSDs * Fail pool creation if the sub failure domain is the same as the failure domain * Set default backend for vault and remove temp key for encrypted OSDs From sle-updates at lists.suse.com Thu May 6 06:43:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 08:43:35 +0200 (CEST) Subject: SUSE-CU-2021:143-1: Security update of suse/sle15 Message-ID: <20210506064335.C0024B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:143-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.905 Container Release : 8.2.905 Severity : moderate Type : security References : 1185408 1185409 1185410 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 6 06:21:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 08:21:28 +0200 (CEST) Subject: SUSE-CU-2021:141-1: Security update of suse/sle15 Message-ID: <20210506062128.107E2B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:141-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.386 Container Release : 4.22.386 Severity : moderate Type : security References : 1185408 1185409 1185410 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 6 06:35:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 08:35:14 +0200 (CEST) Subject: SUSE-CU-2021:142-1: Security update of suse/sle15 Message-ID: <20210506063514.4F6F4B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:142-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.446 Container Release : 6.2.446 Severity : moderate Type : security References : 1185408 1185409 1185410 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 6 10:16:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 12:16:28 +0200 (CEST) Subject: SUSE-RU-2021:1526-1: important: Recommended update for bash Message-ID: <20210506101628.CD3B2FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1526-1 Rating: important References: #1183064 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1526=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): bash-4.4-19.3.1 bash-debuginfo-4.4-19.3.1 bash-debugsource-4.4-19.3.1 bash-devel-4.4-19.3.1 libreadline7-7.0-19.3.1 libreadline7-debuginfo-7.0-19.3.1 readline-devel-7.0-19.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libreadline7-32bit-7.0-19.3.1 libreadline7-32bit-debuginfo-7.0-19.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): bash-doc-4.4-19.3.1 bash-lang-4.4-19.3.1 readline-doc-7.0-19.3.1 References: https://bugzilla.suse.com/1183064 From sle-updates at lists.suse.com Thu May 6 10:17:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 12:17:43 +0200 (CEST) Subject: SUSE-RU-2021:1527-1: important: Recommended update for bash Message-ID: <20210506101743.6C9ACFF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1527-1 Rating: important References: #1183064 Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1527=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1527=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1527=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1527=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1527=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1527=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1527=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1527=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1527=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1527=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1527=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1527=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1527=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1527=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1527=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Manager Server 4.0 (x86_64): libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 - SUSE Manager Server 4.0 (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Manager Retail Branch Server 4.0 (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Manager Proxy 4.0 (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Manager Proxy 4.0 (x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE Enterprise Storage 6 (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 - SUSE Enterprise Storage 6 (x86_64): libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 - SUSE CaaS Platform 4.0 (x86_64): bash-4.4-9.14.1 bash-debuginfo-4.4-9.14.1 bash-debugsource-4.4-9.14.1 bash-devel-4.4-9.14.1 libreadline7-32bit-7.0-9.14.1 libreadline7-32bit-debuginfo-7.0-9.14.1 libreadline7-7.0-9.14.1 libreadline7-debuginfo-7.0-9.14.1 readline-devel-7.0-9.14.1 - SUSE CaaS Platform 4.0 (noarch): bash-doc-4.4-9.14.1 bash-lang-4.4-9.14.1 readline-doc-7.0-9.14.1 References: https://bugzilla.suse.com/1183064 From sle-updates at lists.suse.com Thu May 6 19:15:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:15:47 +0200 (CEST) Subject: SUSE-RU-2021:1529-1: moderate: Recommended update for sssd Message-ID: <20210506191547.CE30EFF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1529-1 Rating: moderate References: #1182230 #1182637 ECO-3436 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for sssd fixes the following issues: - Install infopipe dbus service on SLE12. (bsc#1182230, jsc#ECO-3436) - Create timestamp attribute in cache objects if missing. (bsc#1182637) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1529=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1529=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-7.19.3 libsss_idmap-devel-1.16.1-7.19.3 libsss_nss_idmap-devel-1.16.1-7.19.3 sssd-debuginfo-1.16.1-7.19.3 sssd-debugsource-1.16.1-7.19.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-7.19.3 libipa_hbac0-debuginfo-1.16.1-7.19.3 libsss_certmap0-1.16.1-7.19.3 libsss_certmap0-debuginfo-1.16.1-7.19.3 libsss_idmap0-1.16.1-7.19.3 libsss_idmap0-debuginfo-1.16.1-7.19.3 libsss_nss_idmap0-1.16.1-7.19.3 libsss_nss_idmap0-debuginfo-1.16.1-7.19.3 libsss_simpleifp0-1.16.1-7.19.3 libsss_simpleifp0-debuginfo-1.16.1-7.19.3 python-sssd-config-1.16.1-7.19.3 python-sssd-config-debuginfo-1.16.1-7.19.3 sssd-1.16.1-7.19.3 sssd-ad-1.16.1-7.19.3 sssd-ad-debuginfo-1.16.1-7.19.3 sssd-dbus-1.16.1-7.19.3 sssd-dbus-debuginfo-1.16.1-7.19.3 sssd-debuginfo-1.16.1-7.19.3 sssd-debugsource-1.16.1-7.19.3 sssd-ipa-1.16.1-7.19.3 sssd-ipa-debuginfo-1.16.1-7.19.3 sssd-krb5-1.16.1-7.19.3 sssd-krb5-common-1.16.1-7.19.3 sssd-krb5-common-debuginfo-1.16.1-7.19.3 sssd-krb5-debuginfo-1.16.1-7.19.3 sssd-ldap-1.16.1-7.19.3 sssd-ldap-debuginfo-1.16.1-7.19.3 sssd-proxy-1.16.1-7.19.3 sssd-proxy-debuginfo-1.16.1-7.19.3 sssd-tools-1.16.1-7.19.3 sssd-tools-debuginfo-1.16.1-7.19.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): sssd-32bit-1.16.1-7.19.3 sssd-debuginfo-32bit-1.16.1-7.19.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64): libsss_nss_idmap-devel-1.16.1-7.19.3 References: https://bugzilla.suse.com/1182230 https://bugzilla.suse.com/1182637 From sle-updates at lists.suse.com Thu May 6 19:16:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:16:58 +0200 (CEST) Subject: SUSE-RU-2021:1532-1: moderate: Recommended update for python-shaptools Message-ID: <20210506191658.29E33FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-shaptools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1532-1 Rating: moderate References: #1185090 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-shaptools fixes the following issues: - Fix the HANA 'sidadm' user creation to transform to lowercase properly. (bsc#1185090) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-1532=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-1532=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): python3-shaptools-0.3.12+git.1619007514.1951d23-3.9.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): python3-shaptools-0.3.12+git.1619007514.1951d23-3.9.1 References: https://bugzilla.suse.com/1185090 From sle-updates at lists.suse.com Thu May 6 19:18:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:18:02 +0200 (CEST) Subject: SUSE-RU-2021:1536-1: moderate: Recommended update for dovecot Message-ID: <20210506191802.CCB9DFF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for dovecot ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1536-1 Rating: moderate References: #1185074 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dovecot fixes the following issues: - Using /run instead of /var/run which was deprecated (bsc#1185074) - The home directories of the internal users was moved from /var/run/dovecot to /run/dovecot as well. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1536=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1536=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): dovecot-2.3-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): dovecot-2.3-3.3.1 References: https://bugzilla.suse.com/1185074 From sle-updates at lists.suse.com Thu May 6 19:19:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:19:05 +0200 (CEST) Subject: SUSE-RU-2021:1534-1: moderate: Recommended update for kexec-tools Message-ID: <20210506191905.340E4FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for kexec-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1534-1 Rating: moderate References: #1185020 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kexec-tools fixes the following issue: - Hardening: link as Position-Independent Executable PIE (bsc#1185020). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1534=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1534=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): kexec-tools-2.0.20-5.6.1 kexec-tools-debuginfo-2.0.20-5.6.1 kexec-tools-debugsource-2.0.20-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kexec-tools-2.0.20-5.6.1 kexec-tools-debuginfo-2.0.20-5.6.1 kexec-tools-debugsource-2.0.20-5.6.1 References: https://bugzilla.suse.com/1185020 From sle-updates at lists.suse.com Thu May 6 19:20:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:20:10 +0200 (CEST) Subject: SUSE-RU-2021:1537-1: moderate: Recommended update for pacemaker Message-ID: <20210506192010.60B3EFF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1537-1 Rating: moderate References: #1148236 #1173668 #1174696 #1177212 #1178865 #1182607 #1184557 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - Prevent leftover attributes of shutdown node in cib (bsc#1173668) - crmadmin does now only print the essential information (bsc#1178865) - Fixed a bug where a migration stop was scheduled when one already exists (bsc#1177212, bsc#1182607) - Fencer does no longer require an API registration for list and status commands (bsc#1148236) - Documentation and message improvements: * Improved the documentation of `stonith-watchdog-timeout`, `have-watchdog` cluster option (bsc#1174696, bsc#1184557) * Improved the explanation of `have-watchdog=true` (bsc#1174696, bsc#1184557) * Improved a message when watchdog will be used (bsc#1174696, bsc#1184557) * Improved error checking and log messages for fencer API action requests (bsc#1148236) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-1537=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.18+20180430.b12c320f5-3.30.1 libpacemaker3-1.1.18+20180430.b12c320f5-3.30.1 libpacemaker3-debuginfo-1.1.18+20180430.b12c320f5-3.30.1 pacemaker-1.1.18+20180430.b12c320f5-3.30.1 pacemaker-cli-1.1.18+20180430.b12c320f5-3.30.1 pacemaker-cli-debuginfo-1.1.18+20180430.b12c320f5-3.30.1 pacemaker-debuginfo-1.1.18+20180430.b12c320f5-3.30.1 pacemaker-debugsource-1.1.18+20180430.b12c320f5-3.30.1 pacemaker-remote-1.1.18+20180430.b12c320f5-3.30.1 pacemaker-remote-debuginfo-1.1.18+20180430.b12c320f5-3.30.1 - SUSE Linux Enterprise High Availability 15 (noarch): pacemaker-cts-1.1.18+20180430.b12c320f5-3.30.1 References: https://bugzilla.suse.com/1148236 https://bugzilla.suse.com/1173668 https://bugzilla.suse.com/1174696 https://bugzilla.suse.com/1177212 https://bugzilla.suse.com/1178865 https://bugzilla.suse.com/1182607 https://bugzilla.suse.com/1184557 From sle-updates at lists.suse.com Thu May 6 19:21:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:21:50 +0200 (CEST) Subject: SUSE-RU-2021:1540-1: moderate: Recommended update for vsftpd Message-ID: <20210506192150.19706FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1540-1 Rating: moderate References: #1089088 #1125951 #1180314 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for vsftpd fixes the following issues: - Improved the compatibility of the daemon with SUSE Linux Enterprise 15 (bsc#1089088, bsc#1180314) - Fixed a segmentation fault that could occur, when trying to write to an invalid TLS context (bsc#1125951) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1540=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.2-40.19.1 vsftpd-debuginfo-3.0.2-40.19.1 vsftpd-debugsource-3.0.2-40.19.1 References: https://bugzilla.suse.com/1089088 https://bugzilla.suse.com/1125951 https://bugzilla.suse.com/1180314 From sle-updates at lists.suse.com Thu May 6 19:23:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:23:12 +0200 (CEST) Subject: SUSE-RU-2021:1541-1: moderate: Recommended update for bash Message-ID: <20210506192312.2E143FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1541-1 Rating: moderate References: #1177369 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bash fixes the following issues: - Fixed a bug where the 'tailf' command destroyed the terminal/console settings (bsc1177369) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1541=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1541=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1541=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1541=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-1541=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1541=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1541=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1541=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1541=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1541=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1541=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1541=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1541=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1541=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1541=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1541=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE OpenStack Cloud Crowbar 9 (x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-32bit-6.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE OpenStack Cloud Crowbar 8 (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE OpenStack Cloud Crowbar 8 (x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-32bit-6.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE OpenStack Cloud 9 (x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-32bit-6.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE OpenStack Cloud 9 (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE OpenStack Cloud 8 (x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-32bit-6.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE OpenStack Cloud 8 (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): bash-lang-4.3-83.26.4 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 bash-devel-4.3-83.26.4 readline-devel-6.3-83.26.4 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libreadline6-32bit-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libreadline6-32bit-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libreadline6-32bit-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP5 (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libreadline6-32bit-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libreadline6-32bit-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-32bit-6.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-32bit-6.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-32bit-6.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-32bit-6.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - HPE Helion Openstack 8 (noarch): bash-doc-4.3-83.26.4 readline-doc-6.3-83.26.4 - HPE Helion Openstack 8 (x86_64): bash-4.3-83.26.4 bash-debuginfo-4.3-83.26.4 bash-debugsource-4.3-83.26.4 libreadline6-32bit-6.3-83.26.4 libreadline6-6.3-83.26.4 libreadline6-debuginfo-32bit-6.3-83.26.4 libreadline6-debuginfo-6.3-83.26.4 References: https://bugzilla.suse.com/1177369 From sle-updates at lists.suse.com Thu May 6 19:24:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:24:25 +0200 (CEST) Subject: SUSE-RU-2021:1535-1: Recommended update for spamassassin Message-ID: <20210506192425.0A3E8FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for spamassassin ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1535-1 Rating: low References: #1185184 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for spamassassin fixes the following issues: - Deprecated path "/var/run/" used in systemd-services (bsc#1185184) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1535=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1535=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1535=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1535=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.13.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.5-12.13.1 spamassassin-3.4.5-12.13.1 spamassassin-debuginfo-3.4.5-12.13.1 spamassassin-debugsource-3.4.5-12.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.5-12.13.1 spamassassin-3.4.5-12.13.1 spamassassin-debuginfo-3.4.5-12.13.1 spamassassin-debugsource-3.4.5-12.13.1 References: https://bugzilla.suse.com/1185184 From sle-updates at lists.suse.com Thu May 6 19:25:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:25:31 +0200 (CEST) Subject: SUSE-RU-2021:1531-1: moderate: Recommended update for saphanabootstrap-formula Message-ID: <20210506192531.92D65FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for saphanabootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1531-1 Rating: moderate References: #1185090 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for saphanabootstrap-formula fixes the following issues: - Fix the HANA sidadm usage to transform to lowercase some states managing the sudoers file in ha_cluster.sls state file. (bsc#1185090) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-1531=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-1531=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): saphanabootstrap-formula-0.7.1+git.1619008686.8600866-1.15.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): saphanabootstrap-formula-0.7.1+git.1619008686.8600866-1.15.1 References: https://bugzilla.suse.com/1185090 From sle-updates at lists.suse.com Thu May 6 19:26:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:26:35 +0200 (CEST) Subject: SUSE-RU-2021:1538-1: moderate: Recommended update for irqbalance Message-ID: <20210506192635.2353BFF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1538-1 Rating: moderate References: #1184592 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for irqbalance fixes the following issues: - Fixed an issue, where /proc/interrupts could not be read on a system with more than 80 CPU's (bsc#1184592) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1538=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): irqbalance-1.1.0-9.9.1 irqbalance-debuginfo-1.1.0-9.9.1 irqbalance-debugsource-1.1.0-9.9.1 References: https://bugzilla.suse.com/1184592 From sle-updates at lists.suse.com Thu May 6 19:27:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:27:36 +0200 (CEST) Subject: SUSE-RU-2021:1539-1: Recommended update for spamassassin Message-ID: <20210506192736.3D3DFFF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for spamassassin ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1539-1 Rating: low References: #1185184 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for spamassassin fixes the following issues: - Deprecated path "/var/run/" used in systemd-services (bsc#1185184) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1539=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.5-44.16.1 spamassassin-3.4.5-44.16.1 spamassassin-debuginfo-3.4.5-44.16.1 spamassassin-debugsource-3.4.5-44.16.1 References: https://bugzilla.suse.com/1185184 From sle-updates at lists.suse.com Thu May 6 19:28:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:28:38 +0200 (CEST) Subject: SUSE-RU-2021:1533-1: moderate: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Message-ID: <20210506192838.2F1AAFF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1533-1 Rating: moderate References: #1174304 #1174306 #1175740 #1175741 #1179031 #1179032 #1180304 #1182793 #1183414 #1183415 ECO-2099 PM-1945 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has 10 recommended fixes and contains two features can now be installed. Description: This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes: Changes in google-guest-agent: - Update to version 20210223.01 (bsc#1183414, bsc#1183415) * add a match block to sshd_config for SAs (#99) * add ipv6 forwarded ip support (#101) * call restorecon on ssh host keys (#98) * Include startup and shutdown in preset (#96) * set metadata URL earlier (#94) - Fix activation logic of systemd services (bsc#1182793) - Update to version 20201211.00 * Require snapshot scripts to live under /etc/google/snapshots (#90) * Adding support for Windows user account password lengths between 15 and 255 characters. (#91) * Adding bkatyl to OWNERS (#92) Changes in google-guest-configs: - Update to version 20210317.00 (bsc#1183414, bsc#1183415) * dracut.conf wants spaces around values (#19) * make the same change for debian (#18) * change path back for google_nvme_id (#17) * move google_nvme_id to /usr/bin (#16) * correct udev rule syntax (#15) * prune el6 spec (#13) * Updated udev rules (#11) - Remove empty %{_sbindir} from %install and %files section - Remove service files (bsc#1180304) + google-optimize-local-ssd.service, google-set-multiqueue.service scripts are called from within the guest agent Changes in google-guest-oslogin: - Update to version 20210316.00 (bsc#1183414, bsc#1183415) * call correct function in pwenthelper (#53) - Update to version 20210108.00 * Update logic in the cache_refresh binary (#52) * remove old unused workflow files (#49) * add getpwnam,getpwuid,getgrnam,getgrgid (#42) * Change requires to not require the python library for policycoreutils. (#44) * add dial and recvline (#41) * PR feedback * new client component and tests Changes in google-osconfig-agent: - Update to version 20210316.00 (bsc#1183414, bsc#1183415) * call correct function in pwenthelper (#53) - Update to version 20210108.00 * Update logic in the cache_refresh binary (#52) * remove old unused workflow files (#49) - Update to version 20200925.00 (bsc#1179031, bsc#1179032) * add getpwnam,getpwuid,getgrnam,getgrgid (#42) * Change requires to not require the python library for policycoreutils. (#44) * add dial and recvline (#41) * PR feedback * new client component and tests - Update to version 20200819.00 (bsc#1175740, bsc#1175741) * deny non-2fa users (#37) * use asterisks instead (#39) * set passwords to ! (#38) * correct index 0 bug (#36) * Support security key generated OTP challenges. (#35) - No post action for ssh - Initial build (bsc#1174304, bsc#1174306, jsc#ECO-2099, jsc#PM-1945) + Version 20200507.00 + Replaces google-compute-engine-oslogin package Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1533=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-1533=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): google-guest-agent-20210223.01-1.17.1 google-guest-oslogin-20210316.00-1.15.1 google-guest-oslogin-debuginfo-20210316.00-1.15.1 google-guest-oslogin-debugsource-20210316.00-1.15.1 google-osconfig-agent-20210316.00-1.8.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): google-guest-configs-20210317.00-1.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-guest-agent-20210223.01-1.17.1 google-guest-oslogin-20210316.00-1.15.1 google-guest-oslogin-debuginfo-20210316.00-1.15.1 google-guest-oslogin-debugsource-20210316.00-1.15.1 google-osconfig-agent-20210316.00-1.8.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-guest-configs-20210317.00-1.11.1 References: https://bugzilla.suse.com/1174304 https://bugzilla.suse.com/1174306 https://bugzilla.suse.com/1175740 https://bugzilla.suse.com/1175741 https://bugzilla.suse.com/1179031 https://bugzilla.suse.com/1179032 https://bugzilla.suse.com/1180304 https://bugzilla.suse.com/1182793 https://bugzilla.suse.com/1183414 https://bugzilla.suse.com/1183415 From sle-updates at lists.suse.com Thu May 6 19:30:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:30:21 +0200 (CEST) Subject: SUSE-RU-2021:1530-1: moderate: Recommended update for sapnwbootstrap-formula Message-ID: <20210506193021.064C0FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapnwbootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1530-1 Rating: moderate References: #1181541 #1185093 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sapnwbootstrap-formula fixes the following issues: - Set the virtual ip addresses as permanent, except for HA scenarios, to have them even after a reboot of the machine. (bsc#1185093) - Fix error about missing instance installation requisite when monitoring is enabled. (bsc#1181541) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-1530=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-1530=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): sapnwbootstrap-formula-0.6.2+git.1619009582.e0ae9e8-1.15.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): sapnwbootstrap-formula-0.6.2+git.1619009582.e0ae9e8-1.15.1 References: https://bugzilla.suse.com/1181541 https://bugzilla.suse.com/1185093 From sle-updates at lists.suse.com Thu May 6 19:31:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 May 2021 21:31:32 +0200 (CEST) Subject: SUSE-RU-2021:1528-1: moderate: Recommended update for openssl-1_1 Message-ID: <20210506193132.66D74FF53@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1528-1 Rating: moderate References: #1161276 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1528=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1528=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1528=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libopenssl1_1-1.1.1d-11.23.1 libopenssl1_1-debuginfo-1.1.1d-11.23.1 openssl-1_1-1.1.1d-11.23.1 openssl-1_1-debuginfo-1.1.1d-11.23.1 openssl-1_1-debugsource-1.1.1d-11.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.23.1 libopenssl1_1-1.1.1d-11.23.1 libopenssl1_1-debuginfo-1.1.1d-11.23.1 libopenssl1_1-hmac-1.1.1d-11.23.1 openssl-1_1-1.1.1d-11.23.1 openssl-1_1-debuginfo-1.1.1d-11.23.1 openssl-1_1-debugsource-1.1.1d-11.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libopenssl1_1-32bit-1.1.1d-11.23.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.23.1 libopenssl1_1-hmac-32bit-1.1.1d-11.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.23.1 libopenssl1_1-1.1.1d-11.23.1 libopenssl1_1-debuginfo-1.1.1d-11.23.1 libopenssl1_1-hmac-1.1.1d-11.23.1 openssl-1_1-1.1.1d-11.23.1 openssl-1_1-debuginfo-1.1.1d-11.23.1 openssl-1_1-debugsource-1.1.1d-11.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libopenssl1_1-32bit-1.1.1d-11.23.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.23.1 libopenssl1_1-hmac-32bit-1.1.1d-11.23.1 References: https://bugzilla.suse.com/1161276 From sle-updates at lists.suse.com Fri May 7 06:15:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 May 2021 08:15:40 +0200 (CEST) Subject: SUSE-CU-2021:144-1: Recommended update of suse/sle15 Message-ID: <20210507061540.42D3AB46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:144-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.387 Container Release : 4.22.387 Severity : important Type : recommended References : 1183064 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) From sle-updates at lists.suse.com Fri May 7 06:28:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 May 2021 08:28:41 +0200 (CEST) Subject: SUSE-CU-2021:145-1: Recommended update of suse/sle15 Message-ID: <20210507062841.CF7E5B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:145-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.447 Container Release : 6.2.447 Severity : important Type : recommended References : 1183064 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) From sle-updates at lists.suse.com Fri May 7 06:36:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 May 2021 08:36:26 +0200 (CEST) Subject: SUSE-CU-2021:146-1: Recommended update of suse/sle15 Message-ID: <20210507063626.41766B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:146-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.907 Container Release : 8.2.907 Severity : important Type : recommended References : 1161276 1183064 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) From sle-updates at lists.suse.com Fri May 7 06:38:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 May 2021 08:38:29 +0200 (CEST) Subject: SUSE-CU-2021:147-1: Recommended update of suse/sle15 Message-ID: <20210507063829.7DCBEB46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:147-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.15.8 Container Release : 15.8 Severity : important Type : recommended References : 1183791 1183801 1184690 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) From sle-updates at lists.suse.com Fri May 7 10:15:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 May 2021 12:15:22 +0200 (CEST) Subject: SUSE-RU-2021:1542-1: moderate: Recommended update for amazon-ecs-init Message-ID: <20210507101522.890EFFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1542-1 Rating: moderate References: #1062303 #1131459 #1182343 #1182344 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for amazon-ecs-init fixes the following issues: - Fix for an issue where no restart happens when ECS Agent exits with exit code 5 (bsc#1182343, bsc#1182344) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2021-1542=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): amazon-ecs-init-1.50.1-16.5.1 References: https://bugzilla.suse.com/1062303 https://bugzilla.suse.com/1131459 https://bugzilla.suse.com/1182343 https://bugzilla.suse.com/1182344 From sle-updates at lists.suse.com Fri May 7 19:16:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 May 2021 21:16:32 +0200 (CEST) Subject: SUSE-RU-2021:1543-1: moderate: Recommended update for patterns-microos Message-ID: <20210507191632.03A25FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-microos ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1543-1 Rating: moderate References: #1184435 Affected Products: SUSE MicroOS 5.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1543=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): apparmor-debugsource-2.13.4-3.5.1 apparmor-parser-2.13.4-3.5.1 apparmor-parser-debuginfo-2.13.4-3.5.1 bzip2-1.0.6-5.11.1 bzip2-debuginfo-1.0.6-5.11.1 bzip2-debugsource-1.0.6-5.11.1 dnsmasq-2.78-7.8.1 dnsmasq-debuginfo-2.78-7.8.1 dnsmasq-debugsource-2.78-7.8.1 libapparmor-debugsource-2.13.4-3.5.1 libapparmor1-2.13.4-3.5.1 libapparmor1-debuginfo-2.13.4-3.5.1 libbz2-1-1.0.6-5.11.1 libbz2-1-debuginfo-1.0.6-5.11.1 liblttng-ust0-2.10.1-4.2.1 liblttng-ust0-debuginfo-2.10.1-4.2.1 libnetcontrol0-0.3.1-10.2.3 libnetcontrol0-debuginfo-0.3.1-10.2.3 libpcap1-1.8.1-4.5.1 libpcap1-debuginfo-1.8.1-4.5.1 librados2-15.2.11.83+g8a15f484c2-3.22.1 librados2-debuginfo-15.2.11.83+g8a15f484c2-3.22.1 librbd1-15.2.11.83+g8a15f484c2-3.22.1 librbd1-debuginfo-15.2.11.83+g8a15f484c2-3.22.1 libsystemd0-246.10-4.2.2 libsystemd0-debuginfo-246.10-4.2.2 libudev1-246.10-4.2.2 libudev1-debuginfo-246.10-4.2.2 libvirt-daemon-6.0.0-13.10.1 libvirt-daemon-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-interface-6.0.0-13.10.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-network-6.0.0-13.10.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-nodedev-6.0.0-13.10.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-nwfilter-6.0.0-13.10.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-qemu-6.0.0-13.10.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-secret-6.0.0-13.10.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-storage-6.0.0-13.10.1 libvirt-daemon-driver-storage-core-6.0.0-13.10.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-storage-disk-6.0.0-13.10.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.10.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-storage-logical-6.0.0-13.10.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.10.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.10.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.10.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.10.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.10.1 libvirt-daemon-qemu-6.0.0-13.10.1 libvirt-debugsource-6.0.0-13.10.1 libvirt-libs-6.0.0-13.10.1 libvirt-libs-debuginfo-6.0.0-13.10.1 lzop-1.04-3.2.1 lzop-debuginfo-1.04-3.2.1 lzop-debugsource-1.04-3.2.1 nfs-client-2.1.1-10.12.1 nfs-client-debuginfo-2.1.1-10.12.1 nfs-kernel-server-2.1.1-10.12.1 nfs-kernel-server-debuginfo-2.1.1-10.12.1 nfs-utils-debuginfo-2.1.1-10.12.1 nfs-utils-debugsource-2.1.1-10.12.1 numad-0.5.20130522-3.2.1 numad-debuginfo-0.5.20130522-3.2.1 numad-debugsource-0.5.20130522-3.2.1 patterns-microos-base-5.0.1-18.3.1 patterns-microos-basesystem-5.0.1-18.3.1 patterns-microos-cockpit-5.0.1-18.3.1 patterns-microos-container_runtime-5.0.1-18.3.1 patterns-microos-defaults-5.0.1-18.3.1 patterns-microos-hardware-5.0.1-18.3.1 patterns-microos-kvm_host-5.0.1-18.3.1 patterns-microos-salt_minion-5.0.1-18.3.1 patterns-microos-selinux-5.0.1-18.3.1 radvd-2.17-5.2.1 radvd-debuginfo-2.17-5.2.1 radvd-debugsource-2.17-5.2.1 systemd-246.10-4.2.2 systemd-container-246.10-4.2.2 systemd-container-debuginfo-246.10-4.2.2 systemd-debuginfo-246.10-4.2.2 systemd-debugsource-246.10-4.2.2 systemd-sysvinit-246.10-4.2.2 udev-246.10-4.2.2 udev-debuginfo-246.10-4.2.2 - SUSE MicroOS 5.0 (noarch): apparmor-abstractions-2.13.4-3.5.1 qemu-ovmf-x86_64-201911-7.13.1 qemu-uefi-aarch64-201911-7.13.1 system-group-hardware-20170617-4.2.1 system-group-kvm-20170617-4.2.1 system-group-wheel-20170617-4.2.1 system-user-daemon-20170617-4.2.1 system-user-nobody-20170617-4.2.1 References: https://bugzilla.suse.com/1184435 From sle-updates at lists.suse.com Fri May 7 19:18:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 May 2021 21:18:35 +0200 (CEST) Subject: SUSE-RU-2021:1544-1: moderate: Recommended update for libzypp Message-ID: <20210507191835.87FA7FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1544-1 Rating: moderate References: #1180851 #1181874 #1182936 #1183628 #1184997 #1185239 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1544=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1544=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1544=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-1544=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libsolv-debuginfo-0.7.19-3.23.1 libsolv-debugsource-0.7.19-3.23.1 libsolv-tools-0.7.19-3.23.1 libsolv-tools-debuginfo-0.7.19-3.23.1 libzypp-17.25.10-3.36.1 libzypp-debuginfo-17.25.10-3.36.1 libzypp-debugsource-17.25.10-3.36.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.19-3.23.1 libsolv-debugsource-0.7.19-3.23.1 perl-solv-0.7.19-3.23.1 perl-solv-debuginfo-0.7.19-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.19-3.23.1 libsolv-debugsource-0.7.19-3.23.1 libsolv-devel-0.7.19-3.23.1 libsolv-devel-debuginfo-0.7.19-3.23.1 libsolv-tools-0.7.19-3.23.1 libsolv-tools-debuginfo-0.7.19-3.23.1 libzypp-17.25.10-3.36.1 libzypp-debuginfo-17.25.10-3.36.1 libzypp-debugsource-17.25.10-3.36.1 libzypp-devel-17.25.10-3.36.1 python3-solv-0.7.19-3.23.1 python3-solv-debuginfo-0.7.19-3.23.1 ruby-solv-0.7.19-3.23.1 ruby-solv-debuginfo-0.7.19-3.23.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.19-3.23.1 libzypp-17.25.10-3.36.1 References: https://bugzilla.suse.com/1180851 https://bugzilla.suse.com/1181874 https://bugzilla.suse.com/1182936 https://bugzilla.suse.com/1183628 https://bugzilla.suse.com/1184997 https://bugzilla.suse.com/1185239 From sle-updates at lists.suse.com Sat May 8 05:54:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 May 2021 07:54:52 +0200 (CEST) Subject: SUSE-IU-2021:443-1: Security update of suse-sles-15-sp2-chost-byos-v20210506-hvm-ssd-x86_64 Message-ID: <20210508055452.1C324B46EEF@westernhagen.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20210506-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:443-1 Image Tags : suse-sles-15-sp2-chost-byos-v20210506-hvm-ssd-x86_64:20210506 Image Release : Severity : important Type : security References : 1027519 1047233 1065729 1113295 1152472 1152489 1153274 1154353 1155518 1156256 1156395 1159280 1160634 1161276 1165780 1167574 1167773 1168777 1169514 1169709 1171295 1173485 1174166 1175960 1175995 1177047 1177204 1177326 1178163 1178181 1178219 1178219 1178330 1178469 1178490 1178680 1179148 1179156 1179454 1179908 1180197 1180690 1180713 1180836 1180980 1181254 1181283 1181383 1181507 1181674 1181696 1181862 1181976 1181989 1182011 1182012 1182077 1182485 1182552 1182574 1182576 1182591 1182595 1182715 1182716 1182717 1182770 1182791 1182899 1182989 1183015 1183018 1183022 1183023 1183048 1183064 1183072 1183239 1183252 1183277 1183278 1183279 1183280 1183281 1183282 1183283 1183284 1183285 1183286 1183287 1183288 1183366 1183369 1183386 1183405 1183412 1183416 1183421 1183427 1183428 1183445 1183447 1183453 1183501 1183509 1183530 1183534 1183540 1183572 1183574 1183593 1183596 1183598 1183637 1183646 1183662 1183686 1183692 1183696 1183750 1183757 1183775 1183791 1183800 1183801 1183843 1183859 1183871 1183936 1184074 1184085 1184120 1184136 1184161 1184167 1184168 1184170 1184176 1184192 1184193 1184194 1184196 1184198 1184211 1184217 1184218 1184219 1184220 1184224 1184310 1184388 1184391 1184393 1184401 1184485 1184509 1184511 1184512 1184514 1184521 1184583 1184585 1184644 1184647 1184677 1184690 1184815 1185020 1185157 1185345 1185408 1185409 1185410 CVE-2019-18814 CVE-2019-19769 CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-27840 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20208 CVE-2021-20254 CVE-2021-20277 CVE-2021-20305 CVE-2021-25214 CVE-2021-25215 CVE-2021-25317 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28687 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28965 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-30002 CVE-2021-3156 CVE-2021-3308 CVE-2021-3428 CVE-2021-3444 CVE-2021-3468 CVE-2021-3483 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20210506-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1021-1 Released: Tue Apr 6 14:30:30 2021 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1175960 This update for cups fixes the following issues: - Fixed the web UI kerberos authentication (bsc#1175960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1028-1 Released: Tue Apr 6 17:54:37 2021 Summary: Security update for xen Type: security Severity: important References: 1027519,1177204,1179148,1180690,1181254,1181989,1182576,1183072,CVE-2021-28687,CVE-2021-3308 This update for xen fixes the following issues: - CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360) - CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368) - L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204) - L3: XEN domU crashed on resume when using the xl unpause command (bsc#1182576) - L3: xen: no needsreboot flag set (bsc#1180690) - kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148) - openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989) - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1161-1 Released: Tue Apr 13 11:35:57 2021 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1183239,CVE-2021-20208 This update for cifs-utils fixes the following issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container (bsc#1183239) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1205-1 Released: Thu Apr 15 15:14:31 2021 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1178490 This update for rsyslog fixes the following issues: - Fix groupname retrieval for large groups. (bsc#1178490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1238-1 Released: Fri Apr 16 10:58:27 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1047233,1065729,1113295,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1167574,1167773,1168777,1169514,1169709,1171295,1173485,1175995,1177326,1178163,1178181,1178330,1179454,1180197,1180980,1181383,1181507,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183405,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184074,1184120,1184167,1184168,1184170,1184176,1184192,1184193,1184194,1184196,1184198,1184211,1184217,1184218,1184219,1184220,1184224,1184388,1184391,1184393,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184647,CVE-2019-18814,CVE-2019-19769,CVE -2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) - drm/panfrost: Fix job timeout handling (bsc#1152472) - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - ionic: linearize tso skb with too many frags (bsc#1167773). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - stop_machine: mark helpers __always_inline (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: fix setting irq affinity (bsc#1184583). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1269-1 Released: Tue Apr 20 14:00:20 2021 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174166,1181696,1182012 This update for grub2 fixes the following issues: - Fix error `grub_file_filters not found` in Azure virtual machine. (bsc#1182012) - Fix executable stack marking in `grub-emu`. (bsc#1181696) - Remove `95_textmode` for PowerPC given that there's no efi port on that architecture. (bsc#1174166) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1275-1 Released: Tue Apr 20 14:31:26 2021 Summary: Security update for sudo Type: security Severity: important References: 1183936,CVE-2021-3156 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1280-1 Released: Tue Apr 20 14:34:19 2021 Summary: Security update for ruby2.5 Type: security Severity: moderate References: 1184644,CVE-2021-28965 This update for ruby2.5 fixes the following issues: - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1419-1 Released: Thu Apr 29 06:20:30 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1178219 This update for dracut fixes the following issues: - Fix for adding timeout to umount calls. (bsc#1178219) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1425-1 Released: Thu Apr 29 06:23:08 2021 Summary: Optional update for tcpdump Type: optional Severity: low References: 1183800 This update for tcpdump fixes the following issues: - Disabled five regression tests that fail with libpcap > 1.8.1 (bsc#1183800) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1444-1 Released: Thu Apr 29 16:17:34 2021 Summary: Security update for samba Type: security Severity: important References: 1178469,1179156,1183572,1183574,1184310,1184677,CVE-2020-27840,CVE-2021-20254,CVE-2021-20277 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - s3-libads: use dns name to open a ldap session (bsc#1184310). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1451-1 Released: Fri Apr 30 08:08:45 2021 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1185157 This update for dhcp fixes the following issues: - Use '/run' instead of '/var/run' for PIDFile in 'dhcrelay.service'. (bsc#1185157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1454-1 Released: Fri Apr 30 09:22:26 2021 Summary: Security update for cups Type: security Severity: important References: 1184161,CVE-2021-25317 This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1456-1 Released: Fri Apr 30 12:00:01 2021 Summary: Recommended update for cifs-utils Type: recommended Severity: important References: 1184815 This update for cifs-utils fixes the following issues: - Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update (bsc#1184815) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1462-1 Released: Fri Apr 30 14:54:23 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1181283,1184085 This update for cloud-init fixes the following issues: - Fixed an issue, where the bonding options were wrongly configured in SLE and openSUSE (bsc#1184085) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1471-1 Released: Tue May 4 08:36:57 2021 Summary: Security update for bind Type: security Severity: important References: 1183453,1185345,CVE-2021-25214,CVE-2021-25215 This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - make /usr/bin/delv in bind-tools position independent (bsc#1183453). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1493-1 Released: Tue May 4 17:13:34 2021 Summary: Security update for avahi Type: security Severity: moderate References: 1184521,CVE-2021-3468 This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1517-1 Released: Wed May 5 17:43:54 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1179908,1183421,CVE-2020-13987,CVE-2020-13988,CVE-2020-17437,CVE-2020-17438 This update for open-iscsi fixes the following issues: - Enabled asynchronous logins for iscsi.service (bsc#1183421) - Fixed a login issue when target is delayed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1534-1 Released: Thu May 6 17:05:07 2021 Summary: Recommended update for kexec-tools Type: recommended Severity: moderate References: 1185020 This update for kexec-tools fixes the following issue: - Hardening: link as Position-Independent Executable PIE (bsc#1185020). From sle-updates at lists.suse.com Sat May 8 06:08:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 May 2021 08:08:22 +0200 (CEST) Subject: SUSE-CU-2021:148-1: Security update of suse/sles12sp3 Message-ID: <20210508060822.1C1F9B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:148-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.252 , suse/sles12sp3:latest Container Release : 24.252 Severity : moderate Type : security References : 1177369 1185408 1185409 1185410 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1524-1 Released: Wed May 5 18:25:25 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1541-1 Released: Thu May 6 17:09:04 2021 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1177369 This update for bash fixes the following issues: - Fixed a bug where the 'tailf' command destroyed the terminal/console settings (bsc1177369) From sle-updates at lists.suse.com Sat May 8 06:18:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 May 2021 08:18:57 +0200 (CEST) Subject: SUSE-CU-2021:149-1: Security update of suse/sles12sp4 Message-ID: <20210508061857.A422EB46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:149-1 Container Tags : suse/sles12sp4:26.288 , suse/sles12sp4:latest Container Release : 26.288 Severity : moderate Type : security References : 1177369 1185408 1185409 1185410 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1524-1 Released: Wed May 5 18:25:25 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1541-1 Released: Thu May 6 17:09:04 2021 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1177369 This update for bash fixes the following issues: - Fixed a bug where the 'tailf' command destroyed the terminal/console settings (bsc1177369) From sle-updates at lists.suse.com Sat May 8 06:26:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 May 2021 08:26:53 +0200 (CEST) Subject: SUSE-CU-2021:150-1: Security update of suse/sles12sp5 Message-ID: <20210508062653.28028B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:150-1 Container Tags : suse/sles12sp5:6.5.174 , suse/sles12sp5:latest Container Release : 6.5.174 Severity : moderate Type : security References : 1177369 1185408 1185409 1185410 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1524-1 Released: Wed May 5 18:25:25 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1541-1 Released: Thu May 6 17:09:04 2021 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1177369 This update for bash fixes the following issues: - Fixed a bug where the 'tailf' command destroyed the terminal/console settings (bsc1177369) From sle-updates at lists.suse.com Sat May 8 06:43:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 May 2021 08:43:17 +0200 (CEST) Subject: SUSE-CU-2021:151-1: Recommended update of suse/sle15 Message-ID: <20210508064317.A91F7B46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:151-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.388 Container Release : 4.22.388 Severity : moderate Type : recommended References : 1184435 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) From sle-updates at lists.suse.com Sat May 8 06:56:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 May 2021 08:56:42 +0200 (CEST) Subject: SUSE-CU-2021:152-1: Recommended update of suse/sle15 Message-ID: <20210508065642.3D3EDB46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:152-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.448 Container Release : 6.2.448 Severity : moderate Type : recommended References : 1184435 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) From sle-updates at lists.suse.com Sat May 8 07:04:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 May 2021 09:04:41 +0200 (CEST) Subject: SUSE-CU-2021:153-1: Recommended update of suse/sle15 Message-ID: <20210508070441.A5B8CB46EEF@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:153-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.909 Container Release : 8.2.909 Severity : moderate Type : recommended References : 1180851 1181874 1182936 1183628 1184435 1184997 1185239 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. From sle-updates at lists.suse.com Sat May 8 13:21:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 May 2021 15:21:04 +0200 (CEST) Subject: SUSE-IU-2021:442-1: Security update of suse-sles-15-sp2-chost-byos-v20210506-gen2 Message-ID: <20210508132104.405CEB460CC@westernhagen.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20210506-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:442-1 Image Tags : suse-sles-15-sp2-chost-byos-v20210506-gen2:20210506 Image Release : Severity : important Type : security References : 1027519 1047233 1065729 1113295 1152472 1152489 1153274 1154353 1155518 1156256 1156395 1159280 1160634 1161276 1165780 1167574 1167773 1168777 1169514 1169709 1171295 1173485 1174166 1175960 1175995 1177047 1177204 1177326 1178163 1178181 1178219 1178219 1178330 1178469 1178490 1178680 1179148 1179156 1179454 1179908 1180197 1180690 1180713 1180836 1180980 1181254 1181283 1181383 1181507 1181674 1181696 1181862 1181976 1181989 1182011 1182012 1182077 1182485 1182552 1182574 1182576 1182591 1182595 1182715 1182716 1182717 1182770 1182791 1182899 1182989 1183015 1183018 1183022 1183023 1183048 1183064 1183072 1183239 1183252 1183277 1183278 1183279 1183280 1183281 1183282 1183283 1183284 1183285 1183286 1183287 1183288 1183366 1183369 1183386 1183405 1183412 1183416 1183421 1183427 1183428 1183445 1183447 1183453 1183501 1183509 1183530 1183534 1183540 1183572 1183574 1183593 1183596 1183598 1183637 1183646 1183662 1183686 1183692 1183696 1183750 1183757 1183775 1183791 1183800 1183801 1183843 1183859 1183871 1183936 1184074 1184085 1184120 1184136 1184161 1184167 1184168 1184170 1184176 1184192 1184193 1184194 1184196 1184198 1184211 1184217 1184218 1184219 1184220 1184224 1184310 1184388 1184391 1184393 1184401 1184485 1184509 1184511 1184512 1184514 1184521 1184583 1184585 1184644 1184647 1184677 1184690 1184815 1185020 1185157 1185345 1185408 1185409 1185410 CVE-2019-18814 CVE-2019-19769 CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-27840 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20208 CVE-2021-20254 CVE-2021-20277 CVE-2021-20305 CVE-2021-25214 CVE-2021-25215 CVE-2021-25317 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28687 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28965 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-30002 CVE-2021-3156 CVE-2021-3308 CVE-2021-3428 CVE-2021-3444 CVE-2021-3468 CVE-2021-3483 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20210506-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1021-1 Released: Tue Apr 6 14:30:30 2021 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1175960 This update for cups fixes the following issues: - Fixed the web UI kerberos authentication (bsc#1175960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1028-1 Released: Tue Apr 6 17:54:37 2021 Summary: Security update for xen Type: security Severity: important References: 1027519,1177204,1179148,1180690,1181254,1181989,1182576,1183072,CVE-2021-28687,CVE-2021-3308 This update for xen fixes the following issues: - CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360) - CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368) - L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204) - L3: XEN domU crashed on resume when using the xl unpause command (bsc#1182576) - L3: xen: no needsreboot flag set (bsc#1180690) - kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148) - openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989) - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1161-1 Released: Tue Apr 13 11:35:57 2021 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1183239,CVE-2021-20208 This update for cifs-utils fixes the following issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container (bsc#1183239) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1205-1 Released: Thu Apr 15 15:14:31 2021 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1178490 This update for rsyslog fixes the following issues: - Fix groupname retrieval for large groups. (bsc#1178490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1238-1 Released: Fri Apr 16 10:58:27 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1047233,1065729,1113295,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1167574,1167773,1168777,1169514,1169709,1171295,1173485,1175995,1177326,1178163,1178181,1178330,1179454,1180197,1180980,1181383,1181507,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183405,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184074,1184120,1184167,1184168,1184170,1184176,1184192,1184193,1184194,1184196,1184198,1184211,1184217,1184218,1184219,1184220,1184224,1184388,1184391,1184393,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184647,CVE-2019-18814,CVE-2019-19769,CVE -2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) - drm/panfrost: Fix job timeout handling (bsc#1152472) - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - ionic: linearize tso skb with too many frags (bsc#1167773). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - stop_machine: mark helpers __always_inline (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: fix setting irq affinity (bsc#1184583). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1269-1 Released: Tue Apr 20 14:00:20 2021 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174166,1181696,1182012 This update for grub2 fixes the following issues: - Fix error `grub_file_filters not found` in Azure virtual machine. (bsc#1182012) - Fix executable stack marking in `grub-emu`. (bsc#1181696) - Remove `95_textmode` for PowerPC given that there's no efi port on that architecture. (bsc#1174166) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1275-1 Released: Tue Apr 20 14:31:26 2021 Summary: Security update for sudo Type: security Severity: important References: 1183936,CVE-2021-3156 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1280-1 Released: Tue Apr 20 14:34:19 2021 Summary: Security update for ruby2.5 Type: security Severity: moderate References: 1184644,CVE-2021-28965 This update for ruby2.5 fixes the following issues: - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1419-1 Released: Thu Apr 29 06:20:30 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1178219 This update for dracut fixes the following issues: - Fix for adding timeout to umount calls. (bsc#1178219) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1425-1 Released: Thu Apr 29 06:23:08 2021 Summary: Optional update for tcpdump Type: optional Severity: low References: 1183800 This update for tcpdump fixes the following issues: - Disabled five regression tests that fail with libpcap > 1.8.1 (bsc#1183800) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1444-1 Released: Thu Apr 29 16:17:34 2021 Summary: Security update for samba Type: security Severity: important References: 1178469,1179156,1183572,1183574,1184310,1184677,CVE-2020-27840,CVE-2021-20254,CVE-2021-20277 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - s3-libads: use dns name to open a ldap session (bsc#1184310). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1451-1 Released: Fri Apr 30 08:08:45 2021 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1185157 This update for dhcp fixes the following issues: - Use '/run' instead of '/var/run' for PIDFile in 'dhcrelay.service'. (bsc#1185157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1454-1 Released: Fri Apr 30 09:22:26 2021 Summary: Security update for cups Type: security Severity: important References: 1184161,CVE-2021-25317 This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1456-1 Released: Fri Apr 30 12:00:01 2021 Summary: Recommended update for cifs-utils Type: recommended Severity: important References: 1184815 This update for cifs-utils fixes the following issues: - Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update (bsc#1184815) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1462-1 Released: Fri Apr 30 14:54:23 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1181283,1184085 This update for cloud-init fixes the following issues: - Fixed an issue, where the bonding options were wrongly configured in SLE and openSUSE (bsc#1184085) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1471-1 Released: Tue May 4 08:36:57 2021 Summary: Security update for bind Type: security Severity: important References: 1183453,1185345,CVE-2021-25214,CVE-2021-25215 This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - make /usr/bin/delv in bind-tools position independent (bsc#1183453). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1493-1 Released: Tue May 4 17:13:34 2021 Summary: Security update for avahi Type: security Severity: moderate References: 1184521,CVE-2021-3468 This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1517-1 Released: Wed May 5 17:43:54 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1179908,1183421,CVE-2020-13987,CVE-2020-13988,CVE-2020-17437,CVE-2020-17438 This update for open-iscsi fixes the following issues: - Enabled asynchronous logins for iscsi.service (bsc#1183421) - Fixed a login issue when target is delayed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1534-1 Released: Thu May 6 17:05:07 2021 Summary: Recommended update for kexec-tools Type: recommended Severity: moderate References: 1185020 This update for kexec-tools fixes the following issue: - Hardening: link as Position-Independent Executable PIE (bsc#1185020). From sle-updates at lists.suse.com Sat May 8 13:24:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 May 2021 15:24:45 +0200 (CEST) Subject: SUSE-IU-2021:444-1: Security update of sles-15-sp2-chost-byos-v20210506 Message-ID: <20210508132445.42098B460CC@westernhagen.suse.de> SUSE Image Update Advisory: sles-15-sp2-chost-byos-v20210506 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:444-1 Image Tags : sles-15-sp2-chost-byos-v20210506:20210506 Image Release : Severity : important Type : security References : 1027519 1047233 1065729 1113295 1152472 1152489 1153274 1154353 1155518 1156256 1156395 1159280 1160634 1161276 1165780 1167574 1167773 1168777 1169514 1169709 1171295 1173485 1174166 1174304 1174306 1175740 1175741 1175960 1175995 1177047 1177204 1177326 1178163 1178181 1178219 1178219 1178330 1178469 1178490 1178680 1179031 1179032 1179148 1179156 1179454 1179908 1180197 1180304 1180690 1180713 1180836 1180980 1181254 1181383 1181507 1181674 1181696 1181862 1181976 1181989 1182011 1182012 1182077 1182485 1182552 1182574 1182576 1182591 1182595 1182715 1182716 1182717 1182770 1182791 1182793 1182899 1182989 1183015 1183018 1183022 1183023 1183048 1183064 1183072 1183239 1183252 1183277 1183278 1183279 1183280 1183281 1183282 1183283 1183284 1183285 1183286 1183287 1183288 1183366 1183369 1183386 1183405 1183412 1183414 1183415 1183416 1183421 1183427 1183428 1183445 1183447 1183453 1183501 1183509 1183530 1183534 1183540 1183572 1183574 1183593 1183596 1183598 1183637 1183646 1183662 1183686 1183692 1183696 1183750 1183757 1183775 1183791 1183800 1183801 1183843 1183859 1183871 1183936 1184074 1184120 1184136 1184161 1184167 1184168 1184170 1184176 1184192 1184193 1184194 1184196 1184198 1184211 1184217 1184218 1184219 1184220 1184224 1184310 1184388 1184391 1184393 1184401 1184485 1184509 1184511 1184512 1184514 1184521 1184583 1184585 1184644 1184647 1184677 1184690 1184815 1185020 1185345 1185408 1185409 1185410 CVE-2019-18814 CVE-2019-19769 CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-27840 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20208 CVE-2021-20254 CVE-2021-20277 CVE-2021-20305 CVE-2021-25214 CVE-2021-25215 CVE-2021-25317 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28687 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28965 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-30002 CVE-2021-3156 CVE-2021-3308 CVE-2021-3428 CVE-2021-3444 CVE-2021-3468 CVE-2021-3483 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container sles-15-sp2-chost-byos-v20210506 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1021-1 Released: Tue Apr 6 14:30:30 2021 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1175960 This update for cups fixes the following issues: - Fixed the web UI kerberos authentication (bsc#1175960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1028-1 Released: Tue Apr 6 17:54:37 2021 Summary: Security update for xen Type: security Severity: important References: 1027519,1177204,1179148,1180690,1181254,1181989,1182576,1183072,CVE-2021-28687,CVE-2021-3308 This update for xen fixes the following issues: - CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360) - CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368) - L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204) - L3: XEN domU crashed on resume when using the xl unpause command (bsc#1182576) - L3: xen: no needsreboot flag set (bsc#1180690) - kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148) - openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989) - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1161-1 Released: Tue Apr 13 11:35:57 2021 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1183239,CVE-2021-20208 This update for cifs-utils fixes the following issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container (bsc#1183239) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1205-1 Released: Thu Apr 15 15:14:31 2021 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1178490 This update for rsyslog fixes the following issues: - Fix groupname retrieval for large groups. (bsc#1178490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1238-1 Released: Fri Apr 16 10:58:27 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1047233,1065729,1113295,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1167574,1167773,1168777,1169514,1169709,1171295,1173485,1175995,1177326,1178163,1178181,1178330,1179454,1180197,1180980,1181383,1181507,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183405,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184074,1184120,1184167,1184168,1184170,1184176,1184192,1184193,1184194,1184196,1184198,1184211,1184217,1184218,1184219,1184220,1184224,1184388,1184391,1184393,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184647,CVE-2019-18814,CVE-2019-19769,CVE -2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) - drm/panfrost: Fix job timeout handling (bsc#1152472) - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - ionic: linearize tso skb with too many frags (bsc#1167773). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - stop_machine: mark helpers __always_inline (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: fix setting irq affinity (bsc#1184583). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1269-1 Released: Tue Apr 20 14:00:20 2021 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174166,1181696,1182012 This update for grub2 fixes the following issues: - Fix error `grub_file_filters not found` in Azure virtual machine. (bsc#1182012) - Fix executable stack marking in `grub-emu`. (bsc#1181696) - Remove `95_textmode` for PowerPC given that there's no efi port on that architecture. (bsc#1174166) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1275-1 Released: Tue Apr 20 14:31:26 2021 Summary: Security update for sudo Type: security Severity: important References: 1183936,CVE-2021-3156 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1280-1 Released: Tue Apr 20 14:34:19 2021 Summary: Security update for ruby2.5 Type: security Severity: moderate References: 1184644,CVE-2021-28965 This update for ruby2.5 fixes the following issues: - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1419-1 Released: Thu Apr 29 06:20:30 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1178219 This update for dracut fixes the following issues: - Fix for adding timeout to umount calls. (bsc#1178219) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1425-1 Released: Thu Apr 29 06:23:08 2021 Summary: Optional update for tcpdump Type: optional Severity: low References: 1183800 This update for tcpdump fixes the following issues: - Disabled five regression tests that fail with libpcap > 1.8.1 (bsc#1183800) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1444-1 Released: Thu Apr 29 16:17:34 2021 Summary: Security update for samba Type: security Severity: important References: 1178469,1179156,1183572,1183574,1184310,1184677,CVE-2020-27840,CVE-2021-20254,CVE-2021-20277 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - s3-libads: use dns name to open a ldap session (bsc#1184310). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1454-1 Released: Fri Apr 30 09:22:26 2021 Summary: Security update for cups Type: security Severity: important References: 1184161,CVE-2021-25317 This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1456-1 Released: Fri Apr 30 12:00:01 2021 Summary: Recommended update for cifs-utils Type: recommended Severity: important References: 1184815 This update for cifs-utils fixes the following issues: - Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update (bsc#1184815) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1471-1 Released: Tue May 4 08:36:57 2021 Summary: Security update for bind Type: security Severity: important References: 1183453,1185345,CVE-2021-25214,CVE-2021-25215 This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - make /usr/bin/delv in bind-tools position independent (bsc#1183453). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1493-1 Released: Tue May 4 17:13:34 2021 Summary: Security update for avahi Type: security Severity: moderate References: 1184521,CVE-2021-3468 This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1517-1 Released: Wed May 5 17:43:54 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1179908,1183421,CVE-2020-13987,CVE-2020-13988,CVE-2020-17437,CVE-2020-17438 This update for open-iscsi fixes the following issues: - Enabled asynchronous logins for iscsi.service (bsc#1183421) - Fixed a login issue when target is delayed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1533-1 Released: Thu May 6 17:04:28 2021 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Type: recommended Severity: moderate References: 1174304,1174306,1175740,1175741,1179031,1179032,1180304,1182793,1183414,1183415 This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes: Changes in google-guest-agent: - Update to version 20210223.01 (bsc#1183414, bsc#1183415) * add a match block to sshd_config for SAs (#99) * add ipv6 forwarded ip support (#101) * call restorecon on ssh host keys (#98) * Include startup and shutdown in preset (#96) * set metadata URL earlier (#94) - Fix activation logic of systemd services (bsc#1182793) - Update to version 20201211.00 * Require snapshot scripts to live under /etc/google/snapshots (#90) * Adding support for Windows user account password lengths between 15 and 255 characters. (#91) * Adding bkatyl to OWNERS (#92) Changes in google-guest-configs: - Update to version 20210317.00 (bsc#1183414, bsc#1183415) * dracut.conf wants spaces around values (#19) * make the same change for debian (#18) * change path back for google_nvme_id (#17) * move google_nvme_id to /usr/bin (#16) * correct udev rule syntax (#15) * prune el6 spec (#13) * Updated udev rules (#11) - Remove empty %{_sbindir} from %install and %files section - Remove service files (bsc#1180304) + google-optimize-local-ssd.service, google-set-multiqueue.service scripts are called from within the guest agent Changes in google-guest-oslogin: - Update to version 20210316.00 (bsc#1183414, bsc#1183415) * call correct function in pwenthelper (#53) - Update to version 20210108.00 * Update logic in the cache_refresh binary (#52) * remove old unused workflow files (#49) * add getpwnam,getpwuid,getgrnam,getgrgid (#42) * Change requires to not require the python library for policycoreutils. (#44) * add dial and recvline (#41) * PR feedback * new client component and tests Changes in google-osconfig-agent: - Update to version 20210316.00 (bsc#1183414, bsc#1183415) * call correct function in pwenthelper (#53) - Update to version 20210108.00 * Update logic in the cache_refresh binary (#52) * remove old unused workflow files (#49) - Update to version 20200925.00 (bsc#1179031, bsc#1179032) * add getpwnam,getpwuid,getgrnam,getgrgid (#42) * Change requires to not require the python library for policycoreutils. (#44) * add dial and recvline (#41) * PR feedback * new client component and tests - Update to version 20200819.00 (bsc#1175740, bsc#1175741) * deny non-2fa users (#37) * use asterisks instead (#39) * set passwords to ! (#38) * correct index 0 bug (#36) * Support security key generated OTP challenges. (#35) - No post action for ssh - Initial build (bsc#1174304, bsc#1174306, jsc#ECO-2099, jsc#PM-1945) + Version 20200507.00 + Replaces google-compute-engine-oslogin package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1534-1 Released: Thu May 6 17:05:07 2021 Summary: Recommended update for kexec-tools Type: recommended Severity: moderate References: 1185020 This update for kexec-tools fixes the following issue: - Hardening: link as Position-Independent Executable PIE (bsc#1185020). From sle-updates at lists.suse.com Mon May 10 13:15:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 May 2021 15:15:40 +0200 (CEST) Subject: SUSE-RU-2021:1546-1: moderate: Recommended update for dracut Message-ID: <20210510131540.59366FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1546-1 Rating: moderate References: #1178219 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issues: - Fix by adding timeout to umount calls. (bsc#1178219) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1546=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dracut-044.2-17.25.1 dracut-debuginfo-044.2-17.25.1 dracut-debugsource-044.2-17.25.1 dracut-fips-044.2-17.25.1 References: https://bugzilla.suse.com/1178219 From sle-updates at lists.suse.com Mon May 10 13:16:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 May 2021 15:16:44 +0200 (CEST) Subject: SUSE-RU-2021:1547-1: Recommended update for git Message-ID: <20210510131644.B48B7FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for git ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1547-1 Rating: low References: #1185147 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for git fixes the following issues: - Removed deprecated "syslog" option from git-daemon.service (bsc#1185147) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1547=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1547=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1547=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1547=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): git-2.26.2-3.34.1 git-arch-2.26.2-3.34.1 git-cvs-2.26.2-3.34.1 git-daemon-2.26.2-3.34.1 git-daemon-debuginfo-2.26.2-3.34.1 git-debuginfo-2.26.2-3.34.1 git-debugsource-2.26.2-3.34.1 git-email-2.26.2-3.34.1 git-gui-2.26.2-3.34.1 git-svn-2.26.2-3.34.1 git-svn-debuginfo-2.26.2-3.34.1 git-web-2.26.2-3.34.1 gitk-2.26.2-3.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): git-doc-2.26.2-3.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): git-2.26.2-3.34.1 git-arch-2.26.2-3.34.1 git-cvs-2.26.2-3.34.1 git-daemon-2.26.2-3.34.1 git-daemon-debuginfo-2.26.2-3.34.1 git-debuginfo-2.26.2-3.34.1 git-debugsource-2.26.2-3.34.1 git-email-2.26.2-3.34.1 git-gui-2.26.2-3.34.1 git-svn-2.26.2-3.34.1 git-svn-debuginfo-2.26.2-3.34.1 git-web-2.26.2-3.34.1 gitk-2.26.2-3.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): git-doc-2.26.2-3.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): git-core-2.26.2-3.34.1 git-core-debuginfo-2.26.2-3.34.1 git-debuginfo-2.26.2-3.34.1 git-debugsource-2.26.2-3.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): git-core-2.26.2-3.34.1 git-core-debuginfo-2.26.2-3.34.1 git-debuginfo-2.26.2-3.34.1 git-debugsource-2.26.2-3.34.1 References: https://bugzilla.suse.com/1185147 From sle-updates at lists.suse.com Mon May 10 13:17:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 May 2021 15:17:52 +0200 (CEST) Subject: SUSE-RU-2021:1545-1: moderate: Recommended update for subversion Message-ID: <20210510131752.AF621FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for subversion ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1545-1 Rating: moderate References: #1185052 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for subversion fixes the following issues: - Use `/run` in `/usr/lib/tmpfiles.d/svnserve.conf` as `/var/run` is already deprecated. (bsc#1185052) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1545=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1545=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1545=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1545=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1545=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1545=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.18.1 subversion-debugsource-1.10.6-3.18.1 subversion-server-1.10.6-3.18.1 subversion-server-debuginfo-1.10.6-3.18.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.18.1 subversion-debugsource-1.10.6-3.18.1 subversion-server-1.10.6-3.18.1 subversion-server-debuginfo-1.10.6-3.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.18.1 subversion-debugsource-1.10.6-3.18.1 subversion-perl-1.10.6-3.18.1 subversion-perl-debuginfo-1.10.6-3.18.1 subversion-python-1.10.6-3.18.1 subversion-python-debuginfo-1.10.6-3.18.1 subversion-tools-1.10.6-3.18.1 subversion-tools-debuginfo-1.10.6-3.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): subversion-bash-completion-1.10.6-3.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.18.1 subversion-debugsource-1.10.6-3.18.1 subversion-perl-1.10.6-3.18.1 subversion-perl-debuginfo-1.10.6-3.18.1 subversion-python-1.10.6-3.18.1 subversion-python-debuginfo-1.10.6-3.18.1 subversion-tools-1.10.6-3.18.1 subversion-tools-debuginfo-1.10.6-3.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): subversion-bash-completion-1.10.6-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-1.10.6-3.18.1 subversion-debuginfo-1.10.6-3.18.1 subversion-debugsource-1.10.6-3.18.1 subversion-devel-1.10.6-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): subversion-1.10.6-3.18.1 subversion-debuginfo-1.10.6-3.18.1 subversion-debugsource-1.10.6-3.18.1 subversion-devel-1.10.6-3.18.1 References: https://bugzilla.suse.com/1185052 From sle-updates at lists.suse.com Mon May 10 16:15:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 May 2021 18:15:33 +0200 (CEST) Subject: SUSE-RU-2021:1548-1: moderate: Recommended update for python-cryptography, python-cryptography-vectors, python-cffi, python-oslo.service Message-ID: <20210510161533.E7D52FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-cryptography, python-cryptography-vectors, python-cffi, python-oslo.service ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1548-1 Rating: moderate References: #1176784 ECO-3105 PM-2352 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for python-cryptography, python-cryptography-vectors, python-cffi, python-oslo.service fixes the following issues: - Update in SLE-12 to allow refreshing the Azure SDK. (bsc#1176784, jsc#ECO-3105, jsc#PM-2352) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1548=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1548=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1548=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1548=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-1548=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1548=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1548=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1548=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1548=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1548=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1548=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1548=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1548=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1548=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1548=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-oslo.service-1.31.8-3.3.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cffi-debuginfo-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 python3-cryptography-debuginfo-2.8-7.37.8 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-bcrypt-3.1.3-3.2.1 python-bcrypt-debuginfo-3.1.3-3.2.1 python-bcrypt-debugsource-3.1.3-3.2.1 python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 - SUSE OpenStack Cloud 9 (x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cffi-debuginfo-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 python3-cryptography-debuginfo-2.8-7.37.8 - SUSE OpenStack Cloud 9 (noarch): python-oslo.service-1.31.8-3.3.1 - SUSE OpenStack Cloud 8 (x86_64): python-bcrypt-3.1.3-3.2.1 python-bcrypt-debuginfo-3.1.3-3.2.1 python-bcrypt-debugsource-3.1.3-3.2.1 python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python3-cffi-1.11.5-5.16.2 python3-cffi-debuginfo-1.11.5-5.16.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cffi-debuginfo-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 python3-cryptography-debuginfo-2.8-7.37.8 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cffi-debuginfo-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 python3-cryptography-debuginfo-2.8-7.37.8 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cffi-debuginfo-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 python3-cryptography-debuginfo-2.8-7.37.8 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 - HPE Helion Openstack 8 (x86_64): python-bcrypt-3.1.3-3.2.1 python-bcrypt-debuginfo-3.1.3-3.2.1 python-bcrypt-debugsource-3.1.3-3.2.1 python-cffi-1.11.5-5.16.2 python-cffi-debuginfo-1.11.5-5.16.2 python-cffi-debugsource-1.11.5-5.16.2 python-cryptography-2.8-7.37.8 python-cryptography-debuginfo-2.8-7.37.8 python-cryptography-debugsource-2.8-7.37.8 python-xattr-0.7.5-6.5.6 python-xattr-debuginfo-0.7.5-6.5.6 python-xattr-debugsource-0.7.5-6.5.6 python3-cffi-1.11.5-5.16.2 python3-cryptography-2.8-7.37.8 References: https://bugzilla.suse.com/1176784 From sle-updates at lists.suse.com Mon May 10 16:16:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 May 2021 18:16:43 +0200 (CEST) Subject: SUSE-RU-2021:1550-1: moderate: Recommended update for pdsh, slurm_20_11 Message-ID: <20210510161643.4004BFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for pdsh, slurm_20_11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1550-1 Rating: moderate References: ECO-2412 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for pdsh, slurm_20_11 fixes the following issues: - Preparing pdsh for Slurm 20.11 (jsc#ECO-2412) - Simplify convoluted condition. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1550=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1550=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libnss_slurm2_20_11-20.11.4-3.8.1 libpmi0_20_11-20.11.4-3.8.1 libslurm36-20.11.4-3.8.1 perl-slurm_20_11-20.11.4-3.8.1 slurm_20_11-20.11.4-3.8.1 slurm_20_11-auth-none-20.11.4-3.8.1 slurm_20_11-config-20.11.4-3.8.1 slurm_20_11-config-man-20.11.4-3.8.1 slurm_20_11-devel-20.11.4-3.8.1 slurm_20_11-doc-20.11.4-3.8.1 slurm_20_11-lua-20.11.4-3.8.1 slurm_20_11-munge-20.11.4-3.8.1 slurm_20_11-node-20.11.4-3.8.1 slurm_20_11-pam_slurm-20.11.4-3.8.1 slurm_20_11-plugins-20.11.4-3.8.1 slurm_20_11-slurmdbd-20.11.4-3.8.1 slurm_20_11-sql-20.11.4-3.8.1 slurm_20_11-sview-20.11.4-3.8.1 slurm_20_11-torque-20.11.4-3.8.1 slurm_20_11-webdoc-20.11.4-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libnss_slurm2_20_11-20.11.4-3.8.1 libpmi0_20_11-20.11.4-3.8.1 libslurm36-20.11.4-3.8.1 perl-slurm_20_11-20.11.4-3.8.1 slurm_20_11-20.11.4-3.8.1 slurm_20_11-auth-none-20.11.4-3.8.1 slurm_20_11-config-20.11.4-3.8.1 slurm_20_11-config-man-20.11.4-3.8.1 slurm_20_11-devel-20.11.4-3.8.1 slurm_20_11-doc-20.11.4-3.8.1 slurm_20_11-lua-20.11.4-3.8.1 slurm_20_11-munge-20.11.4-3.8.1 slurm_20_11-node-20.11.4-3.8.1 slurm_20_11-pam_slurm-20.11.4-3.8.1 slurm_20_11-plugins-20.11.4-3.8.1 slurm_20_11-slurmdbd-20.11.4-3.8.1 slurm_20_11-sql-20.11.4-3.8.1 slurm_20_11-sview-20.11.4-3.8.1 slurm_20_11-torque-20.11.4-3.8.1 slurm_20_11-webdoc-20.11.4-3.8.1 References: From sle-updates at lists.suse.com Mon May 10 16:17:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 May 2021 18:17:41 +0200 (CEST) Subject: SUSE-RU-2021:1549-1: moderate: Recommended update for procps Message-ID: <20210510161741.2025FFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for procps ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1549-1 Rating: moderate References: #1185417 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1549=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1549=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1549=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libprocps7-3.3.15-7.19.1 libprocps7-debuginfo-3.3.15-7.19.1 procps-3.3.15-7.19.1 procps-debuginfo-3.3.15-7.19.1 procps-debugsource-3.3.15-7.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-7.19.1 libprocps7-debuginfo-3.3.15-7.19.1 procps-3.3.15-7.19.1 procps-debuginfo-3.3.15-7.19.1 procps-debugsource-3.3.15-7.19.1 procps-devel-3.3.15-7.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-7.19.1 libprocps7-debuginfo-3.3.15-7.19.1 procps-3.3.15-7.19.1 procps-debuginfo-3.3.15-7.19.1 procps-debugsource-3.3.15-7.19.1 procps-devel-3.3.15-7.19.1 References: https://bugzilla.suse.com/1185417 From sle-updates at lists.suse.com Mon May 10 22:15:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 00:15:47 +0200 (CEST) Subject: SUSE-RU-2021:1553-1: Recommended update for gdm Message-ID: <20210510221547.BE3B6FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1553-1 Rating: low References: #1185146 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issues: - Removed deprecated StandardOutput=syslog in gdm.service file (bsc#1185146) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1553=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1553=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gdm-3.34.1-8.18.1 gdm-debuginfo-3.34.1-8.18.1 gdm-debugsource-3.34.1-8.18.1 gdm-devel-3.34.1-8.18.1 libgdm1-3.34.1-8.18.1 libgdm1-debuginfo-3.34.1-8.18.1 typelib-1_0-Gdm-1_0-3.34.1-8.18.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): gdm-lang-3.34.1-8.18.1 gdm-systemd-3.34.1-8.18.1 gdmflexiserver-3.34.1-8.18.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gdm-3.34.1-8.18.1 gdm-debuginfo-3.34.1-8.18.1 gdm-debugsource-3.34.1-8.18.1 gdm-devel-3.34.1-8.18.1 libgdm1-3.34.1-8.18.1 libgdm1-debuginfo-3.34.1-8.18.1 typelib-1_0-Gdm-1_0-3.34.1-8.18.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gdm-lang-3.34.1-8.18.1 gdm-systemd-3.34.1-8.18.1 gdmflexiserver-3.34.1-8.18.1 References: https://bugzilla.suse.com/1185146 From sle-updates at lists.suse.com Mon May 10 22:16:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 00:16:55 +0200 (CEST) Subject: SUSE-RU-2021:1552-1: moderate: Recommended update for strongswan Message-ID: <20210510221655.11B9BFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1552-1 Rating: moderate References: #1185363 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for strongswan fixes the following issues: - Added support for AES CCM aead algorithms to openssl plugin (bsc#1185363) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-1552=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1552=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1552=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1552=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1552=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1552=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): strongswan-debuginfo-5.8.2-11.11.1 strongswan-debugsource-5.8.2-11.11.1 strongswan-nm-5.8.2-11.11.1 strongswan-nm-debuginfo-5.8.2-11.11.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): strongswan-debuginfo-5.8.2-11.11.1 strongswan-debugsource-5.8.2-11.11.1 strongswan-nm-5.8.2-11.11.1 strongswan-nm-debuginfo-5.8.2-11.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): strongswan-debuginfo-5.8.2-11.11.1 strongswan-debugsource-5.8.2-11.11.1 strongswan-nm-5.8.2-11.11.1 strongswan-nm-debuginfo-5.8.2-11.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): strongswan-debuginfo-5.8.2-11.11.1 strongswan-debugsource-5.8.2-11.11.1 strongswan-nm-5.8.2-11.11.1 strongswan-nm-debuginfo-5.8.2-11.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-11.11.1 strongswan-debuginfo-5.8.2-11.11.1 strongswan-debugsource-5.8.2-11.11.1 strongswan-hmac-5.8.2-11.11.1 strongswan-ipsec-5.8.2-11.11.1 strongswan-ipsec-debuginfo-5.8.2-11.11.1 strongswan-libs0-5.8.2-11.11.1 strongswan-libs0-debuginfo-5.8.2-11.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): strongswan-doc-5.8.2-11.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-11.11.1 strongswan-debuginfo-5.8.2-11.11.1 strongswan-debugsource-5.8.2-11.11.1 strongswan-hmac-5.8.2-11.11.1 strongswan-ipsec-5.8.2-11.11.1 strongswan-ipsec-debuginfo-5.8.2-11.11.1 strongswan-libs0-5.8.2-11.11.1 strongswan-libs0-debuginfo-5.8.2-11.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): strongswan-doc-5.8.2-11.11.1 References: https://bugzilla.suse.com/1185363 From sle-updates at lists.suse.com Mon May 10 22:20:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 00:20:20 +0200 (CEST) Subject: SUSE-RU-2021:1551-1: moderate: Recommended update for supportutils Message-ID: <20210510222020.95366FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1551-1 Rating: moderate References: #1021918 #1043601 #1051419 #1063765 #1089870 #1127734 #1169348 #1179188 #1181351 #1184828 #1184911 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for supportutils fixes the following issues: - Performance improvements on large systems (bsc#1127734) - Added a check for package signatures in rpm.txt (bsc#1021918) - Performance improvements when the 'find' command is being used (bsc#1184911) - Fixed a bug where the updates.txt file did not list products in XML format anymore (bsc#1181351) - Fixed a bug where listing files under /sys fails when their names contain a backslash (bsc#1089870) - Added drbd information and configuration details to drbd.txt (bsc#1063765) - Added list-timers and list-jobs to systemd.txt (bsc#1169348) - Fixed a bug where supportconfig only searched for nfs, but not for nfs4 in /etc/fstab (bsc#1184828) - Added support for capturing rotated logs with different compression methods (bsc#1179188) - Removed deprecated mii-tool (bsc#1043601) - Added -u for HTTPS and -a for FTPES uploads to SUSE FTP servers (bsc#1051419) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1551=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1551=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1551=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1551=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1551=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1551=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1551=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1551=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1551=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1551=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1551=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1551=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1551=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1551=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): supportutils-3.0.9-95.45.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): supportutils-3.0.9-95.45.1 - SUSE OpenStack Cloud 9 (noarch): supportutils-3.0.9-95.45.1 - SUSE OpenStack Cloud 8 (noarch): supportutils-3.0.9-95.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): supportutils-3.0.9-95.45.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): supportutils-3.0.9-95.45.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): supportutils-3.0.9-95.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): supportutils-3.0.9-95.45.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): supportutils-3.0.9-95.45.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): supportutils-3.0.9-95.45.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (noarch): supportutils-3.0.9-95.45.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (noarch): supportutils-3.0.9-95.45.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): supportutils-3.0.9-95.45.1 - HPE Helion Openstack 8 (noarch): supportutils-3.0.9-95.45.1 References: https://bugzilla.suse.com/1021918 https://bugzilla.suse.com/1043601 https://bugzilla.suse.com/1051419 https://bugzilla.suse.com/1063765 https://bugzilla.suse.com/1089870 https://bugzilla.suse.com/1127734 https://bugzilla.suse.com/1169348 https://bugzilla.suse.com/1179188 https://bugzilla.suse.com/1181351 https://bugzilla.suse.com/1184828 https://bugzilla.suse.com/1184911 From sle-updates at lists.suse.com Tue May 11 06:17:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 08:17:07 +0200 (CEST) Subject: SUSE-CU-2021:154-1: Recommended update of suse/sle15 Message-ID: <20210511061707.1A3D6B461B0@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:154-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.389 Container Release : 4.22.389 Severity : moderate Type : recommended References : 1185417 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) From sle-updates at lists.suse.com Tue May 11 06:31:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 08:31:26 +0200 (CEST) Subject: SUSE-CU-2021:155-1: Recommended update of suse/sle15 Message-ID: <20210511063126.4C3B8B461B0@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:155-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.449 Container Release : 6.2.449 Severity : moderate Type : recommended References : 1185417 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) From sle-updates at lists.suse.com Tue May 11 06:40:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 08:40:11 +0200 (CEST) Subject: SUSE-CU-2021:156-1: Recommended update of suse/sle15 Message-ID: <20210511064011.30E9DB461B0@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:156-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.910 Container Release : 8.2.910 Severity : moderate Type : recommended References : 1185417 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) From sle-updates at lists.suse.com Tue May 11 13:16:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 15:16:39 +0200 (CEST) Subject: SUSE-SU-2021:1557-1: moderate: Security update for python3 Message-ID: <20210511131639.6C3E1FF0F@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1557-1 Rating: moderate References: #1183374 Cross-References: CVE-2021-3426 CVSS scores: CVE-2021-3426 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1557=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1557=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1557=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1557=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1557=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libpython3_6m1_0-3.6.13-3.81.1 libpython3_6m1_0-debuginfo-3.6.13-3.81.1 python3-3.6.13-3.81.2 python3-base-3.6.13-3.81.1 python3-base-debuginfo-3.6.13-3.81.1 python3-core-debugsource-3.6.13-3.81.1 python3-debuginfo-3.6.13-3.81.2 python3-debugsource-3.6.13-3.81.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.13-3.81.1 python3-tools-3.6.13-3.81.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): python3-tools-3.6.13-3.81.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.13-3.81.1 libpython3_6m1_0-debuginfo-3.6.13-3.81.1 python3-3.6.13-3.81.2 python3-base-3.6.13-3.81.1 python3-base-debuginfo-3.6.13-3.81.1 python3-core-debugsource-3.6.13-3.81.1 python3-curses-3.6.13-3.81.2 python3-curses-debuginfo-3.6.13-3.81.2 python3-dbm-3.6.13-3.81.2 python3-dbm-debuginfo-3.6.13-3.81.2 python3-debuginfo-3.6.13-3.81.2 python3-debugsource-3.6.13-3.81.2 python3-devel-3.6.13-3.81.1 python3-devel-debuginfo-3.6.13-3.81.1 python3-idle-3.6.13-3.81.2 python3-tk-3.6.13-3.81.2 python3-tk-debuginfo-3.6.13-3.81.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.13-3.81.1 libpython3_6m1_0-debuginfo-3.6.13-3.81.1 python3-3.6.13-3.81.2 python3-base-3.6.13-3.81.1 python3-curses-3.6.13-3.81.2 python3-curses-debuginfo-3.6.13-3.81.2 python3-dbm-3.6.13-3.81.2 python3-dbm-debuginfo-3.6.13-3.81.2 python3-debuginfo-3.6.13-3.81.2 python3-debugsource-3.6.13-3.81.2 python3-devel-3.6.13-3.81.1 python3-devel-debuginfo-3.6.13-3.81.1 python3-idle-3.6.13-3.81.2 python3-tk-3.6.13-3.81.2 python3-tk-debuginfo-3.6.13-3.81.2 References: https://www.suse.com/security/cve/CVE-2021-3426.html https://bugzilla.suse.com/1183374 From sle-updates at lists.suse.com Tue May 11 13:17:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 15:17:43 +0200 (CEST) Subject: SUSE-SU-2021:1559-1: moderate: Security update for drbd-utils Message-ID: <20210511131743.A5D15FF0F@maintenance.suse.de> SUSE Security Update: Security update for drbd-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1559-1 Rating: moderate References: #1185132 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for drbd-utils fixes the following issues: - Hardening: Made all binaries position independent (bsc#1185132) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-1559=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): drbd-utils-9.6.0-3.15.1 drbd-utils-debuginfo-9.6.0-3.15.1 drbd-utils-debugsource-9.6.0-3.15.1 References: https://bugzilla.suse.com/1185132 From sle-updates at lists.suse.com Tue May 11 13:18:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 15:18:45 +0200 (CEST) Subject: SUSE-SU-2021:1561-1: Security update for drbd-utils Message-ID: <20210511131845.6A601FF0F@maintenance.suse.de> SUSE Security Update: Security update for drbd-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1561-1 Rating: low References: #1185132 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for drbd-utils fixes the following issues: - make all binaries in position independent (bsc#1185132). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-1561=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1561=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): drbd-utils-9.13.0-3.12.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): drbd-utils-9.13.0-3.12.1 drbd-utils-debuginfo-9.13.0-3.12.1 drbd-utils-debugsource-9.13.0-3.12.1 References: https://bugzilla.suse.com/1185132 From sle-updates at lists.suse.com Tue May 11 13:19:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 15:19:54 +0200 (CEST) Subject: SUSE-SU-2021:1554-1: important: Security update for java-11-openjdk Message-ID: <20210511131954.CA5CBFF0F@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1554-1 Rating: important References: #1184606 #1185055 #1185056 Cross-References: CVE-2021-2161 CVE-2021-2163 CVSS scores: CVE-2021-2161 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-2161 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.11+9 (April 2021 CPU) * CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055) * CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder (bsc#1185056) - moved mozilla-nss dependency to java-11-openjdk-headless package, this is necessary to be able to do crypto with just java-11-openjdk-headless installed (bsc#1184606). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1554=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1554=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1554=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1554=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1554=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1554=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1554=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1554=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1554=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1554=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1554=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1554=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1554=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1554=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1554=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1554=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1554=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Manager Proxy 4.0 (x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): java-11-openjdk-javadoc-11.0.11.0-3.56.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): java-11-openjdk-javadoc-11.0.11.0-3.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 - SUSE CaaS Platform 4.0 (x86_64): java-11-openjdk-11.0.11.0-3.56.1 java-11-openjdk-debuginfo-11.0.11.0-3.56.1 java-11-openjdk-debugsource-11.0.11.0-3.56.1 java-11-openjdk-demo-11.0.11.0-3.56.1 java-11-openjdk-devel-11.0.11.0-3.56.1 java-11-openjdk-headless-11.0.11.0-3.56.1 References: https://www.suse.com/security/cve/CVE-2021-2161.html https://www.suse.com/security/cve/CVE-2021-2163.html https://bugzilla.suse.com/1184606 https://bugzilla.suse.com/1185055 https://bugzilla.suse.com/1185056 From sle-updates at lists.suse.com Tue May 11 13:21:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 15:21:14 +0200 (CEST) Subject: SUSE-RU-2021:1555-1: moderate: Recommended update for linuxrc Message-ID: <20210511132114.0C8E6FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for linuxrc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1555-1 Rating: moderate References: #1185304 #1185498 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for linuxrc fixes the following issues: Update from version 7.0.15.5 to version 7.0.15.6 - Do not ask for ssh password if `ssh.password.enc` is set (bsc#1185304) - Provide `linuxrc` also in the `SUSE Linux Enterprise Development Tools` module (bsc#1185498) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1555=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): linuxrc-7.0.15.6-3.15.1 linuxrc-debuginfo-7.0.15.6-3.15.1 linuxrc-debugsource-7.0.15.6-3.15.1 References: https://bugzilla.suse.com/1185304 https://bugzilla.suse.com/1185498 From sle-updates at lists.suse.com Tue May 11 13:22:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 15:22:20 +0200 (CEST) Subject: SUSE-RU-2021:1563-1: moderate: Recommended update for maven Message-ID: <20210511132220.2E52CFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for maven ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1563-1 Rating: moderate References: #1184022 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemtap fixes the following issues: - Releasing maven for SLE-15 SP1 and SP2. (bsc#1184022) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1563=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1563=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): maven-3.6.3-4.2.1 maven-lib-3.6.3-4.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): maven-3.6.3-4.2.1 maven-lib-3.6.3-4.2.1 References: https://bugzilla.suse.com/1184022 From sle-updates at lists.suse.com Tue May 11 13:23:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 15:23:23 +0200 (CEST) Subject: SUSE-RU-2021:1562-1: moderate: Recommended update for amazon-ecs-init Message-ID: <20210511132323.91A5CFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1562-1 Rating: moderate References: #1182343 #1182344 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for amazon-ecs-init contains the following fixes: - Fix for an issue where no restart happens when ECS Agent exits with exit code 5 (bsc#1182343, bsc#1182344) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1562=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-1562=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): amazon-ecs-init-1.50.1-4.5.3 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): amazon-ecs-init-1.50.1-4.5.3 References: https://bugzilla.suse.com/1182343 https://bugzilla.suse.com/1182344 From sle-updates at lists.suse.com Tue May 11 13:24:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 15:24:29 +0200 (CEST) Subject: SUSE-SU-2021:1560-1: moderate: Security update for drbd-utils Message-ID: <20210511132429.0AB34FF0F@maintenance.suse.de> SUSE Security Update: Security update for drbd-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1560-1 Rating: moderate References: #1185132 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for drbd-utils fixes the following issues: - Hardening: Made all binaries position independent (bsc#1185132) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1560=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): drbd-utils-9.6.0-6.15.1 drbd-utils-debuginfo-9.6.0-6.15.1 drbd-utils-debugsource-9.6.0-6.15.1 References: https://bugzilla.suse.com/1185132 From sle-updates at lists.suse.com Tue May 11 16:15:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 18:15:23 +0200 (CEST) Subject: SUSE-SU-2021:1564-1: important: Security update for shim Message-ID: <20210511161523.1F53FFF0F@maintenance.suse.de> SUSE Security Update: Security update for shim ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1564-1 Rating: important References: #1177315 #1182057 #1185464 Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for shim fixes the following issues: - Update to the unified shim binary for SBAT support (bsc#1182057) + Merged EKU codesign check (bsc#1177315) - shim-install: Always assume "removable" for Azure to avoid the endless reset loop (bsc#1185464). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1564=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1564=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1564=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1564=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1564=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1564=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1564=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1564=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1564=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1564=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1564=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 - SUSE Manager Server 4.0 (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 - SUSE Manager Proxy 4.0 (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 - SUSE Enterprise Storage 6 (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 - SUSE CaaS Platform 4.0 (x86_64): shim-15.4-3.20.1 shim-debuginfo-15.4-3.20.1 shim-debugsource-15.4-3.20.1 References: https://bugzilla.suse.com/1177315 https://bugzilla.suse.com/1182057 https://bugzilla.suse.com/1185464 From sle-updates at lists.suse.com Tue May 11 16:16:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 May 2021 18:16:39 +0200 (CEST) Subject: SUSE-RU-2021:1565-1: moderate: Recommended update for krb5 Message-ID: <20210511161639.E44CCFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1565-1 Rating: moderate References: #1185163 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1565=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1565=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1565=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1565=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1565=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): krb5-1.16.3-3.18.1 krb5-debuginfo-1.16.3-3.18.1 krb5-debugsource-1.16.3-3.18.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.16.3-3.18.1 krb5-debugsource-1.16.3-3.18.1 krb5-plugin-kdb-ldap-1.16.3-3.18.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.18.1 krb5-server-1.16.3-3.18.1 krb5-server-debuginfo-1.16.3-3.18.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.16.3-3.18.1 krb5-debugsource-1.16.3-3.18.1 krb5-plugin-kdb-ldap-1.16.3-3.18.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.18.1 krb5-server-1.16.3-3.18.1 krb5-server-debuginfo-1.16.3-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): krb5-1.16.3-3.18.1 krb5-client-1.16.3-3.18.1 krb5-client-debuginfo-1.16.3-3.18.1 krb5-debuginfo-1.16.3-3.18.1 krb5-debugsource-1.16.3-3.18.1 krb5-devel-1.16.3-3.18.1 krb5-plugin-preauth-otp-1.16.3-3.18.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.18.1 krb5-plugin-preauth-pkinit-1.16.3-3.18.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): krb5-32bit-1.16.3-3.18.1 krb5-32bit-debuginfo-1.16.3-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): krb5-1.16.3-3.18.1 krb5-client-1.16.3-3.18.1 krb5-client-debuginfo-1.16.3-3.18.1 krb5-debuginfo-1.16.3-3.18.1 krb5-debugsource-1.16.3-3.18.1 krb5-devel-1.16.3-3.18.1 krb5-plugin-preauth-otp-1.16.3-3.18.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.18.1 krb5-plugin-preauth-pkinit-1.16.3-3.18.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): krb5-32bit-1.16.3-3.18.1 krb5-32bit-debuginfo-1.16.3-3.18.1 References: https://bugzilla.suse.com/1185163 From sle-updates at lists.suse.com Wed May 12 06:13:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 08:13:06 +0200 (CEST) Subject: SUSE-CU-2021:157-1: Recommended update of suse/sle15 Message-ID: <20210512061306.6D01FB46F23@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:157-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.451 Container Release : 6.2.451 Severity : moderate Type : recommended References : 1185163 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); From sle-updates at lists.suse.com Wed May 12 06:21:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 08:21:46 +0200 (CEST) Subject: SUSE-CU-2021:158-1: Recommended update of suse/sle15 Message-ID: <20210512062146.81D3DB46F23@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:158-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.912 Container Release : 8.2.912 Severity : moderate Type : recommended References : 1185163 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); From sle-updates at lists.suse.com Wed May 12 13:16:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:16:36 +0200 (CEST) Subject: SUSE-SU-2021:14724-1: important: Security update for the Linux Kernel Message-ID: <20210512131636.C47CAFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14724-1 Rating: important References: #1056134 #1180963 #1182715 #1182716 #1182717 #1183400 #1183696 #1184120 #1184194 #1184198 #1184208 #1184211 #1184393 Cross-References: CVE-2020-35519 CVE-2020-36322 CVE-2021-20261 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28950 CVE-2021-28972 CVE-2021-29650 CVE-2021-30002 CVE-2021-3483 CVSS scores: CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-20261 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20261 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28950: Fixed an infinite loop because a retry loop continually finds the same bad inode (bsc#1184194). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2021-20261: Fixed a race condition in the implementation of the floppy disk drive controller driver software (bsc#1183400). - CVE-2020-36322: Fixed an issue in the FUSE filesystem implementation which could have caused a system crash (bsc#1184211). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). The following non-security bugs were fixed: - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1056134, bsc#1180963). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kernel-source-14724=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-14724=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-14724=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): kernel-default-3.0.101-108.126.1 kernel-default-base-3.0.101-108.126.1 kernel-default-devel-3.0.101-108.126.1 kernel-source-3.0.101-108.126.1 kernel-syms-3.0.101-108.126.1 kernel-trace-3.0.101-108.126.1 kernel-trace-base-3.0.101-108.126.1 kernel-trace-devel-3.0.101-108.126.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): kernel-ec2-3.0.101-108.126.1 kernel-ec2-base-3.0.101-108.126.1 kernel-ec2-devel-3.0.101-108.126.1 kernel-xen-3.0.101-108.126.1 kernel-xen-base-3.0.101-108.126.1 kernel-xen-devel-3.0.101-108.126.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): kernel-default-man-3.0.101-108.126.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): kernel-bigmem-3.0.101-108.126.1 kernel-bigmem-base-3.0.101-108.126.1 kernel-bigmem-devel-3.0.101-108.126.1 kernel-ppc64-3.0.101-108.126.1 kernel-ppc64-base-3.0.101-108.126.1 kernel-ppc64-devel-3.0.101-108.126.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): kernel-pae-3.0.101-108.126.1 kernel-pae-base-3.0.101-108.126.1 kernel-pae-devel-3.0.101-108.126.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.126.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.126.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.126.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.126.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.126.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.126.1 kernel-default-debugsource-3.0.101-108.126.1 kernel-trace-debuginfo-3.0.101-108.126.1 kernel-trace-debugsource-3.0.101-108.126.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.126.1 kernel-trace-devel-debuginfo-3.0.101-108.126.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.126.1 kernel-ec2-debugsource-3.0.101-108.126.1 kernel-xen-debuginfo-3.0.101-108.126.1 kernel-xen-debugsource-3.0.101-108.126.1 kernel-xen-devel-debuginfo-3.0.101-108.126.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.126.1 kernel-bigmem-debugsource-3.0.101-108.126.1 kernel-ppc64-debuginfo-3.0.101-108.126.1 kernel-ppc64-debugsource-3.0.101-108.126.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.126.1 kernel-pae-debugsource-3.0.101-108.126.1 kernel-pae-devel-debuginfo-3.0.101-108.126.1 References: https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-20261.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29650.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1056134 https://bugzilla.suse.com/1180963 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183400 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184393 From sle-updates at lists.suse.com Wed May 12 13:18:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:18:44 +0200 (CEST) Subject: SUSE-RU-2021:1570-1: moderate: Recommended update for python-paramiko Message-ID: <20210512131844.B98D6FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1570-1 Rating: moderate References: #1178341 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-paramiko fixes the following issue: - Do not use deprecated methods. SUSE Linux Enterprise 15-SP1 and newer have `python-cryptography 2.8`. (bsc#1178341) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1570=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1570=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1570=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1570=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1570=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1570=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-1570=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-1570=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1570=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1570=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1570=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1570=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1570=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): python2-paramiko-2.4.2-6.9.1 python3-paramiko-2.4.2-6.9.1 - SUSE Manager Retail Branch Server 4.0 (noarch): python2-paramiko-2.4.2-6.9.1 python3-paramiko-2.4.2-6.9.1 - SUSE Manager Proxy 4.0 (noarch): python2-paramiko-2.4.2-6.9.1 python3-paramiko-2.4.2-6.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): python2-paramiko-2.4.2-6.9.1 python3-paramiko-2.4.2-6.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): python2-paramiko-2.4.2-6.9.1 python3-paramiko-2.4.2-6.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): python2-paramiko-2.4.2-6.9.1 python3-paramiko-2.4.2-6.9.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-paramiko-2.4.2-6.9.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-paramiko-2.4.2-6.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-paramiko-2.4.2-6.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-paramiko-2.4.2-6.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): python2-paramiko-2.4.2-6.9.1 python3-paramiko-2.4.2-6.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): python2-paramiko-2.4.2-6.9.1 python3-paramiko-2.4.2-6.9.1 - SUSE Enterprise Storage 6 (noarch): python2-paramiko-2.4.2-6.9.1 python3-paramiko-2.4.2-6.9.1 - SUSE CaaS Platform 4.0 (noarch): python2-paramiko-2.4.2-6.9.1 python3-paramiko-2.4.2-6.9.1 References: https://bugzilla.suse.com/1178341 From sle-updates at lists.suse.com Wed May 12 13:19:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:19:52 +0200 (CEST) Subject: SUSE-SU-2021:1571-1: important: Security update for the Linux Kernel Message-ID: <20210512131952.3EA8CFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1571-1 Rating: important References: #1043990 #1055117 #1065729 #1152457 #1152489 #1155518 #1156395 #1167260 #1167574 #1168838 #1174416 #1174426 #1175995 #1178089 #1179243 #1179851 #1180846 #1181161 #1182613 #1183063 #1183203 #1183289 #1184208 #1184209 #1184436 #1184485 #1184514 #1184585 #1184650 #1184724 #1184728 #1184730 #1184731 #1184736 #1184737 #1184738 #1184740 #1184741 #1184742 #1184760 #1184811 #1184893 #1184934 #1184942 #1184957 #1184969 #1184984 #1185041 #1185113 #1185233 #1185244 #1185269 #1185365 #1185454 #1185472 #1185491 #1185549 #1185586 #1185587 Cross-References: CVE-2021-29155 CVE-2021-29650 CVSS scores: CVE-2021-29155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 57 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942). The following non-security bugs were fixed: - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - arm: dts: add imx7d pcf2127 fix to blacklist - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf, libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - bpf, samples: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bsg: free the request before return error code (git-fixes). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: qcom: Put child node before return (git-fixes). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - dm raid: fix discard limits for raid1 (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: prevent ice_open and ice_stop during reset (git-fixes). - igb: check timestamp validity (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iopoll: introduce read_poll_timeout macro (git-fixes). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000" (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - Move upstreamed i915 fix into sorted section - mt7601u: fix always true expression (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mtd: spi-nor: Rename "n25q512a" to "mt25qu512a (n25q512a)" (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - ocfs2: fix a use after free on error (bsc#1184738). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use "aer" variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use "bridge" for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move "dbi" accesses to post common DWC initialization (git-fixes). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rpm/constraints.in: bump disk space to 45GB on riscv64 - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - sata_mv: add IRQ checks (git-fixes). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: fix return value for unsupported ioctls (git-fixes). - usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - vxlan: move debug check after netdev unregister (git-fixes). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1571=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-36.2 cluster-md-kmp-rt-debuginfo-5.3.18-36.2 dlm-kmp-rt-5.3.18-36.2 dlm-kmp-rt-debuginfo-5.3.18-36.2 gfs2-kmp-rt-5.3.18-36.2 gfs2-kmp-rt-debuginfo-5.3.18-36.2 kernel-rt-5.3.18-36.2 kernel-rt-debuginfo-5.3.18-36.2 kernel-rt-debugsource-5.3.18-36.2 kernel-rt-devel-5.3.18-36.2 kernel-rt-devel-debuginfo-5.3.18-36.2 kernel-rt_debug-5.3.18-36.2 kernel-rt_debug-debuginfo-5.3.18-36.2 kernel-rt_debug-debugsource-5.3.18-36.2 kernel-rt_debug-devel-5.3.18-36.2 kernel-rt_debug-devel-debuginfo-5.3.18-36.2 kernel-syms-rt-5.3.18-36.1 ocfs2-kmp-rt-5.3.18-36.2 ocfs2-kmp-rt-debuginfo-5.3.18-36.2 - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-36.2 kernel-source-rt-5.3.18-36.2 References: https://www.suse.com/security/cve/CVE-2021-29155.html https://www.suse.com/security/cve/CVE-2021-29650.html https://bugzilla.suse.com/1043990 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1167260 https://bugzilla.suse.com/1167574 https://bugzilla.suse.com/1168838 https://bugzilla.suse.com/1174416 https://bugzilla.suse.com/1174426 https://bugzilla.suse.com/1175995 https://bugzilla.suse.com/1178089 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1179851 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1182613 https://bugzilla.suse.com/1183063 https://bugzilla.suse.com/1183203 https://bugzilla.suse.com/1183289 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1184436 https://bugzilla.suse.com/1184485 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184585 https://bugzilla.suse.com/1184650 https://bugzilla.suse.com/1184724 https://bugzilla.suse.com/1184728 https://bugzilla.suse.com/1184730 https://bugzilla.suse.com/1184731 https://bugzilla.suse.com/1184736 https://bugzilla.suse.com/1184737 https://bugzilla.suse.com/1184738 https://bugzilla.suse.com/1184740 https://bugzilla.suse.com/1184741 https://bugzilla.suse.com/1184742 https://bugzilla.suse.com/1184760 https://bugzilla.suse.com/1184811 https://bugzilla.suse.com/1184893 https://bugzilla.suse.com/1184934 https://bugzilla.suse.com/1184942 https://bugzilla.suse.com/1184957 https://bugzilla.suse.com/1184969 https://bugzilla.suse.com/1184984 https://bugzilla.suse.com/1185041 https://bugzilla.suse.com/1185113 https://bugzilla.suse.com/1185233 https://bugzilla.suse.com/1185244 https://bugzilla.suse.com/1185269 https://bugzilla.suse.com/1185365 https://bugzilla.suse.com/1185454 https://bugzilla.suse.com/1185472 https://bugzilla.suse.com/1185491 https://bugzilla.suse.com/1185549 https://bugzilla.suse.com/1185586 https://bugzilla.suse.com/1185587 From sle-updates at lists.suse.com Wed May 12 13:25:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:25:46 +0200 (CEST) Subject: SUSE-RU-2021:1567-1: Recommended update for release-notes-ses Message-ID: <20210512132546.5ED10FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1567-1 Rating: low References: #1184009 #933411 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-ses fixes the following issue: - Release notes updated to version 7.0.20210421. (bsc#933411) - Updated note about supported `NFS` versions in `Ganesha`. (bsc#1184009) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-1567=1 Package List: - SUSE Enterprise Storage 7 (noarch): release-notes-ses-7.0.20210421-3.12.1 References: https://bugzilla.suse.com/1184009 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Wed May 12 13:26:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:26:54 +0200 (CEST) Subject: SUSE-SU-2021:1576-1: moderate: Security update for openvpn Message-ID: <20210512132654.656BAFF0F@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1576-1 Rating: moderate References: #1085803 #1185279 Cross-References: CVE-2018-7544 CVE-2020-15078 CVSS scores: CVE-2018-7544 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2018-7544 (SUSE): 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-15078 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication (bsc#1185279). - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface (bsc#1085803). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1576=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): openvpn-2.3.8-16.26.1 openvpn-auth-pam-plugin-2.3.8-16.26.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.26.1 openvpn-debuginfo-2.3.8-16.26.1 openvpn-debugsource-2.3.8-16.26.1 References: https://www.suse.com/security/cve/CVE-2018-7544.html https://www.suse.com/security/cve/CVE-2020-15078.html https://bugzilla.suse.com/1085803 https://bugzilla.suse.com/1185279 From sle-updates at lists.suse.com Wed May 12 13:28:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:28:05 +0200 (CEST) Subject: SUSE-SU-2021:1577-1: moderate: Security update for openvpn Message-ID: <20210512132805.C46AEFF0F@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1577-1 Rating: moderate References: #1085803 #1169925 #1185279 Cross-References: CVE-2018-7544 CVE-2020-11810 CVE-2020-15078 CVSS scores: CVE-2018-7544 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2018-7544 (SUSE): 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-11810 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-15078 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication (bsc#1185279). - CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key (bsc#1169925). - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface (bsc#1085803). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1577=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1577=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): openvpn-2.4.3-5.7.1 openvpn-auth-pam-plugin-2.4.3-5.7.1 openvpn-auth-pam-plugin-debuginfo-2.4.3-5.7.1 openvpn-debuginfo-2.4.3-5.7.1 openvpn-debugsource-2.4.3-5.7.1 openvpn-devel-2.4.3-5.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): openvpn-2.4.3-5.7.1 openvpn-auth-pam-plugin-2.4.3-5.7.1 openvpn-auth-pam-plugin-debuginfo-2.4.3-5.7.1 openvpn-debuginfo-2.4.3-5.7.1 openvpn-debugsource-2.4.3-5.7.1 openvpn-devel-2.4.3-5.7.1 References: https://www.suse.com/security/cve/CVE-2018-7544.html https://www.suse.com/security/cve/CVE-2020-11810.html https://www.suse.com/security/cve/CVE-2020-15078.html https://bugzilla.suse.com/1085803 https://bugzilla.suse.com/1169925 https://bugzilla.suse.com/1185279 From sle-updates at lists.suse.com Wed May 12 13:29:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:29:17 +0200 (CEST) Subject: SUSE-RU-2021:1569-1: important: Recommended update for libreoffice Message-ID: <20210512132917.AF037FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1569-1 Rating: important References: #1184527 #1184596 #1184961 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libreoffice fixes the following issues: Update from version 7.1.2.2 to version 7.1.3.2 - Fix a potential dataloss in LibreOffice Math. (bsc#1184961, bsc#1184527) The issue occurred only while trying to close the document via shortcuts. In this case LibreOffice Math was closed without asking to save the document. - Install `qt5 plugin` only when the desktop environment needs it. (bsc#1184596) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1569=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libreoffice-7.1.3.2-13.18.3 libreoffice-base-7.1.3.2-13.18.3 libreoffice-base-debuginfo-7.1.3.2-13.18.3 libreoffice-base-drivers-postgresql-7.1.3.2-13.18.3 libreoffice-base-drivers-postgresql-debuginfo-7.1.3.2-13.18.3 libreoffice-calc-7.1.3.2-13.18.3 libreoffice-calc-debuginfo-7.1.3.2-13.18.3 libreoffice-calc-extensions-7.1.3.2-13.18.3 libreoffice-debuginfo-7.1.3.2-13.18.3 libreoffice-debugsource-7.1.3.2-13.18.3 libreoffice-draw-7.1.3.2-13.18.3 libreoffice-draw-debuginfo-7.1.3.2-13.18.3 libreoffice-filters-optional-7.1.3.2-13.18.3 libreoffice-gnome-7.1.3.2-13.18.3 libreoffice-gnome-debuginfo-7.1.3.2-13.18.3 libreoffice-gtk3-7.1.3.2-13.18.3 libreoffice-gtk3-debuginfo-7.1.3.2-13.18.3 libreoffice-impress-7.1.3.2-13.18.3 libreoffice-impress-debuginfo-7.1.3.2-13.18.3 libreoffice-mailmerge-7.1.3.2-13.18.3 libreoffice-math-7.1.3.2-13.18.3 libreoffice-math-debuginfo-7.1.3.2-13.18.3 libreoffice-officebean-7.1.3.2-13.18.3 libreoffice-officebean-debuginfo-7.1.3.2-13.18.3 libreoffice-pyuno-7.1.3.2-13.18.3 libreoffice-pyuno-debuginfo-7.1.3.2-13.18.3 libreoffice-writer-7.1.3.2-13.18.3 libreoffice-writer-debuginfo-7.1.3.2-13.18.3 libreoffice-writer-extensions-7.1.3.2-13.18.3 libreofficekit-7.1.3.2-13.18.3 - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): libreoffice-branding-upstream-7.1.3.2-13.18.3 libreoffice-icon-themes-7.1.3.2-13.18.3 libreoffice-l10n-af-7.1.3.2-13.18.3 libreoffice-l10n-ar-7.1.3.2-13.18.3 libreoffice-l10n-as-7.1.3.2-13.18.3 libreoffice-l10n-bg-7.1.3.2-13.18.3 libreoffice-l10n-bn-7.1.3.2-13.18.3 libreoffice-l10n-br-7.1.3.2-13.18.3 libreoffice-l10n-ca-7.1.3.2-13.18.3 libreoffice-l10n-cs-7.1.3.2-13.18.3 libreoffice-l10n-cy-7.1.3.2-13.18.3 libreoffice-l10n-da-7.1.3.2-13.18.3 libreoffice-l10n-de-7.1.3.2-13.18.3 libreoffice-l10n-dz-7.1.3.2-13.18.3 libreoffice-l10n-el-7.1.3.2-13.18.3 libreoffice-l10n-en-7.1.3.2-13.18.3 libreoffice-l10n-eo-7.1.3.2-13.18.3 libreoffice-l10n-es-7.1.3.2-13.18.3 libreoffice-l10n-et-7.1.3.2-13.18.3 libreoffice-l10n-eu-7.1.3.2-13.18.3 libreoffice-l10n-fa-7.1.3.2-13.18.3 libreoffice-l10n-fi-7.1.3.2-13.18.3 libreoffice-l10n-fr-7.1.3.2-13.18.3 libreoffice-l10n-ga-7.1.3.2-13.18.3 libreoffice-l10n-gl-7.1.3.2-13.18.3 libreoffice-l10n-gu-7.1.3.2-13.18.3 libreoffice-l10n-he-7.1.3.2-13.18.3 libreoffice-l10n-hi-7.1.3.2-13.18.3 libreoffice-l10n-hr-7.1.3.2-13.18.3 libreoffice-l10n-hu-7.1.3.2-13.18.3 libreoffice-l10n-it-7.1.3.2-13.18.3 libreoffice-l10n-ja-7.1.3.2-13.18.3 libreoffice-l10n-kk-7.1.3.2-13.18.3 libreoffice-l10n-kn-7.1.3.2-13.18.3 libreoffice-l10n-ko-7.1.3.2-13.18.3 libreoffice-l10n-lt-7.1.3.2-13.18.3 libreoffice-l10n-lv-7.1.3.2-13.18.3 libreoffice-l10n-mai-7.1.3.2-13.18.3 libreoffice-l10n-ml-7.1.3.2-13.18.3 libreoffice-l10n-mr-7.1.3.2-13.18.3 libreoffice-l10n-nb-7.1.3.2-13.18.3 libreoffice-l10n-nl-7.1.3.2-13.18.3 libreoffice-l10n-nn-7.1.3.2-13.18.3 libreoffice-l10n-nr-7.1.3.2-13.18.3 libreoffice-l10n-nso-7.1.3.2-13.18.3 libreoffice-l10n-or-7.1.3.2-13.18.3 libreoffice-l10n-pa-7.1.3.2-13.18.3 libreoffice-l10n-pl-7.1.3.2-13.18.3 libreoffice-l10n-pt_BR-7.1.3.2-13.18.3 libreoffice-l10n-pt_PT-7.1.3.2-13.18.3 libreoffice-l10n-ro-7.1.3.2-13.18.3 libreoffice-l10n-ru-7.1.3.2-13.18.3 libreoffice-l10n-si-7.1.3.2-13.18.3 libreoffice-l10n-sk-7.1.3.2-13.18.3 libreoffice-l10n-sl-7.1.3.2-13.18.3 libreoffice-l10n-sr-7.1.3.2-13.18.3 libreoffice-l10n-ss-7.1.3.2-13.18.3 libreoffice-l10n-st-7.1.3.2-13.18.3 libreoffice-l10n-sv-7.1.3.2-13.18.3 libreoffice-l10n-ta-7.1.3.2-13.18.3 libreoffice-l10n-te-7.1.3.2-13.18.3 libreoffice-l10n-th-7.1.3.2-13.18.3 libreoffice-l10n-tn-7.1.3.2-13.18.3 libreoffice-l10n-tr-7.1.3.2-13.18.3 libreoffice-l10n-ts-7.1.3.2-13.18.3 libreoffice-l10n-uk-7.1.3.2-13.18.3 libreoffice-l10n-ve-7.1.3.2-13.18.3 libreoffice-l10n-xh-7.1.3.2-13.18.3 libreoffice-l10n-zh_CN-7.1.3.2-13.18.3 libreoffice-l10n-zh_TW-7.1.3.2-13.18.3 libreoffice-l10n-zu-7.1.3.2-13.18.3 References: https://bugzilla.suse.com/1184527 https://bugzilla.suse.com/1184596 https://bugzilla.suse.com/1184961 From sle-updates at lists.suse.com Wed May 12 13:30:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:30:30 +0200 (CEST) Subject: SUSE-RU-2021:1566-1: moderate: Recommended update for chrony Message-ID: <20210512133030.24F4EFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for chrony ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1566-1 Rating: moderate References: #1162964 #1184400 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for chrony fixes the following issues: - Fix build with glibc-2.31 (bsc#1162964) - Use /run instead of /var/run for PIDFile in chronyd.service (bsc#1184400) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1566=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1566=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): chrony-3.2-9.21.1 chrony-debuginfo-3.2-9.21.1 chrony-debugsource-3.2-9.21.1 - SUSE MicroOS 5.0 (noarch): chrony-pool-suse-3.2-9.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): chrony-3.2-9.21.1 chrony-debuginfo-3.2-9.21.1 chrony-debugsource-3.2-9.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): chrony-pool-empty-3.2-9.21.1 chrony-pool-suse-3.2-9.21.1 References: https://bugzilla.suse.com/1162964 https://bugzilla.suse.com/1184400 From sle-updates at lists.suse.com Wed May 12 13:31:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:31:36 +0200 (CEST) Subject: SUSE-SU-2021:1572-1: important: Security update for the Linux Kernel Message-ID: <20210512133136.CBB8BFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1572-1 Rating: important References: #1043990 #1046303 #1047233 #1055117 #1056787 #1065729 #1087405 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1101816 #1103990 #1104353 #1109837 #1111981 #1114648 #1118657 #1118661 #1151794 #1152457 #1175306 #1178089 #1180624 #1180846 #1181062 #1181161 #1182613 #1182672 #1183063 #1183203 #1183289 #1184170 #1184194 #1184208 #1184209 #1184211 #1184350 #1184388 #1184509 #1184512 #1184514 #1184647 #1184650 #1184724 #1184731 #1184736 #1184737 #1184738 #1184742 #1184760 #1184942 #1184952 #1184957 #1184984 #1185041 #1185113 #1185195 #1185197 #1185244 #1185269 #1185335 #1185365 #1185472 #1185491 #1185549 Cross-References: CVE-2020-36310 CVE-2020-36312 CVE-2020-36322 CVE-2021-28950 CVE-2021-29155 CVE-2021-29650 CVSS scores: CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36310 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue within virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue within the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue within arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2021-28950: Fixed an issue within fs/fuse/fuse_i.h where a "stall on CPU" could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue within the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211, bnc#1184952). - CVE-2021-3444: Fixed incorrect mod32 BPF verifier truncation (bsc#1184170). The following non-security bugs were fixed: - arm64: PCI: mobiveil: remove driver Prepare to replace it with upstreamed driver - blk-settings: align max_sectors on "logical_block_size" boundary (bsc#1185195). - block: fix use-after-free on cached last_lookup partition (bsc#1181062). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - drivers/perf: thunderx2_pmu: Fix memory resource error handling (git-fixes). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - handle also the opposite type of race condition - i40e: Fix display statistics for veb_tc (bsc#1111981). - i40e: Fix kernel oops when i40e driver removes VF's (bsc#1101816 ). - i40e: Fix sparse warning: missing error code 'err' (jsc#SLE-4797). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: Continue with reset if set link down failed (bsc#1184350 ltc#191533). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Cleanup fltr list in case of allocation issues (bsc#1118661 ). - ice: Fix for dereference of NULL pointer (bsc#1118661 ). - igc: Fix Pause Frame Advertising (jsc#SLE-4799). - igc: Fix Supported Pause Frame Link Setting (jsc#SLE-4799). - igc: reinit_locked() should be called with rtnl_lock (bsc#1118657). - iopoll: introduce read_poll_timeout macro (git-fixes). - isofs: release buffer head before return (bsc#1182613). - kabi: Fix breakage in NVMe driver (bsc#1181161). - kabi: Fix nvmet error log definitions (bsc#1181161). - kabi: nvme: fix fast_io_fail_tmo (bsc#1181161). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1109837). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set the sd clock divisor value above 3 (git-fixes). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1185335). - net: bcmgenet: use hardware padding of runt frames (git-fixes). - net: cxgb4: fix return error value in t4_prep_fw (git-fixes). - net: hns3: clear VF down state bit before request link status (bsc#1104353). - net/mlx5: Fix PBMC register mapping (bsc#1103990). - net/mlx5: Fix placement of log_max_flow_counter (bsc#1046303 ). - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - nvme: add error log page slot definition (bsc#1181161). - nvme-fabrics: allow to queue requests for live queues (bsc#1181161). - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1181161). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme: include admin_q sync with nvme_sync_queues (bsc#1181161). - nvme: introduce "Command Aborted By host" status code (bsc#1181161). - nvme: introduce nvme_is_fabrics to check fabrics cmd (bsc#1181161). - nvme: introduce nvme_sync_io_queues (bsc#1181161). - nvme: make fabrics command run on a separate request queue (bsc#1181161). - nvme-pci: Sync queues on reset (bsc#1181161). - nvme: prevent warning triggered by nvme_stop_keep_alive (bsc#1181161). - nvme-rdma: avoid race between time out and tear down (bsc#1181161). - nvme-rdma: avoid repeated request completion (bsc#1181161). - nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161). - nvme-rdma: fix controller reset hang during traffic (bsc#1181161). - nvme-rdma: fix possible hang when failing to set io queues (bsc#1181161). - nvme-rdma: fix timeout handler (bsc#1181161). - nvme-rdma: serialize controller teardown sequences (bsc#1181161). - nvme: Restart request timers in resetting state (bsc#1181161). - nvmet: add error-log definitions (bsc#1181161). - nvmet: add error log support for fabrics-cmd (bsc#1181161). - nvme-tcp: avoid race between time out and tear down (bsc#1181161). - nvme-tcp: avoid repeated request completion (bsc#1181161). - nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161). - nvme-tcp: fix controller reset hang during traffic (bsc#1181161). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - nvme-tcp: fix timeout handler (bsc#1181161). - nvme-tcp: serialize controller teardown sequences (bsc#1181161). - nvme: unlink head after removing last namespace (bsc#1181161). - ocfs2: fix a use after free on error (bsc#1184738). - ocfs2: fix deadlock between setattr and dio_end_io_write (bsc#1185197). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (). - PCI: mobiveil: Add callback function for interrupt initialization (). - PCI: mobiveil: Add callback function for link up check (). - PCI: mobiveil: Add configured inbound windows counter (). - PCI: mobiveil: Add Header Type field check (). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (). - PCI: mobiveil: Add upper 32-bit CPU base address setup in outbound window (). - PCI: mobiveil: Add upper 32-bit PCI base address setup in inbound window (). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (). - PCI: mobiveil: Clean-up program_{ib/ob}_windows() (). - PCI: mobiveil: Clear the control fields before updating it (). - PCI: mobiveil: Collect the interrupt related operations into a function (). - PCI: mobiveil: Fix csr_read()/write() build issue (). - PCI: mobiveil: Fix devfn check in mobiveil_pcie_valid_device() (). - PCI: mobiveil: Fix error return values (). - PCI: mobiveil: Fix infinite-loop in the INTx handling function (). - PCI: mobiveil: Fix INTx interrupt clearing in mobiveil_pcie_isr() (). - PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows (). - PCI: mobiveil: Fix the Class Code field (). - PCI: mobiveil: Fix the CPU base address setup in inbound window (). - PCI: mobiveil: Fix the valid check for inbound and outbound windows (). - PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers (). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (). - PCI: mobiveil: Make some register updates more readable (). - PCI: mobiveil: Mask out hardcoded bits in inbound/outbound windows setup (). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (). - PCI: mobiveil: Move IRQ chained handler setup out of DT parse (). - PCI: mobiveil: Move PCIe PIO enablement out of inbound window routine (). - PCI: mobiveil: Move the host initialization into a function (). - PCI: mobiveil: Move the link up waiting out of mobiveil_host_init() (). - PCI: mobiveil: Refactor the MEM/IO outbound window initialization (). - PCI: mobiveil: Reformat the code for readability (). - PCI: mobiveil: Remove an unnecessary return value check (). - PCI: mobiveil: Remove the flag MSI_FLAG_MULTI_PCI_MSI (). - PCI: mobiveil: Unify register accessors (). - PCI: mobiveil: Update the resource list traversal function (). - PCI: mobiveil: Use pci_parse_request_of_pci_ranges() (). - PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions (). - PCI: mobiveil: Use WIN_NUM_0 explicitly for CFG outbound window (). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)" This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (git-fixes). - sch_red: fix off-by-one checks in red_check_params() (bsc1056787). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: libsas: docs: Remove notify_ha_event() (git-fixes). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1185491). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes). - smsc95xx: check return value of smsc95xx_reset (git-fixes). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (git-fixes). - stop_machine: mark helpers __always_inline (bsc#1087405 git-fixes). - struct usbip_device kABI fixup (git-fixes). - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixe). - usbip: fix vudc to check for stream socket (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (bsc#1109837). - video: hyperv_fb: Fix a double free in hvfb_probe (bsc#1175306, git-fixes). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1114648). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1114648). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1114648). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1114648). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1114648). - xdp: fix xdp_return_frame() kernel BUG throw for page_pool memory model (bsc#1109837). - xhci: Improve detection of device initiated wake signal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1572=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.56.1 kernel-source-azure-4.12.14-16.56.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.56.1 kernel-azure-base-4.12.14-16.56.1 kernel-azure-base-debuginfo-4.12.14-16.56.1 kernel-azure-debuginfo-4.12.14-16.56.1 kernel-azure-debugsource-4.12.14-16.56.1 kernel-azure-devel-4.12.14-16.56.1 kernel-syms-azure-4.12.14-16.56.1 References: https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-29155.html https://www.suse.com/security/cve/CVE-2021-29650.html https://bugzilla.suse.com/1043990 https://bugzilla.suse.com/1046303 https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1087405 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1101816 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1118657 https://bugzilla.suse.com/1118661 https://bugzilla.suse.com/1151794 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1175306 https://bugzilla.suse.com/1178089 https://bugzilla.suse.com/1180624 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1181062 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1182613 https://bugzilla.suse.com/1182672 https://bugzilla.suse.com/1183063 https://bugzilla.suse.com/1183203 https://bugzilla.suse.com/1183289 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184647 https://bugzilla.suse.com/1184650 https://bugzilla.suse.com/1184724 https://bugzilla.suse.com/1184731 https://bugzilla.suse.com/1184736 https://bugzilla.suse.com/1184737 https://bugzilla.suse.com/1184738 https://bugzilla.suse.com/1184742 https://bugzilla.suse.com/1184760 https://bugzilla.suse.com/1184942 https://bugzilla.suse.com/1184952 https://bugzilla.suse.com/1184957 https://bugzilla.suse.com/1184984 https://bugzilla.suse.com/1185041 https://bugzilla.suse.com/1185113 https://bugzilla.suse.com/1185195 https://bugzilla.suse.com/1185197 https://bugzilla.suse.com/1185244 https://bugzilla.suse.com/1185269 https://bugzilla.suse.com/1185335 https://bugzilla.suse.com/1185365 https://bugzilla.suse.com/1185472 https://bugzilla.suse.com/1185491 https://bugzilla.suse.com/1185549 From sle-updates at lists.suse.com Wed May 12 13:38:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:38:26 +0200 (CEST) Subject: SUSE-SU-2021:1573-1: important: Security update for the Linux Kernel Message-ID: <20210512133826.D6E75FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1573-1 Rating: important References: #1047233 #1173485 #1176720 #1177411 #1178181 #1179454 #1181032 #1182672 #1182715 #1182716 #1182717 #1183022 #1183063 #1183069 #1183509 #1183593 #1183646 #1183686 #1183696 #1183775 #1184120 #1184167 #1184168 #1184170 #1184192 #1184193 #1184194 #1184196 #1184198 #1184208 #1184211 #1184388 #1184391 #1184393 #1184397 #1184509 #1184511 #1184512 #1184514 #1184583 #1184650 #1184942 #1185113 #1185244 #1185248 Cross-References: CVE-2020-0433 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVSS scores: CVE-2020-0433 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0433 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27170 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27171 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27673 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36310 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-20219 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28038 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29647 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 35 vulnerabilities and has 10 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a "stall on CPU" could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193). - CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170). - CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192). - CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775). - CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696). - CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). The following non-security bugs were fixed: - Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)" This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032). - hv_netvsc: remove ndo_poll_controller (bsc#1185248). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514). - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1573=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1573=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-1573=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1573=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1573=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-1573=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150.72.1 kernel-default-base-4.12.14-150.72.1 kernel-default-debuginfo-4.12.14-150.72.1 kernel-default-debugsource-4.12.14-150.72.1 kernel-default-devel-4.12.14-150.72.1 kernel-default-devel-debuginfo-4.12.14-150.72.1 kernel-obs-build-4.12.14-150.72.1 kernel-obs-build-debugsource-4.12.14-150.72.1 kernel-syms-4.12.14-150.72.1 kernel-vanilla-base-4.12.14-150.72.1 kernel-vanilla-base-debuginfo-4.12.14-150.72.1 kernel-vanilla-debuginfo-4.12.14-150.72.1 kernel-vanilla-debugsource-4.12.14-150.72.1 reiserfs-kmp-default-4.12.14-150.72.1 reiserfs-kmp-default-debuginfo-4.12.14-150.72.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150.72.1 kernel-docs-4.12.14-150.72.2 kernel-macros-4.12.14-150.72.1 kernel-source-4.12.14-150.72.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150.72.1 kernel-default-base-4.12.14-150.72.1 kernel-default-debuginfo-4.12.14-150.72.1 kernel-default-debugsource-4.12.14-150.72.1 kernel-default-devel-4.12.14-150.72.1 kernel-default-devel-debuginfo-4.12.14-150.72.1 kernel-obs-build-4.12.14-150.72.1 kernel-obs-build-debugsource-4.12.14-150.72.1 kernel-syms-4.12.14-150.72.1 kernel-vanilla-base-4.12.14-150.72.1 kernel-vanilla-base-debuginfo-4.12.14-150.72.1 kernel-vanilla-debuginfo-4.12.14-150.72.1 kernel-vanilla-debugsource-4.12.14-150.72.1 reiserfs-kmp-default-4.12.14-150.72.1 reiserfs-kmp-default-debuginfo-4.12.14-150.72.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150.72.1 kernel-docs-4.12.14-150.72.2 kernel-macros-4.12.14-150.72.1 kernel-source-4.12.14-150.72.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150.72.1 kernel-zfcpdump-debuginfo-4.12.14-150.72.1 kernel-zfcpdump-debugsource-4.12.14-150.72.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.72.1 kernel-default-debugsource-4.12.14-150.72.1 kernel-default-livepatch-4.12.14-150.72.1 kernel-livepatch-4_12_14-150_72-default-1-1.3.1 kernel-livepatch-4_12_14-150_72-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150.72.1 kernel-default-base-4.12.14-150.72.1 kernel-default-debuginfo-4.12.14-150.72.1 kernel-default-debugsource-4.12.14-150.72.1 kernel-default-devel-4.12.14-150.72.1 kernel-default-devel-debuginfo-4.12.14-150.72.1 kernel-obs-build-4.12.14-150.72.1 kernel-obs-build-debugsource-4.12.14-150.72.1 kernel-syms-4.12.14-150.72.1 kernel-vanilla-base-4.12.14-150.72.1 kernel-vanilla-base-debuginfo-4.12.14-150.72.1 kernel-vanilla-debuginfo-4.12.14-150.72.1 kernel-vanilla-debugsource-4.12.14-150.72.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150.72.1 kernel-docs-4.12.14-150.72.2 kernel-macros-4.12.14-150.72.1 kernel-source-4.12.14-150.72.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150.72.1 kernel-default-base-4.12.14-150.72.1 kernel-default-debuginfo-4.12.14-150.72.1 kernel-default-debugsource-4.12.14-150.72.1 kernel-default-devel-4.12.14-150.72.1 kernel-default-devel-debuginfo-4.12.14-150.72.1 kernel-obs-build-4.12.14-150.72.1 kernel-obs-build-debugsource-4.12.14-150.72.1 kernel-syms-4.12.14-150.72.1 kernel-vanilla-base-4.12.14-150.72.1 kernel-vanilla-base-debuginfo-4.12.14-150.72.1 kernel-vanilla-debuginfo-4.12.14-150.72.1 kernel-vanilla-debugsource-4.12.14-150.72.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150.72.1 kernel-docs-4.12.14-150.72.2 kernel-macros-4.12.14-150.72.1 kernel-source-4.12.14-150.72.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.72.1 cluster-md-kmp-default-debuginfo-4.12.14-150.72.1 dlm-kmp-default-4.12.14-150.72.1 dlm-kmp-default-debuginfo-4.12.14-150.72.1 gfs2-kmp-default-4.12.14-150.72.1 gfs2-kmp-default-debuginfo-4.12.14-150.72.1 kernel-default-debuginfo-4.12.14-150.72.1 kernel-default-debugsource-4.12.14-150.72.1 ocfs2-kmp-default-4.12.14-150.72.1 ocfs2-kmp-default-debuginfo-4.12.14-150.72.1 References: https://www.suse.com/security/cve/CVE-2020-0433.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-27170.html https://www.suse.com/security/cve/CVE-2020-27171.html https://www.suse.com/security/cve/CVE-2020-27673.html https://www.suse.com/security/cve/CVE-2020-27815.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-20219.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-28964.html https://www.suse.com/security/cve/CVE-2021-28971.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-29155.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29647.html https://www.suse.com/security/cve/CVE-2021-29650.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3428.html https://www.suse.com/security/cve/CVE-2021-3444.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1176720 https://bugzilla.suse.com/1177411 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1179454 https://bugzilla.suse.com/1181032 https://bugzilla.suse.com/1182672 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183063 https://bugzilla.suse.com/1183069 https://bugzilla.suse.com/1183509 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183686 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1183775 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184192 https://bugzilla.suse.com/1184193 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184196 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184397 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184583 https://bugzilla.suse.com/1184650 https://bugzilla.suse.com/1184942 https://bugzilla.suse.com/1185113 https://bugzilla.suse.com/1185244 https://bugzilla.suse.com/1185248 From sle-updates at lists.suse.com Wed May 12 13:43:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:43:02 +0200 (CEST) Subject: SUSE-RU-2021:1568-1: moderate: Recommended update for yast2 Message-ID: <20210512134302.B3EEBFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1568-1 Rating: moderate References: #1184131 #1184887 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2 and yast2-security fixes the following issues: Changes in yast2: Update to version 4.2.93: - In `ShadowConfig` module consider only the `/etc/login.defs` file and ignore the `/etc/login.defs.d/`. (bsc#1184131) Changes in yast2-security: Update to version 4.2.25: - Write shadow configuration to `/etc/login.defs` ignoring the `/etc/login.defs.d`. (bsc#1184131) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1568=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1568=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-1568=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): yast2-logs-4.2.93-3.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.93-3.27.1 yast2-logs-4.2.93-3.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-security-4.2.25-3.27.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.93-3.27.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): yast2-security-4.2.25-3.27.1 References: https://bugzilla.suse.com/1184131 https://bugzilla.suse.com/1184887 From sle-updates at lists.suse.com Wed May 12 13:44:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:44:01 +0200 (CEST) Subject: SUSE-SU-2021:14723-1: moderate: Security update for openvpn-openssl1 Message-ID: <20210512134401.2AA64FF0F@maintenance.suse.de> SUSE Security Update: Security update for openvpn-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14723-1 Rating: moderate References: #1085803 #1185279 Cross-References: CVE-2018-7544 CVE-2020-15078 CVSS scores: CVE-2018-7544 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2018-7544 (SUSE): 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-15078 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openvpn-openssl1 fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication (bsc#1185279). - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface (bsc#1085803). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openvpn-openssl1-14723=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): openvpn-openssl1-2.3.2-0.10.9.1 openvpn-openssl1-down-root-plugin-2.3.2-0.10.9.1 References: https://www.suse.com/security/cve/CVE-2018-7544.html https://www.suse.com/security/cve/CVE-2020-15078.html https://bugzilla.suse.com/1085803 https://bugzilla.suse.com/1185279 From sle-updates at lists.suse.com Wed May 12 13:45:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:45:45 +0200 (CEST) Subject: SUSE-SU-2021:1580-1: important: Security update for xen Message-ID: <20210512134545.C7985FF0F@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1580-1 Rating: important References: #1183790 #1185021 #1185196 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for xen fixes the following issues: - A recent systemd update caused a regression in 'xenstored.service' systemd now fails to track units that use systemd-notify. (bsc#1183790) - Add a fix to delay between the call to 'systemd-notify' and the final exit of the wrapper script. (bsc#1185021, bsc#1185196) - Run xenstored in a separeately, which will make processing of large and/or concurrent batches of xenstore accesses more robust. (fate#323663) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1580=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1580=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_10-3.42.1 xen-devel-4.12.4_10-3.42.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_10-3.42.1 xen-debugsource-4.12.4_10-3.42.1 xen-doc-html-4.12.4_10-3.42.1 xen-libs-32bit-4.12.4_10-3.42.1 xen-libs-4.12.4_10-3.42.1 xen-libs-debuginfo-32bit-4.12.4_10-3.42.1 xen-libs-debuginfo-4.12.4_10-3.42.1 xen-tools-4.12.4_10-3.42.1 xen-tools-debuginfo-4.12.4_10-3.42.1 xen-tools-domU-4.12.4_10-3.42.1 xen-tools-domU-debuginfo-4.12.4_10-3.42.1 References: https://bugzilla.suse.com/1183790 https://bugzilla.suse.com/1185021 https://bugzilla.suse.com/1185196 From sle-updates at lists.suse.com Wed May 12 13:46:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 15:46:53 +0200 (CEST) Subject: SUSE-SU-2021:1574-1: important: Security update for the Linux Kernel Message-ID: <20210512134653.D3E2DFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1574-1 Rating: important References: #1043990 #1055117 #1065729 #1152457 #1152489 #1156395 #1167260 #1168838 #1174416 #1174426 #1178089 #1179243 #1179851 #1180846 #1181161 #1182613 #1183063 #1183203 #1183289 #1184208 #1184209 #1184436 #1184514 #1184650 #1184724 #1184728 #1184730 #1184731 #1184736 #1184737 #1184738 #1184740 #1184741 #1184742 #1184760 #1184811 #1184893 #1184934 #1184942 #1184957 #1184969 #1184984 #1185041 #1185113 #1185233 #1185244 #1185269 #1185365 #1185454 #1185472 #1185491 #1185549 #1185586 #1185587 Cross-References: CVE-2021-29155 CVE-2021-29650 CVSS scores: CVE-2021-29155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 52 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942). The following non-security bugs were fixed: - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - arm: dts: add imx7d pcf2127 fix to blacklist - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bsg: free the request before return error code (git-fixes). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: qcom: Put child node before return (git-fixes). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm raid: fix discard limits for raid1 (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: prevent ice_open and ice_stop during reset (git-fixes). - igb: check timestamp validity (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iopoll: introduce read_poll_timeout macro (git-fixes). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000" (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - Move upstreamed i915 fix into sorted section - mt7601u: fix always true expression (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mtd: spi-nor: Rename "n25q512a" to "mt25qu512a (n25q512a)" (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - ocfs2: fix a use after free on error (bsc#1184738). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use "aer" variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use "bridge" for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move "dbi" accesses to post common DWC initialization (git-fixes). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rpm/constraints.in: bump disk space to 45GB on riscv64 - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - sata_mv: add IRQ checks (git-fixes). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: fix return value for unsupported ioctls (git-fixes). - usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - vxlan: move debug check after netdev unregister (git-fixes). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1574=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1574=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1574=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1574=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1574=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1574=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1574=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): kernel-default-5.3.18-24.64.1 kernel-default-base-5.3.18-24.64.1.9.28.1 kernel-default-debuginfo-5.3.18-24.64.1 kernel-default-debugsource-5.3.18-24.64.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.64.1 kernel-default-debugsource-5.3.18-24.64.1 kernel-default-extra-5.3.18-24.64.1 kernel-default-extra-debuginfo-5.3.18-24.64.1 kernel-preempt-extra-5.3.18-24.64.1 kernel-preempt-extra-debuginfo-5.3.18-24.64.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.64.1 kernel-default-debugsource-5.3.18-24.64.1 kernel-default-livepatch-5.3.18-24.64.1 kernel-default-livepatch-devel-5.3.18-24.64.1 kernel-livepatch-5_3_18-24_64-default-1-5.3.1 kernel-livepatch-5_3_18-24_64-default-debuginfo-1-5.3.1 kernel-livepatch-SLE15-SP2_Update_13-debugsource-1-5.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.64.1 kernel-default-debugsource-5.3.18-24.64.1 reiserfs-kmp-default-5.3.18-24.64.1 reiserfs-kmp-default-debuginfo-5.3.18-24.64.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.64.1 kernel-obs-build-debugsource-5.3.18-24.64.1 kernel-syms-5.3.18-24.64.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.64.1 kernel-preempt-debugsource-5.3.18-24.64.1 kernel-preempt-devel-5.3.18-24.64.1 kernel-preempt-devel-debuginfo-5.3.18-24.64.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.64.2 kernel-source-5.3.18-24.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.64.1 kernel-default-base-5.3.18-24.64.1.9.28.1 kernel-default-debuginfo-5.3.18-24.64.1 kernel-default-debugsource-5.3.18-24.64.1 kernel-default-devel-5.3.18-24.64.1 kernel-default-devel-debuginfo-5.3.18-24.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.64.1 kernel-preempt-debuginfo-5.3.18-24.64.1 kernel-preempt-debugsource-5.3.18-24.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.64.1 kernel-macros-5.3.18-24.64.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.64.1 cluster-md-kmp-default-debuginfo-5.3.18-24.64.1 dlm-kmp-default-5.3.18-24.64.1 dlm-kmp-default-debuginfo-5.3.18-24.64.1 gfs2-kmp-default-5.3.18-24.64.1 gfs2-kmp-default-debuginfo-5.3.18-24.64.1 kernel-default-debuginfo-5.3.18-24.64.1 kernel-default-debugsource-5.3.18-24.64.1 ocfs2-kmp-default-5.3.18-24.64.1 ocfs2-kmp-default-debuginfo-5.3.18-24.64.1 References: https://www.suse.com/security/cve/CVE-2021-29155.html https://www.suse.com/security/cve/CVE-2021-29650.html https://bugzilla.suse.com/1043990 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1167260 https://bugzilla.suse.com/1168838 https://bugzilla.suse.com/1174416 https://bugzilla.suse.com/1174426 https://bugzilla.suse.com/1178089 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1179851 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1182613 https://bugzilla.suse.com/1183063 https://bugzilla.suse.com/1183203 https://bugzilla.suse.com/1183289 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1184436 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184650 https://bugzilla.suse.com/1184724 https://bugzilla.suse.com/1184728 https://bugzilla.suse.com/1184730 https://bugzilla.suse.com/1184731 https://bugzilla.suse.com/1184736 https://bugzilla.suse.com/1184737 https://bugzilla.suse.com/1184738 https://bugzilla.suse.com/1184740 https://bugzilla.suse.com/1184741 https://bugzilla.suse.com/1184742 https://bugzilla.suse.com/1184760 https://bugzilla.suse.com/1184811 https://bugzilla.suse.com/1184893 https://bugzilla.suse.com/1184934 https://bugzilla.suse.com/1184942 https://bugzilla.suse.com/1184957 https://bugzilla.suse.com/1184969 https://bugzilla.suse.com/1184984 https://bugzilla.suse.com/1185041 https://bugzilla.suse.com/1185113 https://bugzilla.suse.com/1185233 https://bugzilla.suse.com/1185244 https://bugzilla.suse.com/1185269 https://bugzilla.suse.com/1185365 https://bugzilla.suse.com/1185454 https://bugzilla.suse.com/1185472 https://bugzilla.suse.com/1185491 https://bugzilla.suse.com/1185549 https://bugzilla.suse.com/1185586 https://bugzilla.suse.com/1185587 From sle-updates at lists.suse.com Wed May 12 16:15:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:15:49 +0200 (CEST) Subject: SUSE-RU-2021:1581-1: moderate: Recommended update for yast2-ntp-client Message-ID: <20210512161549.CB543FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1581-1 Rating: moderate References: #1185545 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-ntp-client fixes the following issues: - Adapted proposal client returning the dhcp ntp servers as string. (bsc#1185545) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1581=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-ntp-client-4.2.12-3.3.1 References: https://bugzilla.suse.com/1185545 From sle-updates at lists.suse.com Wed May 12 16:16:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:16:53 +0200 (CEST) Subject: SUSE-RU-2021:1585-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20210512161653.0CB05FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1585-1 Rating: moderate References: #1182779 #1185198 #1185234 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Added a fix when the zypper lock is acquired by another process. In that case cloud-regionsrv-client will now wait up to 30 seconds for that lock to be freed (bsc#1182779, bsc#1185234, bsc#1185198) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-1585=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-9.1.5-52.50.1 cloud-regionsrv-client-generic-config-1.0.0-52.50.1 cloud-regionsrv-client-plugin-azure-1.0.1-52.50.1 cloud-regionsrv-client-plugin-ec2-1.0.1-52.50.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.50.1 References: https://bugzilla.suse.com/1182779 https://bugzilla.suse.com/1185198 https://bugzilla.suse.com/1185234 From sle-updates at lists.suse.com Wed May 12 16:18:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:18:03 +0200 (CEST) Subject: SUSE-RU-2021:1586-1: moderate: Recommended update for python3-azuremetadata Message-ID: <20210512161803.0AEDCFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-azuremetadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1586-1 Rating: moderate References: #1172581 #1184720 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-azuremetadata fixes the following issues: - Fixed an issue where SUSEConnect was unable to set cloud_provider when registering an instance the first time (bsc#1172581) - When querying the metdata server for access verification via a proxy, the wrong data was delivered. This has been fixed (bsc#1184720) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-1586=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python3-azuremetadata-5.1.4-1.18.1 References: https://bugzilla.suse.com/1172581 https://bugzilla.suse.com/1184720 From sle-updates at lists.suse.com Wed May 12 16:19:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:19:12 +0200 (CEST) Subject: SUSE-RU-2021:1583-1: moderate: Recommended update for sensors Message-ID: <20210512161912.0CB1AFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for sensors ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1583-1 Rating: moderate References: #1185183 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sensors fixes the following issues: - Change PIDFile path from '/var/run' to '/run' as the it is deprecated. (bsc#1185183) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1583=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1583=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1583=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1583=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libsensors4-32bit-3.5.0-4.6.1 libsensors4-32bit-debuginfo-3.5.0-4.6.1 sensors-debugsource-3.5.0-4.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libsensors4-32bit-3.5.0-4.6.1 libsensors4-32bit-debuginfo-3.5.0-4.6.1 sensors-debugsource-3.5.0-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le x86_64): libsensors4-3.5.0-4.6.1 libsensors4-debuginfo-3.5.0-4.6.1 libsensors4-devel-3.5.0-4.6.1 sensors-3.5.0-4.6.1 sensors-debuginfo-3.5.0-4.6.1 sensors-debugsource-3.5.0-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le x86_64): libsensors4-3.5.0-4.6.1 libsensors4-debuginfo-3.5.0-4.6.1 libsensors4-devel-3.5.0-4.6.1 sensors-3.5.0-4.6.1 sensors-debuginfo-3.5.0-4.6.1 sensors-debugsource-3.5.0-4.6.1 References: https://bugzilla.suse.com/1185183 From sle-updates at lists.suse.com Wed May 12 16:20:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:20:15 +0200 (CEST) Subject: SUSE-RU-2021:1589-1: Recommended update for numactl Message-ID: <20210512162015.84935FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for numactl ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1589-1 Rating: low References: SLE-17217 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for numactl fixes the following issues: - Added bug fixes to enable support for 32 bit systems (jsc#SLE-17217) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1589=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1589=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libnuma1-2.0.14-4.6.1 libnuma1-debuginfo-2.0.14-4.6.1 numactl-debuginfo-2.0.14-4.6.1 numactl-debugsource-2.0.14-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libnuma-devel-2.0.14-4.6.1 libnuma1-2.0.14-4.6.1 libnuma1-debuginfo-2.0.14-4.6.1 numactl-2.0.14-4.6.1 numactl-debuginfo-2.0.14-4.6.1 numactl-debugsource-2.0.14-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libnuma1-32bit-2.0.14-4.6.1 libnuma1-32bit-debuginfo-2.0.14-4.6.1 References: From sle-updates at lists.suse.com Wed May 12 16:21:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:21:14 +0200 (CEST) Subject: SUSE-OU-2021:1591-1: Optional update for apache2-mod_auth_openidc Message-ID: <20210512162114.B98F5FF0F@maintenance.suse.de> SUSE Optional Update: Optional update for apache2-mod_auth_openidc ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:1591-1 Rating: low References: SLE-11726 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This update for apache2-mod_auth_openidc fixes the following issues: - Avoid pulling hiredis-devel during build time (jsc#SLE-11726) This patch is optional to install and does not address any user visible issues. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1591=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_openidc-2.3.8-3.10.1 apache2-mod_auth_openidc-debuginfo-2.3.8-3.10.1 apache2-mod_auth_openidc-debugsource-2.3.8-3.10.1 References: From sle-updates at lists.suse.com Wed May 12 16:22:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:22:15 +0200 (CEST) Subject: SUSE-RU-2021:1582-1: moderate: Recommended update for lvm2 Message-ID: <20210512162215.03BA6FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1582-1 Rating: moderate References: #1184687 #1185190 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on "pvscan --cache -aay". (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1582=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1582=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1582=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-1582=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1582=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): device-mapper-1.02.163-8.30.1 device-mapper-debuginfo-1.02.163-8.30.1 libdevmapper-event1_03-1.02.163-8.30.1 libdevmapper-event1_03-debuginfo-1.02.163-8.30.1 libdevmapper1_03-1.02.163-8.30.1 libdevmapper1_03-debuginfo-1.02.163-8.30.1 liblvm2cmd2_03-2.03.05-8.30.1 liblvm2cmd2_03-debuginfo-2.03.05-8.30.1 lvm2-2.03.05-8.30.1 lvm2-debuginfo-2.03.05-8.30.1 lvm2-debugsource-2.03.05-8.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.163-8.30.1 device-mapper-debuginfo-1.02.163-8.30.1 device-mapper-devel-1.02.163-8.30.1 libdevmapper-event1_03-1.02.163-8.30.1 libdevmapper-event1_03-debuginfo-1.02.163-8.30.1 libdevmapper1_03-1.02.163-8.30.1 libdevmapper1_03-debuginfo-1.02.163-8.30.1 liblvm2cmd2_03-2.03.05-8.30.1 liblvm2cmd2_03-debuginfo-2.03.05-8.30.1 lvm2-2.03.05-8.30.1 lvm2-debuginfo-2.03.05-8.30.1 lvm2-debugsource-2.03.05-8.30.1 lvm2-devel-2.03.05-8.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libdevmapper1_03-32bit-1.02.163-8.30.1 libdevmapper1_03-32bit-debuginfo-1.02.163-8.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.163-8.30.1 device-mapper-debuginfo-1.02.163-8.30.1 device-mapper-devel-1.02.163-8.30.1 libdevmapper-event1_03-1.02.163-8.30.1 libdevmapper-event1_03-debuginfo-1.02.163-8.30.1 libdevmapper1_03-1.02.163-8.30.1 libdevmapper1_03-debuginfo-1.02.163-8.30.1 liblvm2cmd2_03-2.03.05-8.30.1 liblvm2cmd2_03-debuginfo-2.03.05-8.30.1 lvm2-2.03.05-8.30.1 lvm2-debuginfo-2.03.05-8.30.1 lvm2-debugsource-2.03.05-8.30.1 lvm2-devel-2.03.05-8.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdevmapper1_03-32bit-1.02.163-8.30.1 libdevmapper1_03-32bit-debuginfo-1.02.163-8.30.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-8.30.1 lvm2-lockd-debuginfo-2.03.05-8.30.1 lvm2-lvmlockd-debugsource-2.03.05-8.30.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-8.30.1 lvm2-lockd-debuginfo-2.03.05-8.30.1 lvm2-lvmlockd-debugsource-2.03.05-8.30.1 References: https://bugzilla.suse.com/1184687 https://bugzilla.suse.com/1185190 From sle-updates at lists.suse.com Wed May 12 16:23:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:23:25 +0200 (CEST) Subject: SUSE-OU-2021:1592-1: Optional update for sed Message-ID: <20210512162325.F3F2EFF0F@maintenance.suse.de> SUSE Optional Update: Optional update for sed ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:1592-1 Rating: low References: #1183797 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1592=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1592=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): sed-4.4-4.3.1 sed-debuginfo-4.4-4.3.1 sed-debugsource-4.4-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): sed-4.4-4.3.1 sed-debuginfo-4.4-4.3.1 sed-debugsource-4.4-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): sed-lang-4.4-4.3.1 References: https://bugzilla.suse.com/1183797 From sle-updates at lists.suse.com Wed May 12 16:24:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:24:31 +0200 (CEST) Subject: SUSE-RU-2021:1587-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20210512162431.BFCF8FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1587-1 Rating: moderate References: #1182779 #1185198 #1185234 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Added a fix when the zypper lock is acquired by another process. In that case cloud-regionsrv-client will now wait up to 30 seconds for that lock to be freed (bsc#1182779, bsc#1185234, bsc#1185198) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-1587=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1587=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-1587=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-client-9.1.5-6.43.1 cloud-regionsrv-client-generic-config-1.0.0-6.43.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.43.1 cloud-regionsrv-client-plugin-ec2-1.0.1-6.43.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.43.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-9.1.5-6.43.1 cloud-regionsrv-client-generic-config-1.0.0-6.43.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.43.1 cloud-regionsrv-client-plugin-ec2-1.0.1-6.43.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.43.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-9.1.5-6.43.1 cloud-regionsrv-client-generic-config-1.0.0-6.43.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.43.1 cloud-regionsrv-client-plugin-ec2-1.0.1-6.43.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.43.1 References: https://bugzilla.suse.com/1182779 https://bugzilla.suse.com/1185198 https://bugzilla.suse.com/1185234 From sle-updates at lists.suse.com Wed May 12 16:25:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:25:48 +0200 (CEST) Subject: SUSE-RU-2021:1590-1: moderate: Recommended update for release-notes-sles Message-ID: <20210512162548.57187FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1590-1 Rating: moderate References: #1178261 #1185065 SLE-11590 SLE-12799 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has two recommended fixes and contains two features can now be installed. Description: This update for release-notes-sles fixes the following issues: - 15.0.20210421 (tracked in bsc#1185065) - Added note about Salt 3000 (jsc#SLE-12799) - Added note about LibreOffice 6.4 (jsc#SLE-11590) - Added note about AutoYaST profile changes (bsc#1178261) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1590=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1590=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2021-1590=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): release-notes-sles-15.0.20210421-3.21.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): release-notes-sles-15.0.20210421-3.21.1 - SUSE Linux Enterprise Installer 15 (noarch): release-notes-sles-15.0.20210421-3.21.1 References: https://bugzilla.suse.com/1178261 https://bugzilla.suse.com/1185065 From sle-updates at lists.suse.com Wed May 12 16:27:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:27:00 +0200 (CEST) Subject: SUSE-RU-2021:1588-1: moderate: Recommended update for python3-azuremetadata Message-ID: <20210512162700.70564FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-azuremetadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1588-1 Rating: moderate References: #1172581 #1184720 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-azuremetadata fixes the following issues: - Fixed an issue where SUSEConnect was unable to set cloud_provider when registering an instance the first time (bsc#1172581) - When querying the metdata server for access verification via a proxy, the wrong data was delivered. This has been fixed (bsc#1184720) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-1588=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1588=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-1588=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python3-azuremetadata-5.1.4-1.19.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-azuremetadata-5.1.4-1.19.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-azuremetadata-5.1.4-1.19.1 References: https://bugzilla.suse.com/1172581 https://bugzilla.suse.com/1184720 From sle-updates at lists.suse.com Wed May 12 16:28:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 May 2021 18:28:10 +0200 (CEST) Subject: SUSE-RU-2021:1584-1: moderate: Recommended update for sssd Message-ID: <20210512162810.83FBEFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1584-1 Rating: moderate References: #1182230 ECO-3436 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for sssd fixes the following issues: - Install infopipe dbus service in SLE12. (bsc#1182230, jsc#ECO-3436) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1584=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1584=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1584=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1584=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libipa_hbac0-1.16.1-4.35.3 libipa_hbac0-debuginfo-1.16.1-4.35.3 libsss_certmap0-1.16.1-4.35.3 libsss_certmap0-debuginfo-1.16.1-4.35.3 libsss_idmap0-1.16.1-4.35.3 libsss_idmap0-debuginfo-1.16.1-4.35.3 libsss_nss_idmap0-1.16.1-4.35.3 libsss_nss_idmap0-debuginfo-1.16.1-4.35.3 libsss_simpleifp0-1.16.1-4.35.3 libsss_simpleifp0-debuginfo-1.16.1-4.35.3 python-sssd-config-1.16.1-4.35.3 python-sssd-config-debuginfo-1.16.1-4.35.3 sssd-1.16.1-4.35.3 sssd-32bit-1.16.1-4.35.3 sssd-ad-1.16.1-4.35.3 sssd-ad-debuginfo-1.16.1-4.35.3 sssd-dbus-1.16.1-4.35.3 sssd-dbus-debuginfo-1.16.1-4.35.3 sssd-debuginfo-1.16.1-4.35.3 sssd-debuginfo-32bit-1.16.1-4.35.3 sssd-debugsource-1.16.1-4.35.3 sssd-ipa-1.16.1-4.35.3 sssd-ipa-debuginfo-1.16.1-4.35.3 sssd-krb5-1.16.1-4.35.3 sssd-krb5-common-1.16.1-4.35.3 sssd-krb5-common-debuginfo-1.16.1-4.35.3 sssd-krb5-debuginfo-1.16.1-4.35.3 sssd-ldap-1.16.1-4.35.3 sssd-ldap-debuginfo-1.16.1-4.35.3 sssd-proxy-1.16.1-4.35.3 sssd-proxy-debuginfo-1.16.1-4.35.3 sssd-tools-1.16.1-4.35.3 sssd-tools-debuginfo-1.16.1-4.35.3 - SUSE OpenStack Cloud 9 (x86_64): libipa_hbac0-1.16.1-4.35.3 libipa_hbac0-debuginfo-1.16.1-4.35.3 libsss_certmap0-1.16.1-4.35.3 libsss_certmap0-debuginfo-1.16.1-4.35.3 libsss_idmap0-1.16.1-4.35.3 libsss_idmap0-debuginfo-1.16.1-4.35.3 libsss_nss_idmap0-1.16.1-4.35.3 libsss_nss_idmap0-debuginfo-1.16.1-4.35.3 libsss_simpleifp0-1.16.1-4.35.3 libsss_simpleifp0-debuginfo-1.16.1-4.35.3 python-sssd-config-1.16.1-4.35.3 python-sssd-config-debuginfo-1.16.1-4.35.3 sssd-1.16.1-4.35.3 sssd-32bit-1.16.1-4.35.3 sssd-ad-1.16.1-4.35.3 sssd-ad-debuginfo-1.16.1-4.35.3 sssd-dbus-1.16.1-4.35.3 sssd-dbus-debuginfo-1.16.1-4.35.3 sssd-debuginfo-1.16.1-4.35.3 sssd-debuginfo-32bit-1.16.1-4.35.3 sssd-debugsource-1.16.1-4.35.3 sssd-ipa-1.16.1-4.35.3 sssd-ipa-debuginfo-1.16.1-4.35.3 sssd-krb5-1.16.1-4.35.3 sssd-krb5-common-1.16.1-4.35.3 sssd-krb5-common-debuginfo-1.16.1-4.35.3 sssd-krb5-debuginfo-1.16.1-4.35.3 sssd-ldap-1.16.1-4.35.3 sssd-ldap-debuginfo-1.16.1-4.35.3 sssd-proxy-1.16.1-4.35.3 sssd-proxy-debuginfo-1.16.1-4.35.3 sssd-tools-1.16.1-4.35.3 sssd-tools-debuginfo-1.16.1-4.35.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libipa_hbac0-1.16.1-4.35.3 libipa_hbac0-debuginfo-1.16.1-4.35.3 libsss_certmap0-1.16.1-4.35.3 libsss_certmap0-debuginfo-1.16.1-4.35.3 libsss_idmap0-1.16.1-4.35.3 libsss_idmap0-debuginfo-1.16.1-4.35.3 libsss_nss_idmap0-1.16.1-4.35.3 libsss_nss_idmap0-debuginfo-1.16.1-4.35.3 libsss_simpleifp0-1.16.1-4.35.3 libsss_simpleifp0-debuginfo-1.16.1-4.35.3 python-sssd-config-1.16.1-4.35.3 python-sssd-config-debuginfo-1.16.1-4.35.3 sssd-1.16.1-4.35.3 sssd-ad-1.16.1-4.35.3 sssd-ad-debuginfo-1.16.1-4.35.3 sssd-dbus-1.16.1-4.35.3 sssd-dbus-debuginfo-1.16.1-4.35.3 sssd-debuginfo-1.16.1-4.35.3 sssd-debugsource-1.16.1-4.35.3 sssd-ipa-1.16.1-4.35.3 sssd-ipa-debuginfo-1.16.1-4.35.3 sssd-krb5-1.16.1-4.35.3 sssd-krb5-common-1.16.1-4.35.3 sssd-krb5-common-debuginfo-1.16.1-4.35.3 sssd-krb5-debuginfo-1.16.1-4.35.3 sssd-ldap-1.16.1-4.35.3 sssd-ldap-debuginfo-1.16.1-4.35.3 sssd-proxy-1.16.1-4.35.3 sssd-proxy-debuginfo-1.16.1-4.35.3 sssd-tools-1.16.1-4.35.3 sssd-tools-debuginfo-1.16.1-4.35.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): sssd-32bit-1.16.1-4.35.3 sssd-debuginfo-32bit-1.16.1-4.35.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-4.35.3 libipa_hbac0-debuginfo-1.16.1-4.35.3 libsss_certmap0-1.16.1-4.35.3 libsss_certmap0-debuginfo-1.16.1-4.35.3 libsss_idmap0-1.16.1-4.35.3 libsss_idmap0-debuginfo-1.16.1-4.35.3 libsss_nss_idmap0-1.16.1-4.35.3 libsss_nss_idmap0-debuginfo-1.16.1-4.35.3 libsss_simpleifp0-1.16.1-4.35.3 libsss_simpleifp0-debuginfo-1.16.1-4.35.3 python-sssd-config-1.16.1-4.35.3 python-sssd-config-debuginfo-1.16.1-4.35.3 sssd-1.16.1-4.35.3 sssd-ad-1.16.1-4.35.3 sssd-ad-debuginfo-1.16.1-4.35.3 sssd-dbus-1.16.1-4.35.3 sssd-dbus-debuginfo-1.16.1-4.35.3 sssd-debuginfo-1.16.1-4.35.3 sssd-debugsource-1.16.1-4.35.3 sssd-ipa-1.16.1-4.35.3 sssd-ipa-debuginfo-1.16.1-4.35.3 sssd-krb5-1.16.1-4.35.3 sssd-krb5-common-1.16.1-4.35.3 sssd-krb5-common-debuginfo-1.16.1-4.35.3 sssd-krb5-debuginfo-1.16.1-4.35.3 sssd-ldap-1.16.1-4.35.3 sssd-ldap-debuginfo-1.16.1-4.35.3 sssd-proxy-1.16.1-4.35.3 sssd-proxy-debuginfo-1.16.1-4.35.3 sssd-tools-1.16.1-4.35.3 sssd-tools-debuginfo-1.16.1-4.35.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): sssd-32bit-1.16.1-4.35.3 sssd-debuginfo-32bit-1.16.1-4.35.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): libsss_nss_idmap-devel-1.16.1-4.35.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): libsss_idmap-devel-1.16.1-4.35.3 References: https://bugzilla.suse.com/1182230 From sle-updates at lists.suse.com Wed May 12 22:16:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 00:16:17 +0200 (CEST) Subject: SUSE-RU-2021:14725-1: important: Recommended update for tomcat6 Message-ID: <20210512221617.B6D66FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14725-1 Rating: important References: #1185639 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tomcat6 fixes the following issues: - Fix a malformed path issue that prevented several web apps from being deployed successfully. [bsc#1185639] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-tomcat6-14725=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tomcat6-14725=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): tomcat6-6.0.53-0.57.22.1 tomcat6-admin-webapps-6.0.53-0.57.22.1 tomcat6-docs-webapp-6.0.53-0.57.22.1 tomcat6-javadoc-6.0.53-0.57.22.1 tomcat6-jsp-2_1-api-6.0.53-0.57.22.1 tomcat6-lib-6.0.53-0.57.22.1 tomcat6-servlet-2_5-api-6.0.53-0.57.22.1 tomcat6-webapps-6.0.53-0.57.22.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): tomcat6-6.0.53-0.57.22.1 tomcat6-admin-webapps-6.0.53-0.57.22.1 tomcat6-docs-webapp-6.0.53-0.57.22.1 tomcat6-javadoc-6.0.53-0.57.22.1 tomcat6-jsp-2_1-api-6.0.53-0.57.22.1 tomcat6-lib-6.0.53-0.57.22.1 tomcat6-servlet-2_5-api-6.0.53-0.57.22.1 tomcat6-webapps-6.0.53-0.57.22.1 References: https://bugzilla.suse.com/1185639 From sle-updates at lists.suse.com Thu May 13 06:16:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 08:16:57 +0200 (CEST) Subject: SUSE-CU-2021:159-1: Recommended update of suse/sle15 Message-ID: <20210513061657.B0BAAB46F23@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:159-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.391 Container Release : 4.22.391 Severity : low Type : recommended References : 1183797 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. From sle-updates at lists.suse.com Thu May 13 06:31:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 08:31:27 +0200 (CEST) Subject: SUSE-CU-2021:160-1: Recommended update of suse/sle15 Message-ID: <20210513063127.C61EDB46F23@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:160-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.452 Container Release : 6.2.452 Severity : low Type : recommended References : 1183797 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. From sle-updates at lists.suse.com Thu May 13 06:40:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 08:40:21 +0200 (CEST) Subject: SUSE-CU-2021:161-1: Recommended update of suse/sle15 Message-ID: <20210513064021.3C47BB46F23@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:161-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.913 Container Release : 8.2.913 Severity : low Type : recommended References : 1183797 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. From sle-updates at lists.suse.com Thu May 13 06:42:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 08:42:40 +0200 (CEST) Subject: SUSE-CU-2021:162-1: Security update of suse/sle15 Message-ID: <20210513064240.52608B46F23@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:162-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.15.13 Container Release : 15.13 Severity : important Type : security References : 1050625 1165424 1169947 1170801 1172477 1172925 1173106 1173273 1173336 1173529 1174011 1174016 1174240 1174561 1174918 1175342 1175592 1177238 1177275 1177427 1177583 1178910 1178966 1179083 1179222 1179415 1179816 1179847 1179909 1180077 1180663 1180721 1181328 1181622 1182629 CVE-2017-9271 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1938-1 Released: Thu Jul 16 14:43:32 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1169947,1170801,1172925,1173106 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to: - Enable zstd compression support for sle15 zypper was updated to version 1.14.37: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) libzypp was updated to 17.24.0 - Fix core dump with corrupted history file (bsc#1170801) - Enable zchunk metadata download if libsolv supports it. - Better handling of the purge-kernels algorithm. (bsc#1173106) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1987-1 Released: Tue Jul 21 17:02:15 2020 Summary: Recommended update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings Type: recommended Severity: important References: 1172477,1173336,1174011 This update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings fixes the following issues: libsolv: - No source changes, just shipping it as an installer update (required by yast2-pkg-bindings). libzypp: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) yast2-packager: - Handle variable expansion in repository name. (bsc#1172477) - Improve medium type detection, do not report Online medium when the /media.1/products file is missing in the repository, SMT does not mirror this file. (bsc#1173336) yast2-pkg-bindings: - Extensions to handle raw repository name. (bsc#1172477) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation From sle-updates at lists.suse.com Thu May 13 16:17:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 18:17:01 +0200 (CEST) Subject: SUSE-SU-2021:1595-1: important: Security update for the Linux Kernel Message-ID: <20210513161701.DB9C7FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1595-1 Rating: important References: #1043990 #1046303 #1047233 #1055117 #1056787 #1065729 #1087405 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1101816 #1103990 #1104353 #1109837 #1111981 #1114648 #1118657 #1118661 #1151794 #1152457 #1175306 #1178089 #1180624 #1180846 #1181062 #1181161 #1182613 #1182672 #1183063 #1183203 #1183289 #1183947 #1184170 #1184194 #1184208 #1184209 #1184211 #1184350 #1184388 #1184509 #1184512 #1184514 #1184647 #1184650 #1184724 #1184731 #1184736 #1184737 #1184738 #1184742 #1184760 #1184942 #1184952 #1184957 #1184984 #1185041 #1185113 #1185195 #1185197 #1185244 #1185269 #1185335 #1185365 #1185472 #1185491 #1185549 Cross-References: CVE-2020-36310 CVE-2020-36312 CVE-2020-36322 CVE-2021-28950 CVE-2021-29155 CVE-2021-29650 CVE-2021-3444 CVSS scores: CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36310 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue within virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue within the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue within arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2021-28950: Fixed an issue within fs/fuse/fuse_i.h where a "stall on CPU" could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue within the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211, bnc#1184952). - CVE-2021-3444: Fixed incorrect mod32 BPF verifier truncation (bsc#1184170). The following non-security bugs were fixed: - arm64: PCI: mobiveil: remove driver Prepare to replace it with upstreamed driver - blk-settings: align max_sectors on "logical_block_size" boundary (bsc#1185195). - block: fix use-after-free on cached last_lookup partition (bsc#1181062). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - drivers/perf: thunderx2_pmu: Fix memory resource error handling (git-fixes). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - handle also the opposite type of race condition - i40e: Fix display statistics for veb_tc (bsc#1111981). - i40e: Fix kernel oops when i40e driver removes VF's (bsc#1101816 ). - i40e: Fix sparse warning: missing error code 'err' (jsc#SLE-4797). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: Continue with reset if set link down failed (bsc#1184350 ltc#191533). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Cleanup fltr list in case of allocation issues (bsc#1118661 ). - ice: Fix for dereference of NULL pointer (bsc#1118661 ). - igc: Fix Pause Frame Advertising (jsc#SLE-4799). - igc: Fix Supported Pause Frame Link Setting (jsc#SLE-4799). - igc: reinit_locked() should be called with rtnl_lock (bsc#1118657). - iopoll: introduce read_poll_timeout macro (git-fixes). - isofs: release buffer head before return (bsc#1182613). - kabi: Fix breakage in NVMe driver (bsc#1181161). - kabi: Fix nvmet error log definitions (bsc#1181161). - kabi: nvme: fix fast_io_fail_tmo (bsc#1181161). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1109837). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set the sd clock divisor value above 3 (git-fixes). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1185335). - net: bcmgenet: use hardware padding of runt frames (git-fixes). - net: cxgb4: fix return error value in t4_prep_fw (git-fixes). - net: hns3: clear VF down state bit before request link status (bsc#1104353). - net/mlx5: Fix PBMC register mapping (bsc#1103990). - net/mlx5: Fix placement of log_max_flow_counter (bsc#1046303 ). - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - nvme: add error log page slot definition (bsc#1181161). - nvme-fabrics: allow to queue requests for live queues (bsc#1181161). - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1181161). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme: include admin_q sync with nvme_sync_queues (bsc#1181161). - nvme: introduce "Command Aborted By host" status code (bsc#1181161). - nvme: introduce nvme_is_fabrics to check fabrics cmd (bsc#1181161). - nvme: introduce nvme_sync_io_queues (bsc#1181161). - nvme: make fabrics command run on a separate request queue (bsc#1181161). - nvme-pci: Sync queues on reset (bsc#1181161). - nvme: prevent warning triggered by nvme_stop_keep_alive (bsc#1181161). - nvme-rdma: avoid race between time out and tear down (bsc#1181161). - nvme-rdma: avoid repeated request completion (bsc#1181161). - nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161). - nvme-rdma: fix controller reset hang during traffic (bsc#1181161). - nvme-rdma: fix possible hang when failing to set io queues (bsc#1181161). - nvme-rdma: fix timeout handler (bsc#1181161). - nvme-rdma: serialize controller teardown sequences (bsc#1181161). - nvme: Restart request timers in resetting state (bsc#1181161). - nvmet: add error-log definitions (bsc#1181161). - nvmet: add error log support for fabrics-cmd (bsc#1181161). - nvme-tcp: avoid race between time out and tear down (bsc#1181161). - nvme-tcp: avoid repeated request completion (bsc#1181161). - nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161). - nvme-tcp: fix controller reset hang during traffic (bsc#1181161). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - nvme-tcp: fix timeout handler (bsc#1181161). - nvme-tcp: serialize controller teardown sequences (bsc#1181161). - nvme: unlink head after removing last namespace (bsc#1181161). - ocfs2: fix a use after free on error (bsc#1184738). - ocfs2: fix deadlock between setattr and dio_end_io_write (bsc#1185197). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (). - PCI: mobiveil: Add callback function for interrupt initialization (). - PCI: mobiveil: Add callback function for link up check (). - PCI: mobiveil: Add configured inbound windows counter (). - PCI: mobiveil: Add Header Type field check (). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (). - PCI: mobiveil: Add upper 32-bit CPU base address setup in outbound window (). - PCI: mobiveil: Add upper 32-bit PCI base address setup in inbound window (). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (). - PCI: mobiveil: Clean-up program_{ib/ob}_windows() (). - PCI: mobiveil: Clear the control fields before updating it (). - PCI: mobiveil: Collect the interrupt related operations into a function (). - PCI: mobiveil: Fix csr_read()/write() build issue (). - PCI: mobiveil: Fix devfn check in mobiveil_pcie_valid_device() (). - PCI: mobiveil: Fix error return values (). - PCI: mobiveil: Fix infinite-loop in the INTx handling function (). - PCI: mobiveil: Fix INTx interrupt clearing in mobiveil_pcie_isr() (). - PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows (). - PCI: mobiveil: Fix the Class Code field (). - PCI: mobiveil: Fix the CPU base address setup in inbound window (). - PCI: mobiveil: Fix the valid check for inbound and outbound windows (). - PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers (). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (). - PCI: mobiveil: Make some register updates more readable (). - PCI: mobiveil: Mask out hardcoded bits in inbound/outbound windows setup (). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (). - PCI: mobiveil: Move IRQ chained handler setup out of DT parse (). - PCI: mobiveil: Move PCIe PIO enablement out of inbound window routine (). - PCI: mobiveil: Move the host initialization into a function (). - PCI: mobiveil: Move the link up waiting out of mobiveil_host_init() (). - PCI: mobiveil: Refactor the MEM/IO outbound window initialization (). - PCI: mobiveil: Reformat the code for readability (). - PCI: mobiveil: Remove an unnecessary return value check (). - PCI: mobiveil: Remove the flag MSI_FLAG_MULTI_PCI_MSI (). - PCI: mobiveil: Unify register accessors (). - PCI: mobiveil: Update the resource list traversal function (). - PCI: mobiveil: Use pci_parse_request_of_pci_ranges() (). - PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions (). - PCI: mobiveil: Use WIN_NUM_0 explicitly for CFG outbound window (). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)" This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (git-fixes). - sch_red: fix off-by-one checks in red_check_params() (bsc1056787). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: libsas: docs: Remove notify_ha_event() (git-fixes). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1185491). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes). - smsc95xx: check return value of smsc95xx_reset (git-fixes). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (git-fixes). - stop_machine: mark helpers __always_inline (bsc#1087405 git-fixes). - struct usbip_device kABI fixup (git-fixes). - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixe). - usbip: fix vudc to check for stream socket (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (bsc#1109837). - video: hyperv_fb: Fix a double free in hvfb_probe (bsc#1175306, git-fixes). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1114648). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1114648). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1114648). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1114648). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1114648). - xdp: fix xdp_return_frame() kernel BUG throw for page_pool memory model (bsc#1109837). - xhci: Improve detection of device initiated wake signal (git-fixes). - netfilter: Fix drop out of segments RST if tcp_be_liberal is set (bsc#1183947). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-1595=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1595=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1595=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1595=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1595=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.71.1 kernel-default-debugsource-4.12.14-122.71.1 kernel-default-extra-4.12.14-122.71.1 kernel-default-extra-debuginfo-4.12.14-122.71.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.71.2 kernel-obs-build-debugsource-4.12.14-122.71.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.71.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.71.1 kernel-default-base-4.12.14-122.71.1 kernel-default-base-debuginfo-4.12.14-122.71.1 kernel-default-debuginfo-4.12.14-122.71.1 kernel-default-debugsource-4.12.14-122.71.1 kernel-default-devel-4.12.14-122.71.1 kernel-syms-4.12.14-122.71.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.71.1 kernel-macros-4.12.14-122.71.1 kernel-source-4.12.14-122.71.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.71.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.71.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.71.1 kernel-default-debugsource-4.12.14-122.71.1 kernel-default-kgraft-4.12.14-122.71.1 kernel-default-kgraft-devel-4.12.14-122.71.1 kgraft-patch-4_12_14-122_71-default-1-8.5.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.71.1 cluster-md-kmp-default-debuginfo-4.12.14-122.71.1 dlm-kmp-default-4.12.14-122.71.1 dlm-kmp-default-debuginfo-4.12.14-122.71.1 gfs2-kmp-default-4.12.14-122.71.1 gfs2-kmp-default-debuginfo-4.12.14-122.71.1 kernel-default-debuginfo-4.12.14-122.71.1 kernel-default-debugsource-4.12.14-122.71.1 ocfs2-kmp-default-4.12.14-122.71.1 ocfs2-kmp-default-debuginfo-4.12.14-122.71.1 References: https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-29155.html https://www.suse.com/security/cve/CVE-2021-29650.html https://www.suse.com/security/cve/CVE-2021-3444.html https://bugzilla.suse.com/1043990 https://bugzilla.suse.com/1046303 https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1087405 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1101816 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1118657 https://bugzilla.suse.com/1118661 https://bugzilla.suse.com/1151794 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1175306 https://bugzilla.suse.com/1178089 https://bugzilla.suse.com/1180624 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1181062 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1182613 https://bugzilla.suse.com/1182672 https://bugzilla.suse.com/1183063 https://bugzilla.suse.com/1183203 https://bugzilla.suse.com/1183289 https://bugzilla.suse.com/1183947 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184647 https://bugzilla.suse.com/1184650 https://bugzilla.suse.com/1184724 https://bugzilla.suse.com/1184731 https://bugzilla.suse.com/1184736 https://bugzilla.suse.com/1184737 https://bugzilla.suse.com/1184738 https://bugzilla.suse.com/1184742 https://bugzilla.suse.com/1184760 https://bugzilla.suse.com/1184942 https://bugzilla.suse.com/1184952 https://bugzilla.suse.com/1184957 https://bugzilla.suse.com/1184984 https://bugzilla.suse.com/1185041 https://bugzilla.suse.com/1185113 https://bugzilla.suse.com/1185195 https://bugzilla.suse.com/1185197 https://bugzilla.suse.com/1185244 https://bugzilla.suse.com/1185269 https://bugzilla.suse.com/1185335 https://bugzilla.suse.com/1185365 https://bugzilla.suse.com/1185472 https://bugzilla.suse.com/1185491 https://bugzilla.suse.com/1185549 From sle-updates at lists.suse.com Thu May 13 16:23:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 18:23:58 +0200 (CEST) Subject: SUSE-SU-2021:1596-1: important: Security update for the Linux Kernel Message-ID: <20210513162358.136F0FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1596-1 Rating: important References: #1040855 #1044767 #1047233 #1065729 #1094840 #1152457 #1171078 #1173485 #1175873 #1176700 #1176720 #1176855 #1177411 #1177753 #1178181 #1179454 #1181032 #1181960 #1182194 #1182672 #1182715 #1182716 #1182717 #1183022 #1183063 #1183069 #1183509 #1183593 #1183646 #1183686 #1183696 #1183738 #1183775 #1184120 #1184167 #1184168 #1184170 #1184192 #1184193 #1184194 #1184196 #1184198 #1184208 #1184211 #1184388 #1184391 #1184393 #1184397 #1184509 #1184511 #1184512 #1184514 #1184583 #1184650 #1184942 #1185113 #1185244 #1185248 Cross-References: CVE-2020-0433 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVSS scores: CVE-2020-0433 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0433 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27170 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27171 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27673 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36310 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-20219 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28038 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29647 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves 35 vulnerabilities and has 23 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a "stall on CPU" could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193). - CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170). - CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192). - CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775). - CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696). - CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). The following non-security bugs were fixed: - Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)" This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194). - dm: fix redundant IO accounting for bios that need splitting (bsc#1183738). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - handle also the opposite type of race condition - hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032). - hv_netvsc: remove ndo_poll_controller (bsc#1185248). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1596=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1596=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1596=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1596=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1596=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1596=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.74.1 kernel-default-base-4.12.14-95.74.1 kernel-default-base-debuginfo-4.12.14-95.74.1 kernel-default-debuginfo-4.12.14-95.74.1 kernel-default-debugsource-4.12.14-95.74.1 kernel-default-devel-4.12.14-95.74.1 kernel-default-devel-debuginfo-4.12.14-95.74.1 kernel-syms-4.12.14-95.74.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.74.1 kernel-macros-4.12.14-95.74.1 kernel-source-4.12.14-95.74.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.74.1 kernel-macros-4.12.14-95.74.1 kernel-source-4.12.14-95.74.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.74.1 kernel-default-base-4.12.14-95.74.1 kernel-default-base-debuginfo-4.12.14-95.74.1 kernel-default-debuginfo-4.12.14-95.74.1 kernel-default-debugsource-4.12.14-95.74.1 kernel-default-devel-4.12.14-95.74.1 kernel-default-devel-debuginfo-4.12.14-95.74.1 kernel-syms-4.12.14-95.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.74.1 kernel-default-base-4.12.14-95.74.1 kernel-default-base-debuginfo-4.12.14-95.74.1 kernel-default-debuginfo-4.12.14-95.74.1 kernel-default-debugsource-4.12.14-95.74.1 kernel-default-devel-4.12.14-95.74.1 kernel-syms-4.12.14-95.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.74.1 kernel-macros-4.12.14-95.74.1 kernel-source-4.12.14-95.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.74.1 kernel-default-base-4.12.14-95.74.1 kernel-default-base-debuginfo-4.12.14-95.74.1 kernel-default-debuginfo-4.12.14-95.74.1 kernel-default-debugsource-4.12.14-95.74.1 kernel-default-devel-4.12.14-95.74.1 kernel-syms-4.12.14-95.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.74.1 kernel-macros-4.12.14-95.74.1 kernel-source-4.12.14-95.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.74.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.74.1 kernel-default-kgraft-devel-4.12.14-95.74.1 kgraft-patch-4_12_14-95_74-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.74.1 cluster-md-kmp-default-debuginfo-4.12.14-95.74.1 dlm-kmp-default-4.12.14-95.74.1 dlm-kmp-default-debuginfo-4.12.14-95.74.1 gfs2-kmp-default-4.12.14-95.74.1 gfs2-kmp-default-debuginfo-4.12.14-95.74.1 kernel-default-debuginfo-4.12.14-95.74.1 kernel-default-debugsource-4.12.14-95.74.1 ocfs2-kmp-default-4.12.14-95.74.1 ocfs2-kmp-default-debuginfo-4.12.14-95.74.1 References: https://www.suse.com/security/cve/CVE-2020-0433.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-27170.html https://www.suse.com/security/cve/CVE-2020-27171.html https://www.suse.com/security/cve/CVE-2020-27673.html https://www.suse.com/security/cve/CVE-2020-27815.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-20219.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-28964.html https://www.suse.com/security/cve/CVE-2021-28971.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-29155.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29647.html https://www.suse.com/security/cve/CVE-2021-29650.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3428.html https://www.suse.com/security/cve/CVE-2021-3444.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1044767 https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1175873 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176720 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1177411 https://bugzilla.suse.com/1177753 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1179454 https://bugzilla.suse.com/1181032 https://bugzilla.suse.com/1181960 https://bugzilla.suse.com/1182194 https://bugzilla.suse.com/1182672 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183063 https://bugzilla.suse.com/1183069 https://bugzilla.suse.com/1183509 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183686 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1183738 https://bugzilla.suse.com/1183775 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184192 https://bugzilla.suse.com/1184193 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184196 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184397 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184583 https://bugzilla.suse.com/1184650 https://bugzilla.suse.com/1184942 https://bugzilla.suse.com/1185113 https://bugzilla.suse.com/1185244 https://bugzilla.suse.com/1185248 From sle-updates at lists.suse.com Thu May 13 16:29:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 18:29:48 +0200 (CEST) Subject: SUSE-SU-2021:1599-1: Security update for ipvsadm Message-ID: <20210513162948.38325FF0F@maintenance.suse.de> SUSE Security Update: Security update for ipvsadm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1599-1 Rating: low References: #1184988 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ipvsadm fixes the following issues: - Hardening: link as position independent executable (bsc#1184988). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1599=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1599=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ipvsadm-1.29-4.3.1 ipvsadm-debuginfo-1.29-4.3.1 ipvsadm-debugsource-1.29-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ipvsadm-1.29-4.3.1 ipvsadm-debuginfo-1.29-4.3.1 ipvsadm-debugsource-1.29-4.3.1 References: https://bugzilla.suse.com/1184988 From sle-updates at lists.suse.com Thu May 13 16:30:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 18:30:54 +0200 (CEST) Subject: SUSE-SU-2021:1598-1: Security update for dtc Message-ID: <20210513163054.2C6F3FF0F@maintenance.suse.de> SUSE Security Update: Security update for dtc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1598-1 Rating: low References: #1184122 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for dtc fixes the following issues: - make all packaged binaries PIE-executables (bsc#1184122). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1598=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1598=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1598=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1598=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1598=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): dtc-debuginfo-1.5.1-4.3.1 dtc-debugsource-1.5.1-4.3.1 libfdt1-1.5.1-4.3.1 libfdt1-debuginfo-1.5.1-4.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): dtc-1.5.1-4.3.1 dtc-debuginfo-1.5.1-4.3.1 dtc-debugsource-1.5.1-4.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): dtc-1.5.1-4.3.1 dtc-debuginfo-1.5.1-4.3.1 dtc-debugsource-1.5.1-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dtc-debuginfo-1.5.1-4.3.1 dtc-debugsource-1.5.1-4.3.1 libfdt-devel-1.5.1-4.3.1 libfdt1-1.5.1-4.3.1 libfdt1-debuginfo-1.5.1-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dtc-debuginfo-1.5.1-4.3.1 dtc-debugsource-1.5.1-4.3.1 libfdt-devel-1.5.1-4.3.1 libfdt1-1.5.1-4.3.1 libfdt1-debuginfo-1.5.1-4.3.1 References: https://bugzilla.suse.com/1184122 From sle-updates at lists.suse.com Thu May 13 16:31:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 18:31:59 +0200 (CEST) Subject: SUSE-SU-2021:1597-1: Security update for ibutils Message-ID: <20210513163159.CF60AFF0F@maintenance.suse.de> SUSE Security Update: Security update for ibutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1597-1 Rating: low References: #1184123 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ibutils fixes the following issues: - Hardening: Link ibis executable with -pie (bsc#1184123). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1597=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1597=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ibutils-1.5.7.0.2-10.3.1 ibutils-debuginfo-1.5.7.0.2-10.3.1 ibutils-debugsource-1.5.7.0.2-10.3.1 ibutils-devel-1.5.7.0.2-10.3.1 ibutils-ui-1.5.7.0.2-10.3.1 libibdm1-1.5.7.0.2-10.3.1 libibdm1-debuginfo-1.5.7.0.2-10.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): ibutils-1.5.7.0.2-10.3.1 ibutils-debuginfo-1.5.7.0.2-10.3.1 ibutils-debugsource-1.5.7.0.2-10.3.1 ibutils-devel-1.5.7.0.2-10.3.1 ibutils-ui-1.5.7.0.2-10.3.1 libibdm1-1.5.7.0.2-10.3.1 libibdm1-debuginfo-1.5.7.0.2-10.3.1 References: https://bugzilla.suse.com/1184123 From sle-updates at lists.suse.com Thu May 13 19:16:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 21:16:48 +0200 (CEST) Subject: SUSE-RU-2021:1603-1: Recommended update for gssproxy Message-ID: <20210513191648.4A144FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gssproxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1603-1 Rating: low References: #1185161 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gssproxy fixes the following issues: - Using now /run instead of /var/run for daemon PID files (bsc#1185161) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1603=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1603=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gssproxy-0.8.2-3.9.1 gssproxy-debuginfo-0.8.2-3.9.1 gssproxy-debugsource-0.8.2-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gssproxy-0.8.2-3.9.1 gssproxy-debuginfo-0.8.2-3.9.1 gssproxy-debugsource-0.8.2-3.9.1 References: https://bugzilla.suse.com/1185161 From sle-updates at lists.suse.com Thu May 13 19:17:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 21:17:51 +0200 (CEST) Subject: SUSE-RU-2021:1600-1: moderate: Recommended update for dracut Message-ID: <20210513191751.8235FFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1600-1 Rating: moderate References: #1185277 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issue: Update to version 049.1+suse.188.gbf445638: - Do not resolve symbolic links before `instmod`. (bsc#1185277) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1600=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1600=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.188.gbf445638-3.30.1 dracut-debuginfo-049.1+suse.188.gbf445638-3.30.1 dracut-debugsource-049.1+suse.188.gbf445638-3.30.1 dracut-fips-049.1+suse.188.gbf445638-3.30.1 dracut-ima-049.1+suse.188.gbf445638-3.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.188.gbf445638-3.30.1 dracut-debuginfo-049.1+suse.188.gbf445638-3.30.1 dracut-debugsource-049.1+suse.188.gbf445638-3.30.1 dracut-fips-049.1+suse.188.gbf445638-3.30.1 dracut-ima-049.1+suse.188.gbf445638-3.30.1 References: https://bugzilla.suse.com/1185277 From sle-updates at lists.suse.com Thu May 13 19:18:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 21:18:59 +0200 (CEST) Subject: SUSE-RU-2021:1602-1: moderate: Recommended update for libsolv, libzypp Message-ID: <20210513191859.9375EFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1602-1 Rating: moderate References: #1180851 #1181874 #1182936 #1183628 #1184997 #1185239 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for libsolv and libzypp fixes the following issues: libsolv: Upgrade from version 0.7.17 to version 0.7.19 - Fix rare segfault in `resolve_jobrules()` that could happen if new rules are learned. - Fix memory leaks in error cases - Fix error handling in `solv_xfopen_fd()` - Fix regex code on win32 - fixed memory leak in choice rule generation - `repo_add_conda`: add a flag to skip version 2 packages. libzypp: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1602=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1602=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1602=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1602=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1602=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1602=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-1602=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1602=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1602=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1602=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libsolv-debuginfo-0.7.19-3.37.1 libsolv-debugsource-0.7.19-3.37.1 libsolv-devel-0.7.19-3.37.1 libsolv-devel-debuginfo-0.7.19-3.37.1 libsolv-tools-0.7.19-3.37.1 libsolv-tools-debuginfo-0.7.19-3.37.1 libzypp-17.25.10-3.51.1 libzypp-debuginfo-17.25.10-3.51.1 libzypp-debugsource-17.25.10-3.51.1 libzypp-devel-17.25.10-3.51.1 perl-solv-0.7.19-3.37.1 perl-solv-debuginfo-0.7.19-3.37.1 python3-solv-0.7.19-3.37.1 python3-solv-debuginfo-0.7.19-3.37.1 ruby-solv-0.7.19-3.37.1 ruby-solv-debuginfo-0.7.19-3.37.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libsolv-debuginfo-0.7.19-3.37.1 libsolv-debugsource-0.7.19-3.37.1 libsolv-devel-0.7.19-3.37.1 libsolv-devel-debuginfo-0.7.19-3.37.1 libsolv-tools-0.7.19-3.37.1 libsolv-tools-debuginfo-0.7.19-3.37.1 libzypp-17.25.10-3.51.1 libzypp-debuginfo-17.25.10-3.51.1 libzypp-debugsource-17.25.10-3.51.1 libzypp-devel-17.25.10-3.51.1 perl-solv-0.7.19-3.37.1 perl-solv-debuginfo-0.7.19-3.37.1 python3-solv-0.7.19-3.37.1 python3-solv-debuginfo-0.7.19-3.37.1 ruby-solv-0.7.19-3.37.1 ruby-solv-debuginfo-0.7.19-3.37.1 - SUSE Manager Proxy 4.0 (x86_64): libsolv-debuginfo-0.7.19-3.37.1 libsolv-debugsource-0.7.19-3.37.1 libsolv-devel-0.7.19-3.37.1 libsolv-devel-debuginfo-0.7.19-3.37.1 libsolv-tools-0.7.19-3.37.1 libsolv-tools-debuginfo-0.7.19-3.37.1 libzypp-17.25.10-3.51.1 libzypp-debuginfo-17.25.10-3.51.1 libzypp-debugsource-17.25.10-3.51.1 libzypp-devel-17.25.10-3.51.1 perl-solv-0.7.19-3.37.1 perl-solv-debuginfo-0.7.19-3.37.1 python3-solv-0.7.19-3.37.1 python3-solv-debuginfo-0.7.19-3.37.1 ruby-solv-0.7.19-3.37.1 ruby-solv-debuginfo-0.7.19-3.37.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libsolv-debuginfo-0.7.19-3.37.1 libsolv-debugsource-0.7.19-3.37.1 libsolv-devel-0.7.19-3.37.1 libsolv-devel-debuginfo-0.7.19-3.37.1 libsolv-tools-0.7.19-3.37.1 libsolv-tools-debuginfo-0.7.19-3.37.1 libzypp-17.25.10-3.51.1 libzypp-debuginfo-17.25.10-3.51.1 libzypp-debugsource-17.25.10-3.51.1 libzypp-devel-17.25.10-3.51.1 perl-solv-0.7.19-3.37.1 perl-solv-debuginfo-0.7.19-3.37.1 python3-solv-0.7.19-3.37.1 python3-solv-debuginfo-0.7.19-3.37.1 ruby-solv-0.7.19-3.37.1 ruby-solv-debuginfo-0.7.19-3.37.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.19-3.37.1 libsolv-debugsource-0.7.19-3.37.1 libsolv-devel-0.7.19-3.37.1 libsolv-devel-debuginfo-0.7.19-3.37.1 libsolv-tools-0.7.19-3.37.1 libsolv-tools-debuginfo-0.7.19-3.37.1 libzypp-17.25.10-3.51.1 libzypp-debuginfo-17.25.10-3.51.1 libzypp-debugsource-17.25.10-3.51.1 libzypp-devel-17.25.10-3.51.1 perl-solv-0.7.19-3.37.1 perl-solv-debuginfo-0.7.19-3.37.1 python3-solv-0.7.19-3.37.1 python3-solv-debuginfo-0.7.19-3.37.1 ruby-solv-0.7.19-3.37.1 ruby-solv-debuginfo-0.7.19-3.37.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libsolv-debuginfo-0.7.19-3.37.1 libsolv-debugsource-0.7.19-3.37.1 libsolv-devel-0.7.19-3.37.1 libsolv-devel-debuginfo-0.7.19-3.37.1 libsolv-tools-0.7.19-3.37.1 libsolv-tools-debuginfo-0.7.19-3.37.1 libzypp-17.25.10-3.51.1 libzypp-debuginfo-17.25.10-3.51.1 libzypp-debugsource-17.25.10-3.51.1 libzypp-devel-17.25.10-3.51.1 perl-solv-0.7.19-3.37.1 perl-solv-debuginfo-0.7.19-3.37.1 python3-solv-0.7.19-3.37.1 python3-solv-debuginfo-0.7.19-3.37.1 ruby-solv-0.7.19-3.37.1 ruby-solv-debuginfo-0.7.19-3.37.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.19-3.37.1 libzypp-17.25.10-3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libsolv-debuginfo-0.7.19-3.37.1 libsolv-debugsource-0.7.19-3.37.1 libsolv-devel-0.7.19-3.37.1 libsolv-devel-debuginfo-0.7.19-3.37.1 libsolv-tools-0.7.19-3.37.1 libsolv-tools-debuginfo-0.7.19-3.37.1 libzypp-17.25.10-3.51.1 libzypp-debuginfo-17.25.10-3.51.1 libzypp-debugsource-17.25.10-3.51.1 libzypp-devel-17.25.10-3.51.1 perl-solv-0.7.19-3.37.1 perl-solv-debuginfo-0.7.19-3.37.1 python3-solv-0.7.19-3.37.1 python3-solv-debuginfo-0.7.19-3.37.1 ruby-solv-0.7.19-3.37.1 ruby-solv-debuginfo-0.7.19-3.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libsolv-debuginfo-0.7.19-3.37.1 libsolv-debugsource-0.7.19-3.37.1 libsolv-devel-0.7.19-3.37.1 libsolv-devel-debuginfo-0.7.19-3.37.1 libsolv-tools-0.7.19-3.37.1 libsolv-tools-debuginfo-0.7.19-3.37.1 libzypp-17.25.10-3.51.1 libzypp-debuginfo-17.25.10-3.51.1 libzypp-debugsource-17.25.10-3.51.1 libzypp-devel-17.25.10-3.51.1 perl-solv-0.7.19-3.37.1 perl-solv-debuginfo-0.7.19-3.37.1 python3-solv-0.7.19-3.37.1 python3-solv-debuginfo-0.7.19-3.37.1 ruby-solv-0.7.19-3.37.1 ruby-solv-debuginfo-0.7.19-3.37.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libsolv-debuginfo-0.7.19-3.37.1 libsolv-debugsource-0.7.19-3.37.1 libsolv-devel-0.7.19-3.37.1 libsolv-devel-debuginfo-0.7.19-3.37.1 libsolv-tools-0.7.19-3.37.1 libsolv-tools-debuginfo-0.7.19-3.37.1 libzypp-17.25.10-3.51.1 libzypp-debuginfo-17.25.10-3.51.1 libzypp-debugsource-17.25.10-3.51.1 libzypp-devel-17.25.10-3.51.1 perl-solv-0.7.19-3.37.1 perl-solv-debuginfo-0.7.19-3.37.1 python3-solv-0.7.19-3.37.1 python3-solv-debuginfo-0.7.19-3.37.1 ruby-solv-0.7.19-3.37.1 ruby-solv-debuginfo-0.7.19-3.37.1 - SUSE CaaS Platform 4.0 (x86_64): libsolv-debuginfo-0.7.19-3.37.1 libsolv-debugsource-0.7.19-3.37.1 libsolv-devel-0.7.19-3.37.1 libsolv-devel-debuginfo-0.7.19-3.37.1 libsolv-tools-0.7.19-3.37.1 libsolv-tools-debuginfo-0.7.19-3.37.1 libzypp-17.25.10-3.51.1 libzypp-debuginfo-17.25.10-3.51.1 libzypp-debugsource-17.25.10-3.51.1 libzypp-devel-17.25.10-3.51.1 perl-solv-0.7.19-3.37.1 perl-solv-debuginfo-0.7.19-3.37.1 python3-solv-0.7.19-3.37.1 python3-solv-debuginfo-0.7.19-3.37.1 ruby-solv-0.7.19-3.37.1 ruby-solv-debuginfo-0.7.19-3.37.1 References: https://bugzilla.suse.com/1180851 https://bugzilla.suse.com/1181874 https://bugzilla.suse.com/1182936 https://bugzilla.suse.com/1183628 https://bugzilla.suse.com/1184997 https://bugzilla.suse.com/1185239 From sle-updates at lists.suse.com Thu May 13 19:20:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 21:20:30 +0200 (CEST) Subject: SUSE-RU-2021:1601-1: moderate: Recommended update for brp-check-suse Message-ID: <20210513192030.EDA42FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for brp-check-suse ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1601-1 Rating: moderate References: #1184555 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for brp-check-suse fixes the following issues: - Make sure all brp-scripts are actually executable. (bsc#1184555) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1601=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1601=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): brp-check-suse-84.87+git20181106.224b37d-3.14.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): brp-check-suse-84.87+git20181106.224b37d-3.14.1 References: https://bugzilla.suse.com/1184555 From sle-updates at lists.suse.com Thu May 13 19:21:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 May 2021 21:21:34 +0200 (CEST) Subject: SUSE-RU-2021:1604-1: Recommended update for autofs Message-ID: <20210513192134.C9CE8FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1604-1 Rating: low References: #1185155 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autofs fixes the following issues: - Changed pidfile path to /run from /var/run (bsc#1185155) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1604=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1604=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): autofs-5.1.3-7.6.1 autofs-debuginfo-5.1.3-7.6.1 autofs-debugsource-5.1.3-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): autofs-5.1.3-7.6.1 autofs-debuginfo-5.1.3-7.6.1 autofs-debugsource-5.1.3-7.6.1 References: https://bugzilla.suse.com/1185155 From sle-updates at lists.suse.com Fri May 14 06:13:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 May 2021 08:13:26 +0200 (CEST) Subject: SUSE-CU-2021:163-1: Recommended update of suse/sle15 Message-ID: <20210514061326.D6221B46F23@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:163-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.453 Container Release : 6.2.453 Severity : moderate Type : recommended References : 1180851 1181874 1182936 1183628 1184997 1185239 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1602-1 Released: Thu May 13 16:35:19 2021 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libsolv and libzypp fixes the following issues: libsolv: Upgrade from version 0.7.17 to version 0.7.19 - Fix rare segfault in `resolve_jobrules()` that could happen if new rules are learned. - Fix memory leaks in error cases - Fix error handling in `solv_xfopen_fd()` - Fix regex code on win32 - fixed memory leak in choice rule generation - `repo_add_conda`: add a flag to skip version 2 packages. libzypp: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. From sle-updates at lists.suse.com Fri May 14 13:15:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 May 2021 15:15:17 +0200 (CEST) Subject: SUSE-SU-2021:1606-1: Security update for ibsim Message-ID: <20210514131517.CEFC6FF0F@maintenance.suse.de> SUSE Security Update: Security update for ibsim ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1606-1 Rating: low References: #1184123 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ibsim fixes the following issues: - Hardening: link as position independent executable (bsc#1184123). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1606=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): ibsim-0.8-3.3.1 ibsim-debuginfo-0.8-3.3.1 ibsim-debugsource-0.8-3.3.1 References: https://bugzilla.suse.com/1184123 From sle-updates at lists.suse.com Fri May 14 13:16:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 May 2021 15:16:16 +0200 (CEST) Subject: SUSE-RU-2021:1607-1: moderate: Recommended update for oracleasm Message-ID: <20210514131616.C598BFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1607-1 Rating: moderate References: #1182570 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issue: - package is rebuilt with the new secure boot key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1607=1 - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1607=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_24.61-13.9.1 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_24.61-13.9.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): oracleasm-kmp-rt-2.0.8_k5.3.18_8.3-13.9.1 oracleasm-kmp-rt-debuginfo-2.0.8_k5.3.18_8.3-13.9.1 References: https://bugzilla.suse.com/1182570 From sle-updates at lists.suse.com Fri May 14 13:17:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 May 2021 15:17:19 +0200 (CEST) Subject: SUSE-SU-2021:1605-1: important: Security update for the Linux Kernel Message-ID: <20210514131719.E152AFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1605-1 Rating: important References: #1043990 #1046303 #1047233 #1055117 #1056787 #1065729 #1087405 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1101816 #1103990 #1104353 #1109837 #1111981 #1114648 #1118657 #1118661 #1151794 #1152457 #1175306 #1178089 #1180624 #1180846 #1181062 #1181161 #1182613 #1182672 #1183063 #1183203 #1183289 #1184170 #1184194 #1184208 #1184209 #1184211 #1184350 #1184388 #1184509 #1184512 #1184514 #1184647 #1184650 #1184724 #1184731 #1184736 #1184737 #1184738 #1184742 #1184760 #1184942 #1184952 #1184957 #1184984 #1185041 #1185113 #1185195 #1185197 #1185244 #1185269 #1185335 #1185365 #1185472 #1185491 #1185549 Cross-References: CVE-2020-36310 CVE-2020-36312 CVE-2020-36322 CVE-2021-28950 CVE-2021-29155 CVE-2021-29650 CVSS scores: CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36310 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue within virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue within the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue within arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2021-28950: Fixed an issue within fs/fuse/fuse_i.h where a "stall on CPU" could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue within the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211, bnc#1184952). - CVE-2021-3444: Fixed incorrect mod32 BPF verifier truncation (bsc#1184170). The following non-security bugs were fixed: - arm64: PCI: mobiveil: remove driver Prepare to replace it with upstreamed driver - blk-settings: align max_sectors on "logical_block_size" boundary (bsc#1185195). - block: fix use-after-free on cached last_lookup partition (bsc#1181062). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - drivers/perf: thunderx2_pmu: Fix memory resource error handling (git-fixes). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - handle also the opposite type of race condition - i40e: Fix display statistics for veb_tc (bsc#1111981). - i40e: Fix kernel oops when i40e driver removes VF's (bsc#1101816 ). - i40e: Fix sparse warning: missing error code 'err' (jsc#SLE-4797). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: Continue with reset if set link down failed (bsc#1184350 ltc#191533). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Cleanup fltr list in case of allocation issues (bsc#1118661 ). - ice: Fix for dereference of NULL pointer (bsc#1118661 ). - igc: Fix Pause Frame Advertising (jsc#SLE-4799). - igc: Fix Supported Pause Frame Link Setting (jsc#SLE-4799). - igc: reinit_locked() should be called with rtnl_lock (bsc#1118657). - iopoll: introduce read_poll_timeout macro (git-fixes). - isofs: release buffer head before return (bsc#1182613). - kabi: Fix breakage in NVMe driver (bsc#1181161). - kabi: Fix nvmet error log definitions (bsc#1181161). - kabi: nvme: fix fast_io_fail_tmo (bsc#1181161). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1109837). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set the sd clock divisor value above 3 (git-fixes). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1185335). - net: bcmgenet: use hardware padding of runt frames (git-fixes). - net: cxgb4: fix return error value in t4_prep_fw (git-fixes). - net: hns3: clear VF down state bit before request link status (bsc#1104353). - net/mlx5: Fix PBMC register mapping (bsc#1103990). - net/mlx5: Fix placement of log_max_flow_counter (bsc#1046303 ). - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - nvme: add error log page slot definition (bsc#1181161). - nvme-fabrics: allow to queue requests for live queues (bsc#1181161). - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1181161). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme: include admin_q sync with nvme_sync_queues (bsc#1181161). - nvme: introduce "Command Aborted By host" status code (bsc#1181161). - nvme: introduce nvme_is_fabrics to check fabrics cmd (bsc#1181161). - nvme: introduce nvme_sync_io_queues (bsc#1181161). - nvme: make fabrics command run on a separate request queue (bsc#1181161). - nvme-pci: Sync queues on reset (bsc#1181161). - nvme: prevent warning triggered by nvme_stop_keep_alive (bsc#1181161). - nvme-rdma: avoid race between time out and tear down (bsc#1181161). - nvme-rdma: avoid repeated request completion (bsc#1181161). - nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161). - nvme-rdma: fix controller reset hang during traffic (bsc#1181161). - nvme-rdma: fix possible hang when failing to set io queues (bsc#1181161). - nvme-rdma: fix timeout handler (bsc#1181161). - nvme-rdma: serialize controller teardown sequences (bsc#1181161). - nvme: Restart request timers in resetting state (bsc#1181161). - nvmet: add error-log definitions (bsc#1181161). - nvmet: add error log support for fabrics-cmd (bsc#1181161). - nvme-tcp: avoid race between time out and tear down (bsc#1181161). - nvme-tcp: avoid repeated request completion (bsc#1181161). - nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161). - nvme-tcp: fix controller reset hang during traffic (bsc#1181161). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - nvme-tcp: fix timeout handler (bsc#1181161). - nvme-tcp: serialize controller teardown sequences (bsc#1181161). - nvme: unlink head after removing last namespace (bsc#1181161). - ocfs2: fix a use after free on error (bsc#1184738). - ocfs2: fix deadlock between setattr and dio_end_io_write (bsc#1185197). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (). - PCI: mobiveil: Add callback function for interrupt initialization (). - PCI: mobiveil: Add callback function for link up check (). - PCI: mobiveil: Add configured inbound windows counter (). - PCI: mobiveil: Add Header Type field check (). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (). - PCI: mobiveil: Add upper 32-bit CPU base address setup in outbound window (). - PCI: mobiveil: Add upper 32-bit PCI base address setup in inbound window (). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (). - PCI: mobiveil: Clean-up program_{ib/ob}_windows() (). - PCI: mobiveil: Clear the control fields before updating it (). - PCI: mobiveil: Collect the interrupt related operations into a function (). - PCI: mobiveil: Fix csr_read()/write() build issue (). - PCI: mobiveil: Fix devfn check in mobiveil_pcie_valid_device() (). - PCI: mobiveil: Fix error return values (). - PCI: mobiveil: Fix infinite-loop in the INTx handling function (). - PCI: mobiveil: Fix INTx interrupt clearing in mobiveil_pcie_isr() (). - PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows (). - PCI: mobiveil: Fix the Class Code field (). - PCI: mobiveil: Fix the CPU base address setup in inbound window (). - PCI: mobiveil: Fix the valid check for inbound and outbound windows (). - PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers (). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (). - PCI: mobiveil: Make some register updates more readable (). - PCI: mobiveil: Mask out hardcoded bits in inbound/outbound windows setup (). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (). - PCI: mobiveil: Move IRQ chained handler setup out of DT parse (). - PCI: mobiveil: Move PCIe PIO enablement out of inbound window routine (). - PCI: mobiveil: Move the host initialization into a function (). - PCI: mobiveil: Move the link up waiting out of mobiveil_host_init() (). - PCI: mobiveil: Refactor the MEM/IO outbound window initialization (). - PCI: mobiveil: Reformat the code for readability (). - PCI: mobiveil: Remove an unnecessary return value check (). - PCI: mobiveil: Remove the flag MSI_FLAG_MULTI_PCI_MSI (). - PCI: mobiveil: Unify register accessors (). - PCI: mobiveil: Update the resource list traversal function (). - PCI: mobiveil: Use pci_parse_request_of_pci_ranges() (). - PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions (). - PCI: mobiveil: Use WIN_NUM_0 explicitly for CFG outbound window (). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)" This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (git-fixes). - sch_red: fix off-by-one checks in red_check_params() (bsc1056787). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: libsas: docs: Remove notify_ha_event() (git-fixes). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1185491). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes). - smsc95xx: check return value of smsc95xx_reset (git-fixes). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (git-fixes). - stop_machine: mark helpers __always_inline (bsc#1087405 git-fixes). - struct usbip_device kABI fixup (git-fixes). - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixe). - usbip: fix vudc to check for stream socket (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (bsc#1109837). - video: hyperv_fb: Fix a double free in hvfb_probe (bsc#1175306, git-fixes). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1114648). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1114648). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1114648). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1114648). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1114648). - xdp: fix xdp_return_frame() kernel BUG throw for page_pool memory model (bsc#1109837). - xhci: Improve detection of device initiated wake signal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-1605=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.43.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.43.1 dlm-kmp-rt-4.12.14-10.43.1 dlm-kmp-rt-debuginfo-4.12.14-10.43.1 gfs2-kmp-rt-4.12.14-10.43.1 gfs2-kmp-rt-debuginfo-4.12.14-10.43.1 kernel-rt-4.12.14-10.43.1 kernel-rt-base-4.12.14-10.43.1 kernel-rt-base-debuginfo-4.12.14-10.43.1 kernel-rt-debuginfo-4.12.14-10.43.1 kernel-rt-debugsource-4.12.14-10.43.1 kernel-rt-devel-4.12.14-10.43.1 kernel-rt-devel-debuginfo-4.12.14-10.43.1 kernel-rt_debug-4.12.14-10.43.1 kernel-rt_debug-debuginfo-4.12.14-10.43.1 kernel-rt_debug-debugsource-4.12.14-10.43.1 kernel-rt_debug-devel-4.12.14-10.43.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.43.1 kernel-syms-rt-4.12.14-10.43.1 ocfs2-kmp-rt-4.12.14-10.43.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.43.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.43.1 kernel-source-rt-4.12.14-10.43.1 References: https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-29155.html https://www.suse.com/security/cve/CVE-2021-29650.html https://bugzilla.suse.com/1043990 https://bugzilla.suse.com/1046303 https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1087405 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1101816 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1118657 https://bugzilla.suse.com/1118661 https://bugzilla.suse.com/1151794 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1175306 https://bugzilla.suse.com/1178089 https://bugzilla.suse.com/1180624 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1181062 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1182613 https://bugzilla.suse.com/1182672 https://bugzilla.suse.com/1183063 https://bugzilla.suse.com/1183203 https://bugzilla.suse.com/1183289 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184647 https://bugzilla.suse.com/1184650 https://bugzilla.suse.com/1184724 https://bugzilla.suse.com/1184731 https://bugzilla.suse.com/1184736 https://bugzilla.suse.com/1184737 https://bugzilla.suse.com/1184738 https://bugzilla.suse.com/1184742 https://bugzilla.suse.com/1184760 https://bugzilla.suse.com/1184942 https://bugzilla.suse.com/1184952 https://bugzilla.suse.com/1184957 https://bugzilla.suse.com/1184984 https://bugzilla.suse.com/1185041 https://bugzilla.suse.com/1185113 https://bugzilla.suse.com/1185195 https://bugzilla.suse.com/1185197 https://bugzilla.suse.com/1185244 https://bugzilla.suse.com/1185269 https://bugzilla.suse.com/1185335 https://bugzilla.suse.com/1185365 https://bugzilla.suse.com/1185472 https://bugzilla.suse.com/1185491 https://bugzilla.suse.com/1185549 From sle-updates at lists.suse.com Fri May 14 19:16:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 May 2021 21:16:01 +0200 (CEST) Subject: SUSE-SU-2021:1613-1: important: Security update for lz4 Message-ID: <20210514191601.F0804FF0F@maintenance.suse.de> SUSE Security Update: Security update for lz4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1613-1 Rating: important References: #1153936 #1185438 Cross-References: CVE-2019-17543 CVE-2021-3520 CVSS scores: CVE-2019-17543 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-17543 (SUSE): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). - CVE-2019-17543: Fixed heap-based buffer overflow in LZ4_write32 (bsc#1153936). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1613=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): liblz4-1-1.8.0-3.3.1 liblz4-1-debuginfo-1.8.0-3.3.1 lz4-debuginfo-1.8.0-3.3.1 lz4-debugsource-1.8.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-17543.html https://www.suse.com/security/cve/CVE-2021-3520.html https://bugzilla.suse.com/1153936 https://bugzilla.suse.com/1185438 From sle-updates at lists.suse.com Fri May 14 19:18:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 May 2021 21:18:08 +0200 (CEST) Subject: SUSE-RU-2021:1608-1: moderate: Recommended update for pam_radius Message-ID: <20210514191808.6EA4AFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam_radius ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1608-1 Rating: moderate References: #1184638 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam_radius fixes the following issues: - Fixed an issue when NAS IP address is corrupt in s390x. (bsc#1184638) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1608=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): pam_radius-1.3.16-239.7.1 pam_radius-debuginfo-1.3.16-239.7.1 pam_radius-debugsource-1.3.16-239.7.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): pam_radius-32bit-1.3.16-239.7.1 pam_radius-debuginfo-32bit-1.3.16-239.7.1 References: https://bugzilla.suse.com/1184638 From sle-updates at lists.suse.com Fri May 14 19:20:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 May 2021 21:20:23 +0200 (CEST) Subject: SUSE-RU-2021:1612-1: moderate: Recommended update for openldap2 Message-ID: <20210514192023.D771CFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1612-1 Rating: moderate References: #1184614 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1612=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-1612=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1612=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1612=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1612=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1612=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1612=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libldap-2_4-2-2.4.46-9.53.1 libldap-2_4-2-debuginfo-2.4.46-9.53.1 openldap2-debuginfo-2.4.46-9.53.1 openldap2-debugsource-2.4.46-9.53.1 - SUSE MicroOS 5.0 (noarch): libldap-data-2.4.46-9.53.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.53.1 openldap2-back-meta-2.4.46-9.53.1 openldap2-back-meta-debuginfo-2.4.46-9.53.1 openldap2-back-perl-2.4.46-9.53.1 openldap2-back-perl-debuginfo-2.4.46-9.53.1 openldap2-debuginfo-2.4.46-9.53.1 openldap2-debugsource-2.4.46-9.53.1 openldap2-ppolicy-check-password-1.2-9.53.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.53.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.53.1 openldap2-back-meta-2.4.46-9.53.1 openldap2-back-meta-debuginfo-2.4.46-9.53.1 openldap2-back-perl-2.4.46-9.53.1 openldap2-back-perl-debuginfo-2.4.46-9.53.1 openldap2-contrib-2.4.46-9.53.1 openldap2-contrib-debuginfo-2.4.46-9.53.1 openldap2-debuginfo-2.4.46-9.53.1 openldap2-debugsource-2.4.46-9.53.1 openldap2-ppolicy-check-password-1.2-9.53.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.53.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): openldap2-debugsource-2.4.46-9.53.1 openldap2-devel-32bit-2.4.46-9.53.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): openldap2-debugsource-2.4.46-9.53.1 openldap2-devel-32bit-2.4.46-9.53.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.53.1 libldap-2_4-2-debuginfo-2.4.46-9.53.1 openldap2-client-2.4.46-9.53.1 openldap2-client-debuginfo-2.4.46-9.53.1 openldap2-debuginfo-2.4.46-9.53.1 openldap2-debugsource-2.4.46-9.53.1 openldap2-devel-2.4.46-9.53.1 openldap2-devel-static-2.4.46-9.53.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libldap-data-2.4.46-9.53.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libldap-2_4-2-32bit-2.4.46-9.53.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.53.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.53.1 libldap-2_4-2-debuginfo-2.4.46-9.53.1 openldap2-client-2.4.46-9.53.1 openldap2-client-debuginfo-2.4.46-9.53.1 openldap2-debugsource-2.4.46-9.53.1 openldap2-devel-2.4.46-9.53.1 openldap2-devel-static-2.4.46-9.53.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libldap-2_4-2-32bit-2.4.46-9.53.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.53.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libldap-data-2.4.46-9.53.1 References: https://bugzilla.suse.com/1184614 From sle-updates at lists.suse.com Fri May 14 19:21:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 May 2021 21:21:29 +0200 (CEST) Subject: SUSE-RU-2021:1610-1: moderate: Recommended update for resource-agents Message-ID: <20210514192129.A4834FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1610-1 Rating: moderate References: #1177796 #1180590 #1183971 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed an issue when customers experience issues with azure-events resource agent with 'URLError'. (bsc#1180590) - Fixed an issue when 'ethmonitor' bloats journal with warnings for VLAN devices. (bsc#1177796) - Fixed an issue when azure-events puts both nodes in standby. (bsc#1183971) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-1610=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-3.64.1 resource-agents-4.3.0184.6ee15eb2-3.64.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-3.64.1 resource-agents-debugsource-4.3.0184.6ee15eb2-3.64.1 - SUSE Linux Enterprise High Availability 15 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-3.64.1 References: https://bugzilla.suse.com/1177796 https://bugzilla.suse.com/1180590 https://bugzilla.suse.com/1183971 From sle-updates at lists.suse.com Fri May 14 19:22:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 May 2021 21:22:43 +0200 (CEST) Subject: SUSE-RU-2021:1611-1: moderate: Recommended update for resource-agents Message-ID: <20210514192243.207D7FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1611-1 Rating: moderate References: #1183971 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed an issue when azure-events puts both nodes in standby. (bsc#1183971) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1611=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1611=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.72.2 resource-agents-4.3.018.a7fb5035-3.72.2 resource-agents-debuginfo-4.3.018.a7fb5035-3.72.2 resource-agents-debugsource-4.3.018.a7fb5035-3.72.2 - SUSE Linux Enterprise High Availability 12-SP5 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.72.2 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.72.2 resource-agents-4.3.018.a7fb5035-3.72.2 resource-agents-debuginfo-4.3.018.a7fb5035-3.72.2 resource-agents-debugsource-4.3.018.a7fb5035-3.72.2 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.72.2 References: https://bugzilla.suse.com/1183971 From sle-updates at lists.suse.com Fri May 14 19:23:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 May 2021 21:23:48 +0200 (CEST) Subject: SUSE-RU-2021:1609-1: moderate: Recommended update for yast2 Message-ID: <20210514192348.94186FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1609-1 Rating: moderate References: #1122493 #1157476 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2 and yast2-installation fixes the following issues: - Add 'linuxrc' option "reboot_timeout" to configure the timeout before reboot. (bsc#1122493) - Ensure the new opened SCR instace is closed when reading the '/etc/install.inf' file (bsc#1122493, bsc#1157476) - Ensure '/etc/install.inf' is not read from the target system but from the local one. (bsc#1122493, bsc#1157476) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1609=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1609=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1609=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1609=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1609=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1609=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-1609=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1609=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1609=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1609=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): yast2-4.1.81-3.28.1 yast2-logs-4.1.81-3.28.1 - SUSE Manager Server 4.0 (noarch): yast2-installation-4.1.54-3.24.1 - SUSE Manager Retail Branch Server 4.0 (noarch): yast2-installation-4.1.54-3.24.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): yast2-4.1.81-3.28.1 yast2-logs-4.1.81-3.28.1 - SUSE Manager Proxy 4.0 (noarch): yast2-installation-4.1.54-3.24.1 - SUSE Manager Proxy 4.0 (x86_64): yast2-4.1.81-3.28.1 yast2-logs-4.1.81-3.28.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): yast2-4.1.81-3.28.1 yast2-logs-4.1.81-3.28.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): yast2-installation-4.1.54-3.24.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): yast2-4.1.81-3.28.1 yast2-logs-4.1.81-3.28.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): yast2-installation-4.1.54-3.24.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): yast2-installation-4.1.54-3.24.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): yast2-4.1.81-3.28.1 yast2-logs-4.1.81-3.28.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-4.1.81-3.28.1 - SUSE Linux Enterprise Installer 15-SP1 (noarch): yast2-installation-4.1.54-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): yast2-4.1.81-3.28.1 yast2-logs-4.1.81-3.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): yast2-installation-4.1.54-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): yast2-4.1.81-3.28.1 yast2-logs-4.1.81-3.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): yast2-installation-4.1.54-3.24.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): yast2-4.1.81-3.28.1 yast2-logs-4.1.81-3.28.1 - SUSE Enterprise Storage 6 (noarch): yast2-installation-4.1.54-3.24.1 - SUSE CaaS Platform 4.0 (x86_64): yast2-4.1.81-3.28.1 yast2-logs-4.1.81-3.28.1 - SUSE CaaS Platform 4.0 (noarch): yast2-installation-4.1.54-3.24.1 References: https://bugzilla.suse.com/1122493 https://bugzilla.suse.com/1157476 From sle-updates at lists.suse.com Sat May 15 06:17:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 May 2021 08:17:40 +0200 (CEST) Subject: SUSE-CU-2021:164-1: Recommended update of suse/sle15 Message-ID: <20210515061740.A0184B46F23@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:164-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.393 Container Release : 4.22.393 Severity : moderate Type : recommended References : 1184614 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) From sle-updates at lists.suse.com Sat May 15 06:32:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 May 2021 08:32:53 +0200 (CEST) Subject: SUSE-CU-2021:165-1: Recommended update of suse/sle15 Message-ID: <20210515063253.B897DB46F23@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:165-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.454 Container Release : 6.2.454 Severity : moderate Type : recommended References : 1184614 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) From sle-updates at lists.suse.com Sat May 15 06:42:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 May 2021 08:42:05 +0200 (CEST) Subject: SUSE-CU-2021:166-1: Recommended update of suse/sle15 Message-ID: <20210515064205.BA6CAB46F23@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:166-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.915 Container Release : 8.2.915 Severity : moderate Type : recommended References : 1184614 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) From sle-updates at lists.suse.com Mon May 17 13:15:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 May 2021 15:15:48 +0200 (CEST) Subject: SUSE-SU-2021:1617-1: important: Security update for the Linux Kernel Message-ID: <20210517131548.6966EFDD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1617-1 Rating: important References: #1165629 #1173485 #1176720 #1178181 #1182715 #1182716 #1182717 #1183022 #1183069 #1183593 #1184120 #1184167 #1184168 #1184194 #1184198 #1184208 #1184211 #1184391 #1184393 #1184397 #1184509 #1184611 #1184952 #1185555 #1185556 #1185557 Cross-References: CVE-2020-0433 CVE-2020-1749 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28950 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29650 CVE-2021-30002 CVE-2021-3483 CVSS scores: CVE-2020-0433 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0433 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-1749 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-20219 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28038 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 22 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a "stall on CPU" could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). - CVE-2020-36322: Fixed an issue in the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211 bnc#1184952). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022 bnc#1183069 ). - CVE-2020-1749: Fixed a flaw with some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1165629). The following non-security bugs were fixed: - KVM: Add proper lockdep assertion in I/O bus unregister (bsc#1185555). - KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1185556). - KVM: Stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1185557). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bluetooth: eliminate the potential race condition when removing the HCI controller (bsc#1184611). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1617=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1617=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1617=1 Package List: - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (noarch): kernel-devel-4.4.121-92.155.1 kernel-macros-4.4.121-92.155.1 kernel-source-4.4.121-92.155.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): cluster-md-kmp-default-4.4.121-92.155.1 cluster-md-kmp-default-debuginfo-4.4.121-92.155.1 cluster-network-kmp-default-4.4.121-92.155.1 cluster-network-kmp-default-debuginfo-4.4.121-92.155.1 dlm-kmp-default-4.4.121-92.155.1 dlm-kmp-default-debuginfo-4.4.121-92.155.1 gfs2-kmp-default-4.4.121-92.155.1 gfs2-kmp-default-debuginfo-4.4.121-92.155.1 kernel-default-4.4.121-92.155.1 kernel-default-base-4.4.121-92.155.1 kernel-default-base-debuginfo-4.4.121-92.155.1 kernel-default-debuginfo-4.4.121-92.155.1 kernel-default-debugsource-4.4.121-92.155.1 kernel-default-devel-4.4.121-92.155.1 kernel-syms-4.4.121-92.155.1 ocfs2-kmp-default-4.4.121-92.155.1 ocfs2-kmp-default-debuginfo-4.4.121-92.155.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (noarch): kernel-devel-4.4.121-92.155.1 kernel-macros-4.4.121-92.155.1 kernel-source-4.4.121-92.155.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): cluster-md-kmp-default-4.4.121-92.155.1 cluster-md-kmp-default-debuginfo-4.4.121-92.155.1 cluster-network-kmp-default-4.4.121-92.155.1 cluster-network-kmp-default-debuginfo-4.4.121-92.155.1 dlm-kmp-default-4.4.121-92.155.1 dlm-kmp-default-debuginfo-4.4.121-92.155.1 gfs2-kmp-default-4.4.121-92.155.1 gfs2-kmp-default-debuginfo-4.4.121-92.155.1 kernel-default-4.4.121-92.155.1 kernel-default-base-4.4.121-92.155.1 kernel-default-base-debuginfo-4.4.121-92.155.1 kernel-default-debuginfo-4.4.121-92.155.1 kernel-default-debugsource-4.4.121-92.155.1 kernel-default-devel-4.4.121-92.155.1 kernel-syms-4.4.121-92.155.1 ocfs2-kmp-default-4.4.121-92.155.1 ocfs2-kmp-default-debuginfo-4.4.121-92.155.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.155.1 kernel-default-base-4.4.121-92.155.1 kernel-default-base-debuginfo-4.4.121-92.155.1 kernel-default-debuginfo-4.4.121-92.155.1 kernel-default-debugsource-4.4.121-92.155.1 kernel-default-devel-4.4.121-92.155.1 kernel-syms-4.4.121-92.155.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.155.1 kernel-macros-4.4.121-92.155.1 kernel-source-4.4.121-92.155.1 References: https://www.suse.com/security/cve/CVE-2020-0433.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-20219.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29650.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1176720 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183069 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184397 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184611 https://bugzilla.suse.com/1184952 https://bugzilla.suse.com/1185555 https://bugzilla.suse.com/1185556 https://bugzilla.suse.com/1185557 From sle-updates at lists.suse.com Mon May 17 16:16:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 May 2021 18:16:04 +0200 (CEST) Subject: SUSE-RU-2021:1619-1: moderate: Recommended update for systemtap Message-ID: <20210517161604.77F6BFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemtap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1619-1 Rating: moderate References: #1185068 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemtap fixes the following issues: - Adjust 'stap-server.conf' to refer to '/run' instead of '/var/run'. (bsc#1185068) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1619=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1619=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): systemtap-4.2-3.3.1 systemtap-debuginfo-4.2-3.3.1 systemtap-debugsource-4.2-3.3.1 systemtap-headers-4.2-3.3.1 systemtap-runtime-4.2-3.3.1 systemtap-runtime-debuginfo-4.2-3.3.1 systemtap-sdt-devel-4.2-3.3.1 systemtap-server-4.2-3.3.1 systemtap-server-debuginfo-4.2-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): systemtap-docs-4.2-3.3.1 systemtap-dtrace-4.2-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): systemtap-4.2-3.3.1 systemtap-debuginfo-4.2-3.3.1 systemtap-debugsource-4.2-3.3.1 systemtap-headers-4.2-3.3.1 systemtap-runtime-4.2-3.3.1 systemtap-runtime-debuginfo-4.2-3.3.1 systemtap-sdt-devel-4.2-3.3.1 systemtap-server-4.2-3.3.1 systemtap-server-debuginfo-4.2-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): systemtap-docs-4.2-3.3.1 systemtap-dtrace-4.2-3.3.1 References: https://bugzilla.suse.com/1185068 From sle-updates at lists.suse.com Mon May 17 16:18:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 May 2021 18:18:09 +0200 (CEST) Subject: SUSE-RU-2021:1618-1: moderate: Recommended update for llvm7 and libqt5-qttools Message-ID: <20210517161809.BBBC3FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for llvm7 and libqt5-qttools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1618-1 Rating: moderate References: #1067478 #1109367 #1145085 #1184920 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for llvm7 and libqt5-qttools fixes the following issues: libqt5-qttools: - Use `libclang` instead of `clang`, now that `llvm7` moved the header files to `libclang` (bsc#1109367, bsc#1184920) llvm7: - Remove unneeded and unused dependencies: - groff, bison, flex, jsoncpp - Devel packages are only required in other devel packages, when their headers are included in the installed headers. - Skip a test that is broken with 387 FPU registers and avoids check failure on i586. (bsc#1145085) - Link `libomp` with `atomic` if needed and fix build using gcc-4.8. (bsc#1145085) - Make build of `gnustep-libobjc2` package reproducible. (bsc#1067478) - Remove `-fno-strict-aliasing` which upstream doesn't use any more. - Package `clang` builtin headers with `libclang`. (bsc#1109367) - The library is unusable without the builtin headers. Currently consumers of `libclang` have to require `clang` as well, although only the headers are needed. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1618=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1618=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1618=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1618=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1618=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1618=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1618=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1618=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): liblldb7-7.0.1-3.19.2 liblldb7-debuginfo-7.0.1-3.19.2 llvm7-debuginfo-7.0.1-3.19.2 llvm7-debugsource-7.0.1-3.19.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): liblldb7-7.0.1-3.19.2 liblldb7-debuginfo-7.0.1-3.19.2 llvm7-debuginfo-7.0.1-3.19.2 llvm7-debugsource-7.0.1-3.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): clang7-checker-7.0.1-3.19.2 llvm7-debuginfo-7.0.1-3.19.2 llvm7-debugsource-7.0.1-3.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): clang7-checker-7.0.1-3.19.2 llvm7-debuginfo-7.0.1-3.19.2 llvm7-debugsource-7.0.1-3.19.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libQt5Designer5-5.12.7-3.3.10 libQt5Designer5-debuginfo-5.12.7-3.3.10 libQt5DesignerComponents5-5.12.7-3.3.10 libQt5DesignerComponents5-debuginfo-5.12.7-3.3.10 libQt5Help5-5.12.7-3.3.10 libQt5Help5-debuginfo-5.12.7-3.3.10 libqt5-linguist-5.12.7-3.3.10 libqt5-linguist-debuginfo-5.12.7-3.3.10 libqt5-linguist-devel-5.12.7-3.3.10 libqt5-qdbus-5.12.7-3.3.10 libqt5-qdbus-debuginfo-5.12.7-3.3.10 libqt5-qtpaths-5.12.7-3.3.10 libqt5-qtpaths-debuginfo-5.12.7-3.3.10 libqt5-qttools-5.12.7-3.3.10 libqt5-qttools-debuginfo-5.12.7-3.3.10 libqt5-qttools-debugsource-5.12.7-3.3.10 libqt5-qttools-devel-5.12.7-3.3.10 libqt5-qttools-doc-5.12.7-3.3.10 libqt5-qttools-doc-debuginfo-5.12.7-3.3.10 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): libqt5-qtdeclarative-private-headers-devel-5.12.7-4.2.1 libqt5-qttools-private-headers-devel-5.12.7-3.3.10 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libQt5Designer5-5.12.7-3.3.10 libQt5Designer5-debuginfo-5.12.7-3.3.10 libQt5DesignerComponents5-5.12.7-3.3.10 libQt5DesignerComponents5-debuginfo-5.12.7-3.3.10 libQt5Help5-5.12.7-3.3.10 libQt5Help5-debuginfo-5.12.7-3.3.10 libqt5-linguist-5.12.7-3.3.10 libqt5-linguist-debuginfo-5.12.7-3.3.10 libqt5-linguist-devel-5.12.7-3.3.10 libqt5-qdbus-5.12.7-3.3.10 libqt5-qdbus-debuginfo-5.12.7-3.3.10 libqt5-qtpaths-5.12.7-3.3.10 libqt5-qtpaths-debuginfo-5.12.7-3.3.10 libqt5-qttools-5.12.7-3.3.10 libqt5-qttools-debuginfo-5.12.7-3.3.10 libqt5-qttools-debugsource-5.12.7-3.3.10 libqt5-qttools-devel-5.12.7-3.3.10 libqt5-qttools-doc-5.12.7-3.3.10 libqt5-qttools-doc-debuginfo-5.12.7-3.3.10 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): libqt5-qtdeclarative-private-headers-devel-5.12.7-4.2.1 libqt5-qttools-private-headers-devel-5.12.7-3.3.10 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): clang7-7.0.1-3.19.2 clang7-debuginfo-7.0.1-3.19.2 clang7-devel-7.0.1-3.19.2 double-conversion-debugsource-3.1.5-3.2.1 double-conversion-devel-3.1.5-3.2.1 libLLVM7-7.0.1-3.19.2 libLLVM7-debuginfo-7.0.1-3.19.2 libLTO7-7.0.1-3.19.2 libLTO7-debuginfo-7.0.1-3.19.2 libQtQuick5-5.12.7-4.2.1 libQtQuick5-debuginfo-5.12.7-4.2.1 libclang7-7.0.1-3.19.2 libclang7-debuginfo-7.0.1-3.19.2 libdouble-conversion3-3.1.5-3.2.1 libdouble-conversion3-debuginfo-3.1.5-3.2.1 libqt5-qtdeclarative-debugsource-5.12.7-4.2.1 libqt5-qtdeclarative-devel-5.12.7-4.2.1 libqt5-qtdeclarative-devel-debuginfo-5.12.7-4.2.1 libqt5-qtdeclarative-tools-5.12.7-4.2.1 libqt5-qtdeclarative-tools-debuginfo-5.12.7-4.2.1 llvm7-7.0.1-3.19.2 llvm7-LTO-devel-7.0.1-3.19.2 llvm7-debuginfo-7.0.1-3.19.2 llvm7-debugsource-7.0.1-3.19.2 llvm7-devel-7.0.1-3.19.2 llvm7-devel-debuginfo-7.0.1-3.19.2 llvm7-gold-7.0.1-3.19.2 llvm7-gold-debuginfo-7.0.1-3.19.2 llvm7-polly-7.0.1-3.19.2 llvm7-polly-debuginfo-7.0.1-3.19.2 llvm7-polly-devel-7.0.1-3.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le x86_64): libomp7-devel-7.0.1-3.19.2 libomp7-devel-debuginfo-7.0.1-3.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libLLVM7-32bit-7.0.1-3.19.2 libLLVM7-32bit-debuginfo-7.0.1-3.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): clang7-7.0.1-3.19.2 clang7-debuginfo-7.0.1-3.19.2 clang7-devel-7.0.1-3.19.2 double-conversion-debugsource-3.1.5-3.2.1 double-conversion-devel-3.1.5-3.2.1 libLLVM7-7.0.1-3.19.2 libLLVM7-debuginfo-7.0.1-3.19.2 libLTO7-7.0.1-3.19.2 libLTO7-debuginfo-7.0.1-3.19.2 libQtQuick5-5.12.7-4.2.1 libQtQuick5-debuginfo-5.12.7-4.2.1 libclang7-7.0.1-3.19.2 libclang7-debuginfo-7.0.1-3.19.2 libdouble-conversion3-3.1.5-3.2.1 libdouble-conversion3-debuginfo-3.1.5-3.2.1 libqt5-qtdeclarative-debugsource-5.12.7-4.2.1 libqt5-qtdeclarative-devel-5.12.7-4.2.1 libqt5-qtdeclarative-devel-debuginfo-5.12.7-4.2.1 libqt5-qtdeclarative-tools-5.12.7-4.2.1 libqt5-qtdeclarative-tools-debuginfo-5.12.7-4.2.1 llvm7-7.0.1-3.19.2 llvm7-LTO-devel-7.0.1-3.19.2 llvm7-debuginfo-7.0.1-3.19.2 llvm7-debugsource-7.0.1-3.19.2 llvm7-devel-7.0.1-3.19.2 llvm7-devel-debuginfo-7.0.1-3.19.2 llvm7-gold-7.0.1-3.19.2 llvm7-gold-debuginfo-7.0.1-3.19.2 llvm7-polly-7.0.1-3.19.2 llvm7-polly-debuginfo-7.0.1-3.19.2 llvm7-polly-devel-7.0.1-3.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le x86_64): libomp7-devel-7.0.1-3.19.2 libomp7-devel-debuginfo-7.0.1-3.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libLLVM7-32bit-7.0.1-3.19.2 libLLVM7-32bit-debuginfo-7.0.1-3.19.2 References: https://bugzilla.suse.com/1067478 https://bugzilla.suse.com/1109367 https://bugzilla.suse.com/1145085 https://bugzilla.suse.com/1184920 From sle-updates at lists.suse.com Mon May 17 19:15:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 May 2021 21:15:32 +0200 (CEST) Subject: SUSE-SU-2021:1622-1: important: Security update for the Linux Kernel Message-ID: <20210517191532.90FDAFDD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1622-1 Rating: important References: #1043990 #1055117 #1065729 #1152457 #1152489 #1155518 #1156395 #1167260 #1167574 #1168838 #1174416 #1174426 #1175995 #1178089 #1179243 #1179851 #1180846 #1181161 #1182613 #1183063 #1183203 #1183289 #1184208 #1184209 #1184436 #1184485 #1184514 #1184585 #1184650 #1184724 #1184728 #1184730 #1184731 #1184736 #1184737 #1184738 #1184740 #1184741 #1184742 #1184760 #1184811 #1184893 #1184934 #1184942 #1184957 #1184969 #1184984 #1185041 #1185113 #1185233 #1185244 #1185269 #1185365 #1185454 #1185472 #1185491 #1185549 #1185586 #1185587 Cross-References: CVE-2021-29155 CVE-2021-29650 CVSS scores: CVE-2021-29155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 57 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942). The following non-security bugs were fixed: - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - arm: dts: add imx7d pcf2127 fix to blacklist - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bsg: free the request before return error code (git-fixes). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: qcom: Put child node before return (git-fixes). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - dm raid: fix discard limits for raid1 (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: prevent ice_open and ice_stop during reset (git-fixes). - igb: check timestamp validity (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - iopoll: introduce read_poll_timeout macro (git-fixes). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000" (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - Move upstreamed i915 fix into sorted section - mt7601u: fix always true expression (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mtd: spi-nor: Rename "n25q512a" to "mt25qu512a (n25q512a)" (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - ocfs2: fix a use after free on error (bsc#1184738). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use "aer" variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use "bridge" for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move "dbi" accesses to post common DWC initialization (git-fixes). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rpm/constraints.in: bump disk space to 45GB on riscv64 - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - sata_mv: add IRQ checks (git-fixes). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: fix return value for unsupported ioctls (git-fixes). - usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - vxlan: move debug check after netdev unregister (git-fixes). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1622=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.47.2 kernel-source-azure-5.3.18-18.47.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.47.2 kernel-azure-debuginfo-5.3.18-18.47.2 kernel-azure-debugsource-5.3.18-18.47.2 kernel-azure-devel-5.3.18-18.47.2 kernel-azure-devel-debuginfo-5.3.18-18.47.2 kernel-syms-azure-5.3.18-18.47.1 References: https://www.suse.com/security/cve/CVE-2021-29155.html https://www.suse.com/security/cve/CVE-2021-29650.html https://bugzilla.suse.com/1043990 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1167260 https://bugzilla.suse.com/1167574 https://bugzilla.suse.com/1168838 https://bugzilla.suse.com/1174416 https://bugzilla.suse.com/1174426 https://bugzilla.suse.com/1175995 https://bugzilla.suse.com/1178089 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1179851 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1182613 https://bugzilla.suse.com/1183063 https://bugzilla.suse.com/1183203 https://bugzilla.suse.com/1183289 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1184436 https://bugzilla.suse.com/1184485 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184585 https://bugzilla.suse.com/1184650 https://bugzilla.suse.com/1184724 https://bugzilla.suse.com/1184728 https://bugzilla.suse.com/1184730 https://bugzilla.suse.com/1184731 https://bugzilla.suse.com/1184736 https://bugzilla.suse.com/1184737 https://bugzilla.suse.com/1184738 https://bugzilla.suse.com/1184740 https://bugzilla.suse.com/1184741 https://bugzilla.suse.com/1184742 https://bugzilla.suse.com/1184760 https://bugzilla.suse.com/1184811 https://bugzilla.suse.com/1184893 https://bugzilla.suse.com/1184934 https://bugzilla.suse.com/1184942 https://bugzilla.suse.com/1184957 https://bugzilla.suse.com/1184969 https://bugzilla.suse.com/1184984 https://bugzilla.suse.com/1185041 https://bugzilla.suse.com/1185113 https://bugzilla.suse.com/1185233 https://bugzilla.suse.com/1185244 https://bugzilla.suse.com/1185269 https://bugzilla.suse.com/1185365 https://bugzilla.suse.com/1185454 https://bugzilla.suse.com/1185472 https://bugzilla.suse.com/1185491 https://bugzilla.suse.com/1185549 https://bugzilla.suse.com/1185586 https://bugzilla.suse.com/1185587 From sle-updates at lists.suse.com Mon May 17 19:21:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 May 2021 21:21:17 +0200 (CEST) Subject: SUSE-SU-2021:1621-1: important: Security update for python3 Message-ID: <20210517192117.C93A8FDD6@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1621-1 Rating: important References: Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS-SAP SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Module for Web Scripting 12 HPE Helion Openstack 8 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for python3 fixes the following issues: Security issues fixed: - CVE-2020-27619: where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. (bsc#1178009) Other fixes: - Make sure to close the 'import_failed.map' file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1621=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1621=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1621=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1621=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1621=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1621=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1621=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1621=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1621=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1621=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1621=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1621=1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON: zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1621=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1621=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-1621=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1621=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 python3-devel-debuginfo-3.4.10-25.71.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 python3-devel-debuginfo-3.4.10-25.71.1 - SUSE OpenStack Cloud 9 (x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 python3-devel-debuginfo-3.4.10-25.71.1 - SUSE OpenStack Cloud 8 (x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 python3-devel-debuginfo-3.4.10-25.71.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-dbm-3.4.10-25.71.1 python3-dbm-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.71.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 python3-devel-debuginfo-3.4.10-25.71.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 python3-devel-debuginfo-3.4.10-25.71.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 python3-tk-3.4.10-25.71.1 python3-tk-debuginfo-3.4.10-25.71.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.71.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-32bit-3.4.10-25.71.1 python3-base-debuginfo-32bit-3.4.10-25.71.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.71.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.71.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 python3-devel-debuginfo-3.4.10-25.71.1 - SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 python3-devel-debuginfo-3.4.10-25.71.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 - HPE Helion Openstack 8 (x86_64): libpython3_4m1_0-3.4.10-25.71.1 libpython3_4m1_0-debuginfo-3.4.10-25.71.1 python3-3.4.10-25.71.1 python3-base-3.4.10-25.71.1 python3-base-debuginfo-3.4.10-25.71.1 python3-base-debugsource-3.4.10-25.71.1 python3-curses-3.4.10-25.71.1 python3-curses-debuginfo-3.4.10-25.71.1 python3-debuginfo-3.4.10-25.71.1 python3-debugsource-3.4.10-25.71.1 python3-devel-3.4.10-25.71.1 python3-devel-debuginfo-3.4.10-25.71.1 References: From sle-updates at lists.suse.com Mon May 17 19:22:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 May 2021 21:22:25 +0200 (CEST) Subject: SUSE-RU-2021:1620-1: moderate: Recommended update for SAPHanaSR-ScaleOut Message-ID: <20210517192225.E2EF6FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1620-1 Rating: moderate References: #1144442 #1182115 #1182545 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SAPHanaSR-ScaleOut fixes the following issues: - The resource start and stop timeout is now configurable by increasing the timeout for the action 'start' and/or 'stop'. (bsc#1182545) - Add return codes for saphana_stop and saphana_StopSystem. (bsc#1182115) - Man page SAPhanaSR-ScaleOut minor mistakes. (bsc#1144442) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-1620=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1620=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1620=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): SAPHanaSR-ScaleOut-0.164.2-3.20.1 SAPHanaSR-ScaleOut-doc-0.164.2-3.20.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): SAPHanaSR-ScaleOut-0.164.2-3.20.1 SAPHanaSR-ScaleOut-doc-0.164.2-3.20.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): SAPHanaSR-ScaleOut-0.164.2-3.20.1 SAPHanaSR-ScaleOut-doc-0.164.2-3.20.1 References: https://bugzilla.suse.com/1144442 https://bugzilla.suse.com/1182115 https://bugzilla.suse.com/1182545 From sle-updates at lists.suse.com Tue May 18 13:15:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 May 2021 15:15:51 +0200 (CEST) Subject: SUSE-SU-2021:1623-1: important: Security update for the Linux Kernel Message-ID: <20210518131551.35A84FDD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1623-1 Rating: important References: #1120163 #1152974 #1152975 #1155179 #1155184 #1155186 #1159483 #1165629 #1165823 #1172247 #1173485 #1176720 #1177411 #1177855 #1177856 #1178181 #1178634 #1179575 #1182047 #1182261 #1182715 #1182716 #1182717 #1183022 #1183069 #1183593 #1184120 #1184167 #1184168 #1184194 #1184198 #1184208 #1184211 #1184391 #1184393 #1184397 #1184509 #1184583 #1184611 #1185248 #1185555 #1185556 #1185557 Cross-References: CVE-2020-0433 CVE-2020-1749 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27673 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28950 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29650 CVE-2021-30002 CVE-2021-3483 CVSS scores: CVE-2020-0433 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0433 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-1749 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-27673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27673 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36312 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-20219 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28038 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP3 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 23 vulnerabilities and has 20 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a "stall on CPU" could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). - CVE-2020-1749: Fixed a flaw inside of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1165629). The following non-security bugs were fixed: - bluetooth: eliminate the potential race condition when removing the HCI controller (bsc#1184611). - Btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: Cleanup try_flush_qgroup (bsc#1182047). - btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: drop unused parameter qgroup_reserved (bsc#1182261). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1182261). - btrfs: fix qgroup_free wrong num_bytes in btrfs_subvolume_reserve_metadata (bsc#1182261). - btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: qgroup: Do not hold qgroup_ioctl_lock in btrfs_qgroup_inherit() (bsc#1165823). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855). - btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new qgroup (bsc#1165823). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: remove unused parameter from btrfs_subvolume_release_metadata (bsc#1182261). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - hv_netvsc: remove ndo_poll_controller (bsc#1185248). - KVM: Add proper lockdep assertion in I/O bus unregister (bsc#1185555). - KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1185556). - KVM: Stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1185557). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1623=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1623=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1623=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1623=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1623=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-1623=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1623=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): kernel-default-4.4.180-94.144.1 kernel-default-base-4.4.180-94.144.1 kernel-default-base-debuginfo-4.4.180-94.144.1 kernel-default-debuginfo-4.4.180-94.144.1 kernel-default-debugsource-4.4.180-94.144.1 kernel-default-devel-4.4.180-94.144.1 kernel-default-kgraft-4.4.180-94.144.1 kernel-syms-4.4.180-94.144.1 kgraft-patch-4_4_180-94_144-default-1-4.3.1 kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): kernel-devel-4.4.180-94.144.1 kernel-macros-4.4.180-94.144.1 kernel-source-4.4.180-94.144.1 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.144.1 kernel-macros-4.4.180-94.144.1 kernel-source-4.4.180-94.144.1 - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.144.1 kernel-default-base-4.4.180-94.144.1 kernel-default-base-debuginfo-4.4.180-94.144.1 kernel-default-debuginfo-4.4.180-94.144.1 kernel-default-debugsource-4.4.180-94.144.1 kernel-default-devel-4.4.180-94.144.1 kernel-default-kgraft-4.4.180-94.144.1 kernel-syms-4.4.180-94.144.1 kgraft-patch-4_4_180-94_144-default-1-4.3.1 kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.144.1 kernel-default-base-4.4.180-94.144.1 kernel-default-base-debuginfo-4.4.180-94.144.1 kernel-default-debuginfo-4.4.180-94.144.1 kernel-default-debugsource-4.4.180-94.144.1 kernel-default-devel-4.4.180-94.144.1 kernel-default-kgraft-4.4.180-94.144.1 kernel-syms-4.4.180-94.144.1 kgraft-patch-4_4_180-94_144-default-1-4.3.1 kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.144.1 kernel-macros-4.4.180-94.144.1 kernel-source-4.4.180-94.144.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.144.1 kernel-default-base-4.4.180-94.144.1 kernel-default-base-debuginfo-4.4.180-94.144.1 kernel-default-debuginfo-4.4.180-94.144.1 kernel-default-debugsource-4.4.180-94.144.1 kernel-default-devel-4.4.180-94.144.1 kernel-syms-4.4.180-94.144.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kernel-default-kgraft-4.4.180-94.144.1 kgraft-patch-4_4_180-94_144-default-1-4.3.1 kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.144.1 kernel-macros-4.4.180-94.144.1 kernel-source-4.4.180-94.144.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.144.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.144.1 kernel-default-base-4.4.180-94.144.1 kernel-default-base-debuginfo-4.4.180-94.144.1 kernel-default-debuginfo-4.4.180-94.144.1 kernel-default-debugsource-4.4.180-94.144.1 kernel-default-devel-4.4.180-94.144.1 kernel-syms-4.4.180-94.144.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.144.1 kernel-macros-4.4.180-94.144.1 kernel-source-4.4.180-94.144.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.144.1 cluster-md-kmp-default-debuginfo-4.4.180-94.144.1 dlm-kmp-default-4.4.180-94.144.1 dlm-kmp-default-debuginfo-4.4.180-94.144.1 gfs2-kmp-default-4.4.180-94.144.1 gfs2-kmp-default-debuginfo-4.4.180-94.144.1 kernel-default-debuginfo-4.4.180-94.144.1 kernel-default-debugsource-4.4.180-94.144.1 ocfs2-kmp-default-4.4.180-94.144.1 ocfs2-kmp-default-debuginfo-4.4.180-94.144.1 - HPE Helion Openstack 8 (noarch): kernel-devel-4.4.180-94.144.1 kernel-macros-4.4.180-94.144.1 kernel-source-4.4.180-94.144.1 - HPE Helion Openstack 8 (x86_64): kernel-default-4.4.180-94.144.1 kernel-default-base-4.4.180-94.144.1 kernel-default-base-debuginfo-4.4.180-94.144.1 kernel-default-debuginfo-4.4.180-94.144.1 kernel-default-debugsource-4.4.180-94.144.1 kernel-default-devel-4.4.180-94.144.1 kernel-default-kgraft-4.4.180-94.144.1 kernel-syms-4.4.180-94.144.1 kgraft-patch-4_4_180-94_144-default-1-4.3.1 kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1 References: https://www.suse.com/security/cve/CVE-2020-0433.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-27673.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-20219.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29650.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1152974 https://bugzilla.suse.com/1152975 https://bugzilla.suse.com/1155179 https://bugzilla.suse.com/1155184 https://bugzilla.suse.com/1155186 https://bugzilla.suse.com/1159483 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1165823 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1176720 https://bugzilla.suse.com/1177411 https://bugzilla.suse.com/1177855 https://bugzilla.suse.com/1177856 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1178634 https://bugzilla.suse.com/1179575 https://bugzilla.suse.com/1182047 https://bugzilla.suse.com/1182261 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183069 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184397 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184583 https://bugzilla.suse.com/1184611 https://bugzilla.suse.com/1185248 https://bugzilla.suse.com/1185555 https://bugzilla.suse.com/1185556 https://bugzilla.suse.com/1185557 From sle-updates at lists.suse.com Tue May 18 16:15:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 May 2021 18:15:58 +0200 (CEST) Subject: SUSE-SU-2021:1624-1: important: Security update for the Linux Kernel Message-ID: <20210518161558.6A948FDD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1624-1 Rating: important References: #1047233 #1172455 #1173485 #1176720 #1177411 #1178181 #1179454 #1180197 #1181960 #1182011 #1182672 #1182715 #1182716 #1182717 #1183022 #1183063 #1183069 #1183509 #1183593 #1183646 #1183686 #1183696 #1183775 #1184120 #1184167 #1184168 #1184170 #1184192 #1184193 #1184194 #1184196 #1184198 #1184208 #1184211 #1184388 #1184391 #1184393 #1184397 #1184509 #1184511 #1184512 #1184514 #1184583 #1184650 #1184942 #1185113 #1185244 Cross-References: CVE-2020-0433 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVSS scores: CVE-2020-0433 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0433 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27170 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27171 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27673 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36310 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36312 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-20219 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28038 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29647 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves 35 vulnerabilities and has 12 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a "stall on CPU" could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193). - CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170). - CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192). - CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775). - CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696). - CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). The following non-security bugs were fixed: - Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)" This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bfq: Fix kABI for update internal depth state when queue depth changes (bsc#1172455). - bfq: update internal depth state when queue depth changes (bsc#1172455). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - handle also the opposite type of race condition - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: store valid MAC address (bsc#1182011). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022, XSA-367). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1624=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1624=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1624=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1624=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1624=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1624=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1624=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1624=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1624=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1624=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1624=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): kernel-default-4.12.14-197.89.2 kernel-default-base-4.12.14-197.89.2 kernel-default-base-debuginfo-4.12.14-197.89.2 kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 kernel-default-devel-4.12.14-197.89.2 kernel-default-devel-debuginfo-4.12.14-197.89.2 kernel-obs-build-4.12.14-197.89.2 kernel-obs-build-debugsource-4.12.14-197.89.2 kernel-syms-4.12.14-197.89.2 reiserfs-kmp-default-4.12.14-197.89.2 reiserfs-kmp-default-debuginfo-4.12.14-197.89.2 - SUSE Manager Server 4.0 (noarch): kernel-devel-4.12.14-197.89.2 kernel-docs-4.12.14-197.89.3 kernel-macros-4.12.14-197.89.2 kernel-source-4.12.14-197.89.2 - SUSE Manager Server 4.0 (s390x): kernel-default-man-4.12.14-197.89.2 kernel-zfcpdump-debuginfo-4.12.14-197.89.2 kernel-zfcpdump-debugsource-4.12.14-197.89.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): kernel-default-4.12.14-197.89.2 kernel-default-base-4.12.14-197.89.2 kernel-default-base-debuginfo-4.12.14-197.89.2 kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 kernel-default-devel-4.12.14-197.89.2 kernel-default-devel-debuginfo-4.12.14-197.89.2 kernel-obs-build-4.12.14-197.89.2 kernel-obs-build-debugsource-4.12.14-197.89.2 kernel-syms-4.12.14-197.89.2 reiserfs-kmp-default-4.12.14-197.89.2 reiserfs-kmp-default-debuginfo-4.12.14-197.89.2 - SUSE Manager Retail Branch Server 4.0 (noarch): kernel-devel-4.12.14-197.89.2 kernel-docs-4.12.14-197.89.3 kernel-macros-4.12.14-197.89.2 kernel-source-4.12.14-197.89.2 - SUSE Manager Proxy 4.0 (noarch): kernel-devel-4.12.14-197.89.2 kernel-docs-4.12.14-197.89.3 kernel-macros-4.12.14-197.89.2 kernel-source-4.12.14-197.89.2 - SUSE Manager Proxy 4.0 (x86_64): kernel-default-4.12.14-197.89.2 kernel-default-base-4.12.14-197.89.2 kernel-default-base-debuginfo-4.12.14-197.89.2 kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 kernel-default-devel-4.12.14-197.89.2 kernel-default-devel-debuginfo-4.12.14-197.89.2 kernel-obs-build-4.12.14-197.89.2 kernel-obs-build-debugsource-4.12.14-197.89.2 kernel-syms-4.12.14-197.89.2 reiserfs-kmp-default-4.12.14-197.89.2 reiserfs-kmp-default-debuginfo-4.12.14-197.89.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-197.89.2 kernel-default-base-4.12.14-197.89.2 kernel-default-base-debuginfo-4.12.14-197.89.2 kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 kernel-default-devel-4.12.14-197.89.2 kernel-default-devel-debuginfo-4.12.14-197.89.2 kernel-obs-build-4.12.14-197.89.2 kernel-obs-build-debugsource-4.12.14-197.89.2 kernel-syms-4.12.14-197.89.2 reiserfs-kmp-default-4.12.14-197.89.2 reiserfs-kmp-default-debuginfo-4.12.14-197.89.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-197.89.2 kernel-docs-4.12.14-197.89.3 kernel-macros-4.12.14-197.89.2 kernel-source-4.12.14-197.89.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.89.2 kernel-default-base-4.12.14-197.89.2 kernel-default-base-debuginfo-4.12.14-197.89.2 kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 kernel-default-devel-4.12.14-197.89.2 kernel-default-devel-debuginfo-4.12.14-197.89.2 kernel-obs-build-4.12.14-197.89.2 kernel-obs-build-debugsource-4.12.14-197.89.2 kernel-syms-4.12.14-197.89.2 reiserfs-kmp-default-4.12.14-197.89.2 reiserfs-kmp-default-debuginfo-4.12.14-197.89.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.89.2 kernel-docs-4.12.14-197.89.3 kernel-macros-4.12.14-197.89.2 kernel-source-4.12.14-197.89.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-197.89.2 kernel-zfcpdump-debuginfo-4.12.14-197.89.2 kernel-zfcpdump-debugsource-4.12.14-197.89.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-197.89.2 kernel-docs-4.12.14-197.89.3 kernel-macros-4.12.14-197.89.2 kernel-source-4.12.14-197.89.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-197.89.2 kernel-default-base-4.12.14-197.89.2 kernel-default-base-debuginfo-4.12.14-197.89.2 kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 kernel-default-devel-4.12.14-197.89.2 kernel-default-devel-debuginfo-4.12.14-197.89.2 kernel-obs-build-4.12.14-197.89.2 kernel-obs-build-debugsource-4.12.14-197.89.2 kernel-syms-4.12.14-197.89.2 reiserfs-kmp-default-4.12.14-197.89.2 reiserfs-kmp-default-debuginfo-4.12.14-197.89.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 kernel-default-livepatch-4.12.14-197.89.2 kernel-default-livepatch-devel-4.12.14-197.89.2 kernel-livepatch-4_12_14-197_89-default-1-3.3.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-197.89.2 kernel-default-base-4.12.14-197.89.2 kernel-default-base-debuginfo-4.12.14-197.89.2 kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 kernel-default-devel-4.12.14-197.89.2 kernel-default-devel-debuginfo-4.12.14-197.89.2 kernel-obs-build-4.12.14-197.89.2 kernel-obs-build-debugsource-4.12.14-197.89.2 kernel-syms-4.12.14-197.89.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.89.2 kernel-docs-4.12.14-197.89.3 kernel-macros-4.12.14-197.89.2 kernel-source-4.12.14-197.89.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-197.89.2 kernel-default-base-4.12.14-197.89.2 kernel-default-base-debuginfo-4.12.14-197.89.2 kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 kernel-default-devel-4.12.14-197.89.2 kernel-default-devel-debuginfo-4.12.14-197.89.2 kernel-obs-build-4.12.14-197.89.2 kernel-obs-build-debugsource-4.12.14-197.89.2 kernel-syms-4.12.14-197.89.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-197.89.2 kernel-docs-4.12.14-197.89.3 kernel-macros-4.12.14-197.89.2 kernel-source-4.12.14-197.89.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.89.2 cluster-md-kmp-default-debuginfo-4.12.14-197.89.2 dlm-kmp-default-4.12.14-197.89.2 dlm-kmp-default-debuginfo-4.12.14-197.89.2 gfs2-kmp-default-4.12.14-197.89.2 gfs2-kmp-default-debuginfo-4.12.14-197.89.2 kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 ocfs2-kmp-default-4.12.14-197.89.2 ocfs2-kmp-default-debuginfo-4.12.14-197.89.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-197.89.2 kernel-default-base-4.12.14-197.89.2 kernel-default-base-debuginfo-4.12.14-197.89.2 kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 kernel-default-devel-4.12.14-197.89.2 kernel-default-devel-debuginfo-4.12.14-197.89.2 kernel-obs-build-4.12.14-197.89.2 kernel-obs-build-debugsource-4.12.14-197.89.2 kernel-syms-4.12.14-197.89.2 reiserfs-kmp-default-4.12.14-197.89.2 reiserfs-kmp-default-debuginfo-4.12.14-197.89.2 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-197.89.2 kernel-docs-4.12.14-197.89.3 kernel-macros-4.12.14-197.89.2 kernel-source-4.12.14-197.89.2 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-197.89.2 kernel-docs-4.12.14-197.89.3 kernel-macros-4.12.14-197.89.2 kernel-source-4.12.14-197.89.2 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-197.89.2 kernel-default-base-4.12.14-197.89.2 kernel-default-base-debuginfo-4.12.14-197.89.2 kernel-default-debuginfo-4.12.14-197.89.2 kernel-default-debugsource-4.12.14-197.89.2 kernel-default-devel-4.12.14-197.89.2 kernel-default-devel-debuginfo-4.12.14-197.89.2 kernel-obs-build-4.12.14-197.89.2 kernel-obs-build-debugsource-4.12.14-197.89.2 kernel-syms-4.12.14-197.89.2 reiserfs-kmp-default-4.12.14-197.89.2 reiserfs-kmp-default-debuginfo-4.12.14-197.89.2 References: https://www.suse.com/security/cve/CVE-2020-0433.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-27170.html https://www.suse.com/security/cve/CVE-2020-27171.html https://www.suse.com/security/cve/CVE-2020-27673.html https://www.suse.com/security/cve/CVE-2020-27815.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-20219.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-28964.html https://www.suse.com/security/cve/CVE-2021-28971.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-29155.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29647.html https://www.suse.com/security/cve/CVE-2021-29650.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3428.html https://www.suse.com/security/cve/CVE-2021-3444.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1172455 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1176720 https://bugzilla.suse.com/1177411 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1179454 https://bugzilla.suse.com/1180197 https://bugzilla.suse.com/1181960 https://bugzilla.suse.com/1182011 https://bugzilla.suse.com/1182672 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183063 https://bugzilla.suse.com/1183069 https://bugzilla.suse.com/1183509 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183686 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1183775 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184192 https://bugzilla.suse.com/1184193 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184196 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184397 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184583 https://bugzilla.suse.com/1184650 https://bugzilla.suse.com/1184942 https://bugzilla.suse.com/1185113 https://bugzilla.suse.com/1185244 From sle-updates at lists.suse.com Tue May 18 16:20:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 May 2021 18:20:52 +0200 (CEST) Subject: SUSE-SU-2021:1625-1: important: Security update for the Linux Kernel Message-ID: <20210518162052.B3964FDD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1625-1 Rating: important References: #1047233 #1065729 #1113295 #1152472 #1152489 #1153274 #1154353 #1155518 #1156256 #1156395 #1159280 #1160634 #1167773 #1168777 #1169514 #1169709 #1171295 #1173485 #1177326 #1178163 #1178181 #1178330 #1179454 #1180197 #1180980 #1181383 #1181507 #1181674 #1181862 #1182011 #1182077 #1182485 #1182552 #1182574 #1182591 #1182595 #1182712 #1182713 #1182715 #1182716 #1182717 #1182770 #1182989 #1183015 #1183018 #1183022 #1183023 #1183048 #1183252 #1183277 #1183278 #1183279 #1183280 #1183281 #1183282 #1183283 #1183284 #1183285 #1183286 #1183287 #1183288 #1183366 #1183369 #1183386 #1183405 #1183412 #1183416 #1183427 #1183428 #1183445 #1183447 #1183501 #1183509 #1183530 #1183534 #1183540 #1183593 #1183596 #1183598 #1183637 #1183646 #1183662 #1183686 #1183692 #1183696 #1183750 #1183757 #1183775 #1183843 #1183859 #1183871 #1184074 #1184120 #1184167 #1184168 #1184170 #1184176 #1184192 #1184193 #1184194 #1184196 #1184198 #1184211 #1184217 #1184218 #1184219 #1184220 #1184224 #1184388 #1184391 #1184393 #1184509 #1184511 #1184512 #1184514 #1184583 #1184647 Cross-References: CVE-2019-18814 CVE-2019-19769 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVSS scores: CVE-2019-18814 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-18814 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-19769 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2019-19769 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27170 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27171 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36310 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36312 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28038 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28375 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28375 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29647 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.0 ______________________________________________________________________________ An update that solves 32 vulnerabilities and has 85 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix "RANGE setting not yet supported" errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - certs: Fix blacklist flag type confusion (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes - drm/amd/powerplay: fix spelling mistake "smu_state_memroy_block" -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) - drm/panfrost: Fix job timeout handling (bsc#1152472) - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - ionic: linearize tso skb with too many frags (bsc#1167773). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ("kvm: tracing: Fix unmatched kvm_entry and kvm_exit events", bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix ".cold" section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - Revert "net: bonding: fix error return code of bond_neigh_init()" (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - stop_machine: mark helpers __always_inline (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: fix setting irq affinity (bsc#1184583). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1625=1 Package List: - SUSE MicroOS 5.0 (x86_64): kernel-rt-5.3.18-8.7.1 kernel-rt-debuginfo-5.3.18-8.7.1 kernel-rt-debugsource-5.3.18-8.7.1 References: https://www.suse.com/security/cve/CVE-2019-18814.html https://www.suse.com/security/cve/CVE-2019-19769.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-27170.html https://www.suse.com/security/cve/CVE-2020-27171.html https://www.suse.com/security/cve/CVE-2020-27815.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28375.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-28964.html https://www.suse.com/security/cve/CVE-2021-28971.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29647.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3428.html https://www.suse.com/security/cve/CVE-2021-3444.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156256 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1159280 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1168777 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169709 https://bugzilla.suse.com/1171295 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1177326 https://bugzilla.suse.com/1178163 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1178330 https://bugzilla.suse.com/1179454 https://bugzilla.suse.com/1180197 https://bugzilla.suse.com/1180980 https://bugzilla.suse.com/1181383 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1181674 https://bugzilla.suse.com/1181862 https://bugzilla.suse.com/1182011 https://bugzilla.suse.com/1182077 https://bugzilla.suse.com/1182485 https://bugzilla.suse.com/1182552 https://bugzilla.suse.com/1182574 https://bugzilla.suse.com/1182591 https://bugzilla.suse.com/1182595 https://bugzilla.suse.com/1182712 https://bugzilla.suse.com/1182713 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1182770 https://bugzilla.suse.com/1182989 https://bugzilla.suse.com/1183015 https://bugzilla.suse.com/1183018 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183023 https://bugzilla.suse.com/1183048 https://bugzilla.suse.com/1183252 https://bugzilla.suse.com/1183277 https://bugzilla.suse.com/1183278 https://bugzilla.suse.com/1183279 https://bugzilla.suse.com/1183280 https://bugzilla.suse.com/1183281 https://bugzilla.suse.com/1183282 https://bugzilla.suse.com/1183283 https://bugzilla.suse.com/1183284 https://bugzilla.suse.com/1183285 https://bugzilla.suse.com/1183286 https://bugzilla.suse.com/1183287 https://bugzilla.suse.com/1183288 https://bugzilla.suse.com/1183366 https://bugzilla.suse.com/1183369 https://bugzilla.suse.com/1183386 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1183412 https://bugzilla.suse.com/1183416 https://bugzilla.suse.com/1183427 https://bugzilla.suse.com/1183428 https://bugzilla.suse.com/1183445 https://bugzilla.suse.com/1183447 https://bugzilla.suse.com/1183501 https://bugzilla.suse.com/1183509 https://bugzilla.suse.com/1183530 https://bugzilla.suse.com/1183534 https://bugzilla.suse.com/1183540 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1183596 https://bugzilla.suse.com/1183598 https://bugzilla.suse.com/1183637 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183662 https://bugzilla.suse.com/1183686 https://bugzilla.suse.com/1183692 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1183750 https://bugzilla.suse.com/1183757 https://bugzilla.suse.com/1183775 https://bugzilla.suse.com/1183843 https://bugzilla.suse.com/1183859 https://bugzilla.suse.com/1183871 https://bugzilla.suse.com/1184074 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184176 https://bugzilla.suse.com/1184192 https://bugzilla.suse.com/1184193 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184196 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184217 https://bugzilla.suse.com/1184218 https://bugzilla.suse.com/1184219 https://bugzilla.suse.com/1184220 https://bugzilla.suse.com/1184224 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184583 https://bugzilla.suse.com/1184647 From sle-updates at lists.suse.com Tue May 18 19:15:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 May 2021 21:15:26 +0200 (CEST) Subject: SUSE-RU-2021:1626-1: moderate: Recommended update for prometheus-ha_cluster_exporter Message-ID: <20210518191526.35B00FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1626-1 Rating: moderate References: #1184422 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for prometheus-ha_cluster_exporter fixes the following issues: - Add parsing of the `crm_config` node in the CIB parser. - Update the minimum required Go version to 1.14. - Avoid duplicate metric recording errors for non-running OCFS resources. (bsc#1184422) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-1626=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1626=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1626=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64): prometheus-ha_cluster_exporter-1.2.2+git.1620117406.cf586eb-4.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): prometheus-ha_cluster_exporter-1.2.2+git.1620117406.cf586eb-4.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): prometheus-ha_cluster_exporter-1.2.2+git.1620117406.cf586eb-4.17.1 References: https://bugzilla.suse.com/1184422 From sle-updates at lists.suse.com Tue May 18 19:16:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 May 2021 21:16:26 +0200 (CEST) Subject: SUSE-RU-2021:1627-1: moderate: Recommended update for resource-agents Message-ID: <20210518191627.00186FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1627-1 Rating: moderate References: #1177796 #1178680 #1179977 #1180590 #1183971 #1184607 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - A bug was fixed where the stop operation failed if /root/.profile has unexpected content (bsc#1179977) - Fixed an issue when 'ethmonitor' bloats journal with warnings for VLAN devices. (bsc#1177796) - Fixed an issue when azure-events puts both nodes in standby. (bsc#1183971) - Fixed an issue when resource agent is unavailable using 'o2auth' client. (bsc#1184607) - Fixed an issue when the resource agent 'stop operation' fails if the profile has an unexpected content. (bsc#1179977) - Fixed an issue when HA-LVM systemid race condition introduces an error "active on 2 nodes". (bsc#1178680) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1627=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ldirectord-4.4.0+git57.70549516-3.23.1 resource-agents-4.4.0+git57.70549516-3.23.1 resource-agents-debuginfo-4.4.0+git57.70549516-3.23.1 resource-agents-debugsource-4.4.0+git57.70549516-3.23.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): monitoring-plugins-metadata-4.4.0+git57.70549516-3.23.1 References: https://bugzilla.suse.com/1177796 https://bugzilla.suse.com/1178680 https://bugzilla.suse.com/1179977 https://bugzilla.suse.com/1180590 https://bugzilla.suse.com/1183971 https://bugzilla.suse.com/1184607 From sle-updates at lists.suse.com Tue May 18 22:15:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 00:15:41 +0200 (CEST) Subject: SUSE-RU-2021:1628-1: critical: Recommended update for yast2-network Message-ID: <20210518221541.30F80FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1628-1 Rating: critical References: #1185967 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network fixes the following issues: - Write IP addresses in order preventing an alias to set the primary IP address. (bsc#1185967) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1628=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-1628=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-network-4.2.99-3.58.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): yast2-network-4.2.99-3.58.1 References: https://bugzilla.suse.com/1185967 From sle-updates at lists.suse.com Wed May 19 07:15:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 09:15:32 +0200 (CEST) Subject: SUSE-RU-2021:1629-1: Recommended update for dovecot Message-ID: <20210519071532.1F701FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for dovecot ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1629-1 Rating: low References: #1185074 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dovecot fixes the following issues: - Using /run instead of /var/run which was deprecated (bsc#1185074) - The home directories of the internal users was moved from /var/run/dovecot to /run/dovecot as well. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1629=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): dovecot-2.2-4.3.1 References: https://bugzilla.suse.com/1185074 From sle-updates at lists.suse.com Wed May 19 13:17:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 15:17:21 +0200 (CEST) Subject: SUSE-RU-2021:1634-1: moderate: Recommended update for ntp Message-ID: <20210519131721.C1773FF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for ntp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1634-1 Rating: moderate References: #1036505 #1183513 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ntp fixes the following issues: - Refactor the key handling in %post so that it does not overwrite user settings (bsc#1036505, bsc#1183513). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1634=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p15-91.1 ntp-debuginfo-4.2.8p15-91.1 ntp-debugsource-4.2.8p15-91.1 ntp-doc-4.2.8p15-91.1 References: https://bugzilla.suse.com/1036505 https://bugzilla.suse.com/1183513 From sle-updates at lists.suse.com Wed May 19 13:18:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 15:18:31 +0200 (CEST) Subject: SUSE-RU-2021:1630-1: moderate: Recommended update for crmsh Message-ID: <20210519131831.AA60FFF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1630-1 Rating: moderate References: #1178118 #1181906 #1183359 #1183654 #1183689 #1183883 #1185437 ECO-3567 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has 7 recommended fixes and contains one feature can now be installed. Description: This update for crmsh fixes the following issues: - Update to version 4.3.0: * Fix: bootstrap: add sbd via bootstrap stage on an existing cluster (bsc#1181906) * Fix: bootstrap: change StrictHostKeyChecking=no as a constants(bsc#1185437) * Dev: bootstrap: disable unnecessary warnings (bsc#1178118) * Fix: bootstrap: sync corosync.conf before finished joining(bsc#1183359) * Dev: add "crm corosync status qdevice" sub-command * Dev: ui_cluster: add qdevice help info * Fix for bootstrap: parse space in sbd device correctly. (bsc#1183883) * Fix for bootstrap: get the peer node name correctly. (bsc#1183654) * Update version and author. (bsc#1183689) * Dev: bootstrap: enable configuring qdevice on interactive mode. (jsc#ECO-3567) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-1630=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1630=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (noarch): crmsh-4.3.0+20210507.bf02d791-5.50.1 crmsh-scripts-4.3.0+20210507.bf02d791-5.50.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.3.0+20210507.bf02d791-5.50.1 crmsh-scripts-4.3.0+20210507.bf02d791-5.50.1 References: https://bugzilla.suse.com/1178118 https://bugzilla.suse.com/1181906 https://bugzilla.suse.com/1183359 https://bugzilla.suse.com/1183654 https://bugzilla.suse.com/1183689 https://bugzilla.suse.com/1183883 https://bugzilla.suse.com/1185437 From sle-updates at lists.suse.com Wed May 19 13:20:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 15:20:01 +0200 (CEST) Subject: SUSE-RU-2021:1632-1: moderate: Recommended update for crmsh Message-ID: <20210519132001.8A2A4FF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1632-1 Rating: moderate References: #1178118 #1180126 #1180332 #1181415 #1181906 #1181907 #1183359 #1183654 #1183689 #1183883 #1185437 ECO-3567 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has 11 recommended fixes and contains one feature can now be installed. Description: This update for crmsh fixes the following issues: - Update to version 4.3.0: * Fix: bootstrap: add sbd via bootstrap stage on an existing cluster (bsc#1181906) * Fix: bootstrap: change StrictHostKeyChecking=no as a constants(bsc#1185437) * Dev: bootstrap: disable unnecessary warnings (bsc#1178118) * Fix: bootstrap: sync corosync.conf before finished joining(bsc#1183359) * Dev: add "crm corosync status qdevice" sub-command * Dev: ui_cluster: add qdevice help info * Dev: ui_cluster: enable/disable corosync-qdevice.service * Fix for bootstrap: parse space in sbd device correctly. (bsc#1183883) * Fix for bootstrap: get the peer node name correctly. (bsc#1183654) * Update version and author. (bsc#1183689) * Bootstrap development: enable configuring qdevice on interactive mode. (jsc#ECO-3567) * Fix for ui_resource: change return code and error to warning for some unharmful actions. (bsc#1180332) * Fix for bootstrap: raise warning when configuring diskless SBD with node's count less than 3. (bsc#1181907) * Fix for bootstrap: Adjust qdevice configure/remove process to avoid race condition due to quorum lost. (bsc#1181415) * Fix for ui_configure: raise error when params not exist. (bsc#1180126) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-1632=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.3.0+20210507.bf02d791-3.67.2 crmsh-scripts-4.3.0+20210507.bf02d791-3.67.2 References: https://bugzilla.suse.com/1178118 https://bugzilla.suse.com/1180126 https://bugzilla.suse.com/1180332 https://bugzilla.suse.com/1181415 https://bugzilla.suse.com/1181906 https://bugzilla.suse.com/1181907 https://bugzilla.suse.com/1183359 https://bugzilla.suse.com/1183654 https://bugzilla.suse.com/1183689 https://bugzilla.suse.com/1183883 https://bugzilla.suse.com/1185437 From sle-updates at lists.suse.com Wed May 19 13:21:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 15:21:53 +0200 (CEST) Subject: SUSE-RU-2021:1633-1: moderate: Recommended update for yast2-pkg-bindings Message-ID: <20210519132153.00FABFF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-pkg-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1633-1 Rating: moderate References: #1185240 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server Installer 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-pkg-bindings fixes the following issues: - Ensure that the installer is updated with the latest packages from the installer updates repository. (bsc#1185240) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1633=1 - SUSE Linux Enterprise Server Installer 12-SP5: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP5-2021-1633=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1633=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): yast2-pkg-bindings-devel-doc-3.2.9-3.6.1 - SUSE Linux Enterprise Server Installer 12-SP5 (aarch64 ppc64le s390x x86_64): yast2-pkg-bindings-3.2.9-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): yast2-pkg-bindings-3.2.9-3.6.1 yast2-pkg-bindings-debuginfo-3.2.9-3.6.1 yast2-pkg-bindings-debugsource-3.2.9-3.6.1 References: https://bugzilla.suse.com/1185240 From sle-updates at lists.suse.com Wed May 19 13:23:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 15:23:01 +0200 (CEST) Subject: SUSE-RU-2021:1631-1: moderate: Recommended update for yast2-pkg-bindings Message-ID: <20210519132301.8F4F2FF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-pkg-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1631-1 Rating: moderate References: #1067007 #1185240 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-pkg-bindings fixes the following issues: - Ensure that the installer is updated with the latest packages from the installer updates repository. (bsc#1185240) - Fixed 'Pkg.ExpandedUrl' to return also the password part of the URL. (bsc#1067007) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1631=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1631=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1631=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1631=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1631=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1631=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): yast2-pkg-bindings-3.2.5.1-2.6.1 yast2-pkg-bindings-debuginfo-3.2.5.1-2.6.1 yast2-pkg-bindings-debugsource-3.2.5.1-2.6.1 - SUSE OpenStack Cloud 8 (x86_64): yast2-pkg-bindings-3.2.5.1-2.6.1 yast2-pkg-bindings-debuginfo-3.2.5.1-2.6.1 yast2-pkg-bindings-debugsource-3.2.5.1-2.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): yast2-pkg-bindings-3.2.5.1-2.6.1 yast2-pkg-bindings-debuginfo-3.2.5.1-2.6.1 yast2-pkg-bindings-debugsource-3.2.5.1-2.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): yast2-pkg-bindings-3.2.5.1-2.6.1 yast2-pkg-bindings-debuginfo-3.2.5.1-2.6.1 yast2-pkg-bindings-debugsource-3.2.5.1-2.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): yast2-pkg-bindings-3.2.5.1-2.6.1 yast2-pkg-bindings-debuginfo-3.2.5.1-2.6.1 yast2-pkg-bindings-debugsource-3.2.5.1-2.6.1 - HPE Helion Openstack 8 (x86_64): yast2-pkg-bindings-3.2.5.1-2.6.1 yast2-pkg-bindings-debuginfo-3.2.5.1-2.6.1 yast2-pkg-bindings-debugsource-3.2.5.1-2.6.1 References: https://bugzilla.suse.com/1067007 https://bugzilla.suse.com/1185240 From sle-updates at lists.suse.com Wed May 19 16:18:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:18:01 +0200 (CEST) Subject: SUSE-RU-2021:1643-1: important: Recommended update for pam Message-ID: <20210519161801.0A9FFFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1643-1 Rating: important References: #1181443 #1184358 #1185562 Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require "systemd-32bit" to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1643=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1643=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1643=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1643=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1643=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1643=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1643=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1643=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1643=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1643=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1643=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1643=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1643=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1643=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1643=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1643=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1643=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1643=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE Manager Server 4.0 (x86_64): pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 - SUSE Manager Server 4.0 (noarch): pam-doc-1.3.0-6.38.1 - SUSE Manager Retail Branch Server 4.0 (noarch): pam-doc-1.3.0-6.38.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): pam-1.3.0-6.38.1 pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE Manager Proxy 4.0 (x86_64): pam-1.3.0-6.38.1 pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE Manager Proxy 4.0 (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): pam-1.3.0-6.38.1 pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): pam-32bit-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): pam-32bit-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): pam-doc-1.3.0-6.38.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): pam-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE Enterprise Storage 6 (x86_64): pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 - SUSE Enterprise Storage 6 (noarch): pam-doc-1.3.0-6.38.1 - SUSE CaaS Platform 4.0 (x86_64): pam-1.3.0-6.38.1 pam-32bit-1.3.0-6.38.1 pam-32bit-debuginfo-1.3.0-6.38.1 pam-debuginfo-1.3.0-6.38.1 pam-debugsource-1.3.0-6.38.1 pam-devel-1.3.0-6.38.1 pam-devel-32bit-1.3.0-6.38.1 pam-extra-1.3.0-6.38.1 pam-extra-32bit-1.3.0-6.38.1 pam-extra-32bit-debuginfo-1.3.0-6.38.1 pam-extra-debuginfo-1.3.0-6.38.1 - SUSE CaaS Platform 4.0 (noarch): pam-doc-1.3.0-6.38.1 References: https://bugzilla.suse.com/1181443 https://bugzilla.suse.com/1184358 https://bugzilla.suse.com/1185562 From sle-updates at lists.suse.com Wed May 19 16:19:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:19:25 +0200 (CEST) Subject: SUSE-RU-2021:1635-1: moderate: Recommended update for s390-tools Message-ID: <20210519161925.48584FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1635-1 Rating: moderate References: #1182816 #1182820 #1185732 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for s390-tools fixes the following issues: - Fix bad file descriptor error when running on symlinks. (bsc#1185732) - Add a fflush(stdout) statement so that the dasdfmt command would produce the correct output for YaST. (bsc#1182816, bsc#1182820) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1635=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): osasnmpd-2.11.0-9.26.1 osasnmpd-debuginfo-2.11.0-9.26.1 s390-tools-2.11.0-9.26.1 s390-tools-debuginfo-2.11.0-9.26.1 s390-tools-debugsource-2.11.0-9.26.1 s390-tools-hmcdrvfs-2.11.0-9.26.1 s390-tools-hmcdrvfs-debuginfo-2.11.0-9.26.1 s390-tools-zdsfs-2.11.0-9.26.1 s390-tools-zdsfs-debuginfo-2.11.0-9.26.1 References: https://bugzilla.suse.com/1182816 https://bugzilla.suse.com/1182820 https://bugzilla.suse.com/1185732 From sle-updates at lists.suse.com Wed May 19 16:20:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:20:38 +0200 (CEST) Subject: SUSE-SU-2021:1637-1: moderate: Security update for python-httplib2 Message-ID: <20210519162038.C61BEFF0F@maintenance.suse.de> SUSE Security Update: Security update for python-httplib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1637-1 Rating: moderate References: #1171998 #1182053 Cross-References: CVE-2020-11078 CVE-2021-21240 CVSS scores: CVE-2020-11078 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2020-11078 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2021-21240 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21240 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header (bsc#1182053). - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body (bsc#1171998). Non security fixes included in this update: - Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240) - update to 0.19.0: * auth: parse headers using pyparsing instead of regexp * auth: WSSE token needs to be string not bytes - update to 0.18.1: (bsc#1171998, CVE-2020-11078) * explicit build-backend workaround for pip build isolation bug * IMPORTANT security vulnerability CWE-93 CRLF injection Force %xx quote of space, CR, LF characters in uri. * Ship test suite in source dist - Update to 0.17.1 * python3: no_proxy was not checked with https * feature: Http().redirect_codes set, works after follow(_all)_redirects check This allows one line workaround for old gcloud library that uses 308 response without redirect semantics. * IMPORTANT cache invalidation change, fix 307 keep method, add 308 Redirects * proxy: username/password as str compatible with pysocks * python2: regression in connect() error handling * add support for password protected certificate files * feature: Http.close() to clean persistent connections and sensitive data - Update to 0.14.0: * Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError - version update to 0.13.1 0.13.1 * Python3: Use no_proxy https://github.com/httplib2/httplib2/pull/140 0.13.0 * Allow setting TLS max/min versions https://github.com/httplib2/httplib2/pull/138 0.12.3 * No changes to library. Distribute py3 wheels. 0.12.1 * Catch socket timeouts and clear dead connection https://github.com/httplib2/httplib2/issues/18 https://github.com/httplib2/httplib2/pull/111 * Officially support Python 3.7 (package metadata) https://github.com/httplib2/httplib2/issues/123 0.12.0 * Drop support for Python 3.3 * ca_certs from environment HTTPLIB2_CA_CERTS or certifi https://github.com/httplib2/httplib2/pull/117 * PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required https://github.com/httplib2/httplib2/pull/115 * Revert http:443->https workaround https://github.com/httplib2/httplib2/issues/112 * eliminate connection pool read race https://github.com/httplib2/httplib2/pull/110 * cache: stronger safename https://github.com/httplib2/httplib2/pull/101 0.11.3 * No changes, just reupload of 0.11.2 after fixing automatic release conditions in Travis. 0.11.2 * proxy: py3 NameError basestring https://github.com/httplib2/httplib2/pull/100 0.11.1 * Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info https://github.com/httplib2/httplib2/pull/97 0.11.0 * Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5 https://github.com/httplib2/httplib2/pull/91 * python3 proxy support https://github.com/httplib2/httplib2/pull/90 * If no_proxy environment value ends with comma then proxy is not used https://github.com/httplib2/httplib2/issues/11 * fix UnicodeDecodeError using socks5 proxy https://github.com/httplib2/httplib2/pull/64 * Respect NO_PROXY env var in proxy_info_from_url https://github.com/httplib2/httplib2/pull/58 * NO_PROXY=bar was matching foobar (suffix without dot delimiter) New behavior matches curl/wget: - no_proxy=foo.bar will only skip proxy for exact hostname match - no_proxy=.wild.card will skip proxy for any.subdomains.wild.card https://github.com/httplib2/httplib2/issues/94 * Bugfix for Content-Encoding: deflate https://stackoverflow.com/a/22311297 - deleted patches - Removing certifi patch: httplib2 started to use certifi and this is already bent to use system certificate bundle by another patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2021-1637=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-httplib2-0.19.0-1.8.1 References: https://www.suse.com/security/cve/CVE-2020-11078.html https://www.suse.com/security/cve/CVE-2021-21240.html https://bugzilla.suse.com/1171998 https://bugzilla.suse.com/1182053 From sle-updates at lists.suse.com Wed May 19 16:21:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:21:56 +0200 (CEST) Subject: SUSE-SU-2021:1649-1: important: Security update for djvulibre Message-ID: <20210519162156.C50C8FF0F@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1649-1 Rating: important References: #1185895 #1185900 #1185904 #1185905 Cross-References: CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVSS scores: CVE-2021-32490 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32491 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32492 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2021-32490 [bsc#1185895], Out of bounds write in function DJVU:filter_bv() via crafted djvu file - CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904], Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1649=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1649=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1649=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1649=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1649=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1649=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1649=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1649=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1649=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1649=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1649=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1649=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1649=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Manager Proxy 4.0 (x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 - SUSE CaaS Platform 4.0 (x86_64): djvulibre-debuginfo-3.5.27-3.11.1 djvulibre-debugsource-3.5.27-3.11.1 libdjvulibre-devel-3.5.27-3.11.1 libdjvulibre21-3.5.27-3.11.1 libdjvulibre21-debuginfo-3.5.27-3.11.1 References: https://www.suse.com/security/cve/CVE-2021-32490.html https://www.suse.com/security/cve/CVE-2021-32491.html https://www.suse.com/security/cve/CVE-2021-32492.html https://www.suse.com/security/cve/CVE-2021-32493.html https://bugzilla.suse.com/1185895 https://bugzilla.suse.com/1185900 https://bugzilla.suse.com/1185904 https://bugzilla.suse.com/1185905 From sle-updates at lists.suse.com Wed May 19 16:23:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:23:23 +0200 (CEST) Subject: SUSE-SU-2021:14728-1: important: Security update for djvulibre Message-ID: <20210519162323.A8907FF0F@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14728-1 Rating: important References: #1185900 #1185904 #1185905 Cross-References: CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVSS scores: CVE-2021-32491 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32492 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-djvulibre-14728=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-djvulibre-14728=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-djvulibre-14728=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-djvulibre-14728=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libdjvulibre21-3.5.21-3.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libdjvulibre21-3.5.21-3.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): djvulibre-debuginfo-3.5.21-3.9.1 djvulibre-debugsource-3.5.21-3.9.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): djvulibre-debuginfo-3.5.21-3.9.1 djvulibre-debugsource-3.5.21-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-32491.html https://www.suse.com/security/cve/CVE-2021-32492.html https://www.suse.com/security/cve/CVE-2021-32493.html https://bugzilla.suse.com/1185900 https://bugzilla.suse.com/1185904 https://bugzilla.suse.com/1185905 From sle-updates at lists.suse.com Wed May 19 16:24:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:24:38 +0200 (CEST) Subject: SUSE-RU-2021:1644-1: moderate: Recommended update for xen Message-ID: <20210519162438.C1C21FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for xen ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1644-1 Rating: moderate References: #1183790 #1185021 #1185196 #1185682 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for xen fixes the following issues: - Make sure xencommons is in a format as expected by fillup. (bsc#1185682) Each comment needs to be followed by an enabled key. Otherwise fillup will remove manually enabled key=value pairs, along with everything that looks like a stale comment, during next pkg update - A recent systemd update caused a regression in xenstored.service systemd now fails to track units that use systemd-notify (bsc#1183790) - Added a delay between the call to systemd-notify and the final exit of the wrapper script (bsc#1185021, bsc#1185196) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1644=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1644=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1644=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1644=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1644=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1644=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_18-3.86.1 xen-debugsource-4.9.4_18-3.86.1 xen-doc-html-4.9.4_18-3.86.1 xen-libs-32bit-4.9.4_18-3.86.1 xen-libs-4.9.4_18-3.86.1 xen-libs-debuginfo-32bit-4.9.4_18-3.86.1 xen-libs-debuginfo-4.9.4_18-3.86.1 xen-tools-4.9.4_18-3.86.1 xen-tools-debuginfo-4.9.4_18-3.86.1 xen-tools-domU-4.9.4_18-3.86.1 xen-tools-domU-debuginfo-4.9.4_18-3.86.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_18-3.86.1 xen-debugsource-4.9.4_18-3.86.1 xen-doc-html-4.9.4_18-3.86.1 xen-libs-32bit-4.9.4_18-3.86.1 xen-libs-4.9.4_18-3.86.1 xen-libs-debuginfo-32bit-4.9.4_18-3.86.1 xen-libs-debuginfo-4.9.4_18-3.86.1 xen-tools-4.9.4_18-3.86.1 xen-tools-debuginfo-4.9.4_18-3.86.1 xen-tools-domU-4.9.4_18-3.86.1 xen-tools-domU-debuginfo-4.9.4_18-3.86.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_18-3.86.1 xen-debugsource-4.9.4_18-3.86.1 xen-doc-html-4.9.4_18-3.86.1 xen-libs-32bit-4.9.4_18-3.86.1 xen-libs-4.9.4_18-3.86.1 xen-libs-debuginfo-32bit-4.9.4_18-3.86.1 xen-libs-debuginfo-4.9.4_18-3.86.1 xen-tools-4.9.4_18-3.86.1 xen-tools-debuginfo-4.9.4_18-3.86.1 xen-tools-domU-4.9.4_18-3.86.1 xen-tools-domU-debuginfo-4.9.4_18-3.86.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_18-3.86.1 xen-debugsource-4.9.4_18-3.86.1 xen-doc-html-4.9.4_18-3.86.1 xen-libs-32bit-4.9.4_18-3.86.1 xen-libs-4.9.4_18-3.86.1 xen-libs-debuginfo-32bit-4.9.4_18-3.86.1 xen-libs-debuginfo-4.9.4_18-3.86.1 xen-tools-4.9.4_18-3.86.1 xen-tools-debuginfo-4.9.4_18-3.86.1 xen-tools-domU-4.9.4_18-3.86.1 xen-tools-domU-debuginfo-4.9.4_18-3.86.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_18-3.86.1 xen-debugsource-4.9.4_18-3.86.1 xen-doc-html-4.9.4_18-3.86.1 xen-libs-32bit-4.9.4_18-3.86.1 xen-libs-4.9.4_18-3.86.1 xen-libs-debuginfo-32bit-4.9.4_18-3.86.1 xen-libs-debuginfo-4.9.4_18-3.86.1 xen-tools-4.9.4_18-3.86.1 xen-tools-debuginfo-4.9.4_18-3.86.1 xen-tools-domU-4.9.4_18-3.86.1 xen-tools-domU-debuginfo-4.9.4_18-3.86.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_18-3.86.1 xen-debugsource-4.9.4_18-3.86.1 xen-doc-html-4.9.4_18-3.86.1 xen-libs-32bit-4.9.4_18-3.86.1 xen-libs-4.9.4_18-3.86.1 xen-libs-debuginfo-32bit-4.9.4_18-3.86.1 xen-libs-debuginfo-4.9.4_18-3.86.1 xen-tools-4.9.4_18-3.86.1 xen-tools-debuginfo-4.9.4_18-3.86.1 xen-tools-domU-4.9.4_18-3.86.1 xen-tools-domU-debuginfo-4.9.4_18-3.86.1 References: https://bugzilla.suse.com/1183790 https://bugzilla.suse.com/1185021 https://bugzilla.suse.com/1185196 https://bugzilla.suse.com/1185682 From sle-updates at lists.suse.com Wed May 19 16:26:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:26:00 +0200 (CEST) Subject: SUSE-RU-2021:1640-1: moderate: Recommended update for strongswan Message-ID: <20210519162600.23958FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1640-1 Rating: moderate References: #1185363 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for strongswan fixes the following issues: - FIPS: Replace AEAD AES CCM patch with upstream variant (bsc#1185363) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-1640=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1640=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1640=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1640=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1640=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1640=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): strongswan-debuginfo-5.8.2-11.14.1 strongswan-debugsource-5.8.2-11.14.1 strongswan-nm-5.8.2-11.14.1 strongswan-nm-debuginfo-5.8.2-11.14.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): strongswan-debuginfo-5.8.2-11.14.1 strongswan-debugsource-5.8.2-11.14.1 strongswan-nm-5.8.2-11.14.1 strongswan-nm-debuginfo-5.8.2-11.14.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): strongswan-debuginfo-5.8.2-11.14.1 strongswan-debugsource-5.8.2-11.14.1 strongswan-nm-5.8.2-11.14.1 strongswan-nm-debuginfo-5.8.2-11.14.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): strongswan-debuginfo-5.8.2-11.14.1 strongswan-debugsource-5.8.2-11.14.1 strongswan-nm-5.8.2-11.14.1 strongswan-nm-debuginfo-5.8.2-11.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-11.14.1 strongswan-debuginfo-5.8.2-11.14.1 strongswan-debugsource-5.8.2-11.14.1 strongswan-hmac-5.8.2-11.14.1 strongswan-ipsec-5.8.2-11.14.1 strongswan-ipsec-debuginfo-5.8.2-11.14.1 strongswan-libs0-5.8.2-11.14.1 strongswan-libs0-debuginfo-5.8.2-11.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): strongswan-doc-5.8.2-11.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-11.14.1 strongswan-debuginfo-5.8.2-11.14.1 strongswan-debugsource-5.8.2-11.14.1 strongswan-hmac-5.8.2-11.14.1 strongswan-ipsec-5.8.2-11.14.1 strongswan-ipsec-debuginfo-5.8.2-11.14.1 strongswan-libs0-5.8.2-11.14.1 strongswan-libs0-debuginfo-5.8.2-11.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): strongswan-doc-5.8.2-11.14.1 References: https://bugzilla.suse.com/1185363 From sle-updates at lists.suse.com Wed May 19 16:27:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:27:08 +0200 (CEST) Subject: SUSE-SU-2021:1636-1: moderate: Recommended update for grub2 Message-ID: <20210519162708.4C435FF0F@maintenance.suse.de> SUSE Security Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1636-1 Rating: moderate References: #1185580 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fixed error with the shim_lock protocol that is not found on aarch64 (bsc#1185580). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1636=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1636=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1636=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): grub2-2.04-9.45.2 grub2-debuginfo-2.04-9.45.2 grub2-debugsource-2.04-9.45.2 - SUSE MicroOS 5.0 (noarch): grub2-arm64-efi-2.04-9.45.2 grub2-i386-pc-2.04-9.45.2 grub2-snapper-plugin-2.04-9.45.2 grub2-x86_64-efi-2.04-9.45.2 grub2-x86_64-xen-2.04-9.45.2 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): grub2-x86_64-xen-2.04-9.45.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.04-9.45.2 grub2-debuginfo-2.04-9.45.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.04-9.45.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): grub2-arm64-efi-2.04-9.45.2 grub2-i386-pc-2.04-9.45.2 grub2-powerpc-ieee1275-2.04-9.45.2 grub2-snapper-plugin-2.04-9.45.2 grub2-systemd-sleep-plugin-2.04-9.45.2 grub2-x86_64-efi-2.04-9.45.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): grub2-s390x-emu-2.04-9.45.2 References: https://bugzilla.suse.com/1185580 From sle-updates at lists.suse.com Wed May 19 16:28:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:28:14 +0200 (CEST) Subject: SUSE-SU-2021:1652-1: important: Security update for redis Message-ID: <20210519162815.028A7FF0F@maintenance.suse.de> SUSE Security Update: Security update for redis ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1652-1 Rating: important References: #1182657 #1185729 #1185730 Cross-References: CVE-2021-21309 CVE-2021-29477 CVE-2021-29478 CVSS scores: CVE-2021-21309 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-21309 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-29477 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29477 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29478 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29478 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for redis fixes the following issues: redis was updated to 6.0.13: * CVE-2021-29477: Integer overflow in STRALGO LCS command (bsc#1185729) * CVE-2021-29478: Integer overflow in COPY command for large intsets (bsc#1185730) * Cluster: Skip unnecessary check which may prevent failure detection * Fix performance regression in BRPOP on Redis 6.0 * Fix edge-case when a module client is unblocked redis 6.0.12: * Fix compilation error on non-glibc systems if jemalloc is not used redis 6.0.11: * CVE-2021-21309: Avoid 32-bit overflows when proto-max-bulk-len is set high (bsc#1182657) * Fix handling of threaded IO and CLIENT PAUSE (failover), could lead to data loss or a crash * Fix the selection of a random element from large hash tables * Fix broken protocol in client tracking tracking-redir-broken message * XINFO able to access expired keys on a replica * Fix broken protocol in redis-benchmark when used with -a or --dbnum * Avoid assertions (on older kernels) when testing arm64 CoW bug * CONFIG REWRITE should honor umask settings * Fix firstkey,lastkey,step in COMMAND command for some commands * RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys - Switch systemd type of the sentinel service from notify to simple. This can be reverted when updating to 6.2 which fixes https://github.com/redis/redis/issues/7284 . Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1652=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1652=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): redis-6.0.13-1.10.1 redis-debuginfo-6.0.13-1.10.1 redis-debugsource-6.0.13-1.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): redis-6.0.13-1.10.1 redis-debuginfo-6.0.13-1.10.1 redis-debugsource-6.0.13-1.10.1 References: https://www.suse.com/security/cve/CVE-2021-21309.html https://www.suse.com/security/cve/CVE-2021-29477.html https://www.suse.com/security/cve/CVE-2021-29478.html https://bugzilla.suse.com/1182657 https://bugzilla.suse.com/1185729 https://bugzilla.suse.com/1185730 From sle-updates at lists.suse.com Wed May 19 16:29:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:29:31 +0200 (CEST) Subject: SUSE-SU-2021:1648-1: important: Security update for xen Message-ID: <20210519162931.09B96FF0F@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1648-1 Rating: important References: #1183790 #1185021 #1185104 #1185196 #1185682 Cross-References: CVE-2021-28689 CVSS scores: CVE-2021-28689 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for xen fixes the following issues: Security issue fixed: - CVE-2021-28689: Fixed some x86 speculative vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370) (bsc#1185104) - Make sure xencommons is in a format as expected by fillup. (bsc#1185682) Each comment needs to be followed by an enabled key. Otherwise fillup will remove manually enabled key=value pairs, along with everything that looks like a stale comment, during next pkg update - A recent systemd update caused a regression in xenstored.service systemd now fails to track units that use systemd-notify (bsc#1183790) - Added a delay between the call to systemd-notify and the final exit of the wrapper script (bsc#1185021, bsc#1185196) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1648=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1648=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1648=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1648=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_18-2.54.1 xen-debugsource-4.11.4_18-2.54.1 xen-doc-html-4.11.4_18-2.54.1 xen-libs-32bit-4.11.4_18-2.54.1 xen-libs-4.11.4_18-2.54.1 xen-libs-debuginfo-32bit-4.11.4_18-2.54.1 xen-libs-debuginfo-4.11.4_18-2.54.1 xen-tools-4.11.4_18-2.54.1 xen-tools-debuginfo-4.11.4_18-2.54.1 xen-tools-domU-4.11.4_18-2.54.1 xen-tools-domU-debuginfo-4.11.4_18-2.54.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_18-2.54.1 xen-debugsource-4.11.4_18-2.54.1 xen-doc-html-4.11.4_18-2.54.1 xen-libs-32bit-4.11.4_18-2.54.1 xen-libs-4.11.4_18-2.54.1 xen-libs-debuginfo-32bit-4.11.4_18-2.54.1 xen-libs-debuginfo-4.11.4_18-2.54.1 xen-tools-4.11.4_18-2.54.1 xen-tools-debuginfo-4.11.4_18-2.54.1 xen-tools-domU-4.11.4_18-2.54.1 xen-tools-domU-debuginfo-4.11.4_18-2.54.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_18-2.54.1 xen-debugsource-4.11.4_18-2.54.1 xen-doc-html-4.11.4_18-2.54.1 xen-libs-32bit-4.11.4_18-2.54.1 xen-libs-4.11.4_18-2.54.1 xen-libs-debuginfo-32bit-4.11.4_18-2.54.1 xen-libs-debuginfo-4.11.4_18-2.54.1 xen-tools-4.11.4_18-2.54.1 xen-tools-debuginfo-4.11.4_18-2.54.1 xen-tools-domU-4.11.4_18-2.54.1 xen-tools-domU-debuginfo-4.11.4_18-2.54.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_18-2.54.1 xen-debugsource-4.11.4_18-2.54.1 xen-doc-html-4.11.4_18-2.54.1 xen-libs-32bit-4.11.4_18-2.54.1 xen-libs-4.11.4_18-2.54.1 xen-libs-debuginfo-32bit-4.11.4_18-2.54.1 xen-libs-debuginfo-4.11.4_18-2.54.1 xen-tools-4.11.4_18-2.54.1 xen-tools-debuginfo-4.11.4_18-2.54.1 xen-tools-domU-4.11.4_18-2.54.1 xen-tools-domU-debuginfo-4.11.4_18-2.54.1 References: https://www.suse.com/security/cve/CVE-2021-28689.html https://bugzilla.suse.com/1183790 https://bugzilla.suse.com/1185021 https://bugzilla.suse.com/1185104 https://bugzilla.suse.com/1185196 https://bugzilla.suse.com/1185682 From sle-updates at lists.suse.com Wed May 19 16:31:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:31:17 +0200 (CEST) Subject: SUSE-SU-2021:1651-1: critical: Security update for graphviz Message-ID: <20210519163117.765ADFF0F@maintenance.suse.de> SUSE Security Update: Security update for graphviz ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1651-1 Rating: critical References: #1185833 Cross-References: CVE-2020-18032 CVSS scores: CVE-2020-18032 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-18032 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphviz fixes the following issues: - CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1651=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1651=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1651=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1651=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1651=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1651=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1651=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1651=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1651=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1651=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1651=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1651=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1651=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1651=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1651=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1651=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1651=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1651=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1651=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1651=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-1651=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1651=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1651=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-1651=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1651=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Manager Proxy 4.0 (x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-gnome-2.40.1-6.9.1 graphviz-gnome-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-gnome-2.40.1-6.9.1 graphviz-gnome-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): graphviz-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-gd-2.40.1-6.9.1 graphviz-gd-debuginfo-2.40.1-6.9.1 graphviz-python-2.40.1-6.9.1 graphviz-python-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-gd-2.40.1-6.9.1 graphviz-gd-debuginfo-2.40.1-6.9.1 graphviz-python-2.40.1-6.9.1 graphviz-python-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-gd-2.40.1-6.9.1 graphviz-gd-debuginfo-2.40.1-6.9.1 graphviz-python-2.40.1-6.9.1 graphviz-python-debuginfo-2.40.1-6.9.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-gd-2.40.1-6.9.1 graphviz-gd-debuginfo-2.40.1-6.9.1 graphviz-python-2.40.1-6.9.1 graphviz-python-debuginfo-2.40.1-6.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 - SUSE CaaS Platform 4.0 (x86_64): graphviz-2.40.1-6.9.1 graphviz-addons-debuginfo-2.40.1-6.9.1 graphviz-addons-debugsource-2.40.1-6.9.1 graphviz-debuginfo-2.40.1-6.9.1 graphviz-debugsource-2.40.1-6.9.1 graphviz-devel-2.40.1-6.9.1 graphviz-perl-2.40.1-6.9.1 graphviz-perl-debuginfo-2.40.1-6.9.1 graphviz-plugins-core-2.40.1-6.9.1 graphviz-plugins-core-debuginfo-2.40.1-6.9.1 graphviz-tcl-2.40.1-6.9.1 graphviz-tcl-debuginfo-2.40.1-6.9.1 libgraphviz6-2.40.1-6.9.1 libgraphviz6-debuginfo-2.40.1-6.9.1 References: https://www.suse.com/security/cve/CVE-2020-18032.html https://bugzilla.suse.com/1185833 From sle-updates at lists.suse.com Wed May 19 16:32:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:32:49 +0200 (CEST) Subject: SUSE-SU-2021:1647-1: important: Security update for lz4 Message-ID: <20210519163249.46355FF0F@maintenance.suse.de> SUSE Security Update: Security update for lz4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1647-1 Rating: important References: #1185438 Cross-References: CVE-2021-3520 Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1647=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1647=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1647=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1647=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1647=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1647=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1647=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1647=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1647=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1647=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1647=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1647=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1647=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1647=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1647=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Manager Server 4.0 (x86_64): liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Manager Proxy 4.0 (x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 - SUSE Enterprise Storage 6 (x86_64): liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 - SUSE CaaS Platform 4.0 (x86_64): liblz4-1-1.8.0-3.8.1 liblz4-1-32bit-1.8.0-3.8.1 liblz4-1-32bit-debuginfo-1.8.0-3.8.1 liblz4-1-debuginfo-1.8.0-3.8.1 liblz4-devel-1.8.0-3.8.1 lz4-1.8.0-3.8.1 lz4-debuginfo-1.8.0-3.8.1 lz4-debugsource-1.8.0-3.8.1 References: https://www.suse.com/security/cve/CVE-2021-3520.html https://bugzilla.suse.com/1185438 From sle-updates at lists.suse.com Wed May 19 16:34:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:34:05 +0200 (CEST) Subject: SUSE-SU-2021:1650-1: important: Security update for rubygem-actionpack-4_2 Message-ID: <20210519163405.4D243FF0F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1650-1 Rating: important References: #1185715 Cross-References: CVE-2021-22885 CVSS scores: CVE-2021-22885 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionpack-4_2 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack (bsc#1185715). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1650=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1650=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-1650=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.9-7.12.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.9-7.12.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.9-7.12.1 References: https://www.suse.com/security/cve/CVE-2021-22885.html https://bugzilla.suse.com/1185715 From sle-updates at lists.suse.com Wed May 19 16:35:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:35:14 +0200 (CEST) Subject: SUSE-SU-2021:1641-1: important: Security update for djvulibre Message-ID: <20210519163514.90174FF0F@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1641-1 Rating: important References: #1185895 #1185900 #1185904 #1185905 Cross-References: CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVSS scores: CVE-2021-32490 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32491 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32492 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for djvulibre fixes the following issues: - CVE-2021-32490 [bsc#1185895]: Out of bounds write in function DJVU:filter_bv() via crafted djvu file - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1641=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1641=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1641=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1641=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): djvulibre-3.5.27-11.3.1 djvulibre-debuginfo-3.5.27-11.3.1 djvulibre-debugsource-3.5.27-11.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): djvulibre-3.5.27-11.3.1 djvulibre-debuginfo-3.5.27-11.3.1 djvulibre-debugsource-3.5.27-11.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.27-11.3.1 djvulibre-debugsource-3.5.27-11.3.1 libdjvulibre-devel-3.5.27-11.3.1 libdjvulibre21-3.5.27-11.3.1 libdjvulibre21-debuginfo-3.5.27-11.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.27-11.3.1 djvulibre-debugsource-3.5.27-11.3.1 libdjvulibre-devel-3.5.27-11.3.1 libdjvulibre21-3.5.27-11.3.1 libdjvulibre21-debuginfo-3.5.27-11.3.1 References: https://www.suse.com/security/cve/CVE-2021-32490.html https://www.suse.com/security/cve/CVE-2021-32491.html https://www.suse.com/security/cve/CVE-2021-32492.html https://www.suse.com/security/cve/CVE-2021-32493.html https://bugzilla.suse.com/1185895 https://bugzilla.suse.com/1185900 https://bugzilla.suse.com/1185904 https://bugzilla.suse.com/1185905 From sle-updates at lists.suse.com Wed May 19 16:36:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:36:49 +0200 (CEST) Subject: SUSE-SU-2021:1646-1: critical: Security update for graphviz Message-ID: <20210519163649.19BC3FDD6@maintenance.suse.de> SUSE Security Update: Security update for graphviz ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1646-1 Rating: critical References: #1185833 Cross-References: CVE-2020-18032 CVSS scores: CVE-2020-18032 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-18032 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphviz fixes the following issues: - CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1646=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1646=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1646=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1646=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1646=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1646=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1646=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1646=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1646=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1646=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1646=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1646=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1646=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1646=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-1646=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1646=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 - SUSE OpenStack Cloud 9 (x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 - SUSE OpenStack Cloud 8 (x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-devel-2.28.0-29.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-python-2.28.0-29.6.1 graphviz-python-debuginfo-2.28.0-29.6.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-python-2.28.0-29.6.1 graphviz-python-debuginfo-2.28.0-29.6.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-python-2.28.0-29.6.1 graphviz-python-debuginfo-2.28.0-29.6.1 - HPE Helion Openstack 8 (x86_64): graphviz-2.28.0-29.6.1 graphviz-debuginfo-2.28.0-29.6.1 graphviz-debugsource-2.28.0-29.6.1 graphviz-gd-2.28.0-29.6.1 graphviz-gd-debuginfo-2.28.0-29.6.1 graphviz-gnome-2.28.0-29.6.1 graphviz-gnome-debuginfo-2.28.0-29.6.1 graphviz-plugins-debugsource-2.28.0-29.6.1 graphviz-tcl-2.28.0-29.6.1 graphviz-tcl-debuginfo-2.28.0-29.6.1 References: https://www.suse.com/security/cve/CVE-2020-18032.html https://bugzilla.suse.com/1185833 From sle-updates at lists.suse.com Wed May 19 16:38:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 18:38:03 +0200 (CEST) Subject: SUSE-SU-2021:1645-1: important: Security update for djvulibre Message-ID: <20210519163803.3C5AAFF0F@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1645-1 Rating: important References: #1185900 #1185904 #1185905 Cross-References: CVE-2019-18804 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVSS scores: CVE-2019-18804 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-18804 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-32491 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32492 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1645=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1645=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1645=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1645=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1645=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1645=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1645=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1645=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1645=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1645=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1645=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1645=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1645=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 - SUSE OpenStack Cloud 9 (x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 - SUSE OpenStack Cloud 8 (x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre-devel-3.5.25.3-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 - HPE Helion Openstack 8 (x86_64): djvulibre-debuginfo-3.5.25.3-5.9.1 djvulibre-debugsource-3.5.25.3-5.9.1 libdjvulibre21-3.5.25.3-5.9.1 libdjvulibre21-debuginfo-3.5.25.3-5.9.1 References: https://www.suse.com/security/cve/CVE-2019-18804.html https://www.suse.com/security/cve/CVE-2021-32491.html https://www.suse.com/security/cve/CVE-2021-32492.html https://www.suse.com/security/cve/CVE-2021-32493.html https://bugzilla.suse.com/1185900 https://bugzilla.suse.com/1185904 https://bugzilla.suse.com/1185905 From sle-updates at lists.suse.com Wed May 19 19:17:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 21:17:25 +0200 (CEST) Subject: SUSE-SU-2021:1654-1: important: Security update for libxml2 Message-ID: <20210519191725.45829FDD6@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1654-1 Rating: important References: #1185408 #1185409 #1185410 #1185698 Cross-References: CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVSS scores: CVE-2021-3516 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3517 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3518 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3537 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1654=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-1654=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-1654=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1654=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1654=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libxml2-2-2.9.7-3.34.1 libxml2-2-debuginfo-2.9.7-3.34.1 libxml2-debugsource-2.9.7-3.34.1 libxml2-tools-2.9.7-3.34.1 libxml2-tools-debuginfo-2.9.7-3.34.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.34.1 python2-libxml2-python-2.9.7-3.34.1 python2-libxml2-python-debuginfo-2.9.7-3.34.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.34.1 python2-libxml2-python-2.9.7-3.34.1 python2-libxml2-python-debuginfo-2.9.7-3.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.34.1 libxml2-2-debuginfo-2.9.7-3.34.1 libxml2-debugsource-2.9.7-3.34.1 libxml2-devel-2.9.7-3.34.1 libxml2-tools-2.9.7-3.34.1 libxml2-tools-debuginfo-2.9.7-3.34.1 python-libxml2-python-debugsource-2.9.7-3.34.1 python3-libxml2-python-2.9.7-3.34.1 python3-libxml2-python-debuginfo-2.9.7-3.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libxml2-2-32bit-2.9.7-3.34.1 libxml2-2-32bit-debuginfo-2.9.7-3.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.34.1 libxml2-2-debuginfo-2.9.7-3.34.1 libxml2-debugsource-2.9.7-3.34.1 libxml2-devel-2.9.7-3.34.1 libxml2-tools-2.9.7-3.34.1 libxml2-tools-debuginfo-2.9.7-3.34.1 python-libxml2-python-debugsource-2.9.7-3.34.1 python3-libxml2-python-2.9.7-3.34.1 python3-libxml2-python-debuginfo-2.9.7-3.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libxml2-2-32bit-2.9.7-3.34.1 libxml2-2-32bit-debuginfo-2.9.7-3.34.1 References: https://www.suse.com/security/cve/CVE-2021-3516.html https://www.suse.com/security/cve/CVE-2021-3517.html https://www.suse.com/security/cve/CVE-2021-3518.html https://www.suse.com/security/cve/CVE-2021-3537.html https://bugzilla.suse.com/1185408 https://bugzilla.suse.com/1185409 https://bugzilla.suse.com/1185410 https://bugzilla.suse.com/1185698 From sle-updates at lists.suse.com Wed May 19 19:18:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 21:18:49 +0200 (CEST) Subject: SUSE-SU-2021:1655-1: important: Security update for fribidi Message-ID: <20210519191849.95777FDD6@maintenance.suse.de> SUSE Security Update: Security update for fribidi ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1655-1 Rating: important References: #1156260 Cross-References: CVE-2019-18397 CVSS scores: CVE-2019-18397 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-18397 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fribidi fixes the following issues: Security issues fixed: - CVE-2019-18397: Avoid buffer overflow. (bsc#1156260) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1655=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1655=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1655=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1655=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1655=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): fribidi-debuginfo-1.0.5-3.3.1 fribidi-debugsource-1.0.5-3.3.1 libfribidi0-1.0.5-3.3.1 libfribidi0-debuginfo-1.0.5-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): fribidi-debugsource-1.0.5-3.3.1 libfribidi0-32bit-1.0.5-3.3.1 libfribidi0-32bit-debuginfo-1.0.5-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): fribidi-debugsource-1.0.5-3.3.1 libfribidi0-32bit-1.0.5-3.3.1 libfribidi0-32bit-debuginfo-1.0.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): fribidi-1.0.5-3.3.1 fribidi-debuginfo-1.0.5-3.3.1 fribidi-debugsource-1.0.5-3.3.1 fribidi-devel-1.0.5-3.3.1 libfribidi0-1.0.5-3.3.1 libfribidi0-debuginfo-1.0.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): fribidi-1.0.5-3.3.1 fribidi-debuginfo-1.0.5-3.3.1 fribidi-debugsource-1.0.5-3.3.1 fribidi-devel-1.0.5-3.3.1 libfribidi0-1.0.5-3.3.1 libfribidi0-debuginfo-1.0.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-18397.html https://bugzilla.suse.com/1156260 From sle-updates at lists.suse.com Wed May 19 19:19:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 21:19:58 +0200 (CEST) Subject: SUSE-SU-2021:14729-1: important: Security update for libxml2 Message-ID: <20210519191958.D5A9CFDD6@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14729-1 Rating: important References: #1159928 #1161517 #1161521 #1176179 #1185408 #1185409 #1185410 #1185698 Cross-References: CVE-2014-0191 CVE-2019-19956 CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVSS scores: CVE-2019-19956 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19956 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-20388 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-20388 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-24977 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-24977 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-7595 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-7595 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3516 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3517 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3518 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3537 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in xmlEncodeEntitiesInternal() in entities.c (bsc#1185409) - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2019-19956: Fixed a memory leak in xmlParseBalancedChunkMemoryRecover (bsc#1159928). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libxml2-14729=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libxml2-14729=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-14729=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libxml2-14729=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libxml2-2.7.6-0.77.36.1 libxml2-doc-2.7.6-0.77.36.1 libxml2-python-2.7.6-0.77.36.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.77.36.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libxml2-2.7.6-0.77.36.1 libxml2-doc-2.7.6-0.77.36.1 libxml2-python-2.7.6-0.77.36.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.77.36.1 libxml2-debugsource-2.7.6-0.77.36.1 libxml2-python-debuginfo-2.7.6-0.77.36.1 libxml2-python-debugsource-2.7.6-0.77.36.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libxml2-debuginfo-2.7.6-0.77.36.1 libxml2-debugsource-2.7.6-0.77.36.1 libxml2-python-debuginfo-2.7.6-0.77.36.1 libxml2-python-debugsource-2.7.6-0.77.36.1 References: https://www.suse.com/security/cve/CVE-2014-0191.html https://www.suse.com/security/cve/CVE-2019-19956.html https://www.suse.com/security/cve/CVE-2019-20388.html https://www.suse.com/security/cve/CVE-2020-24977.html https://www.suse.com/security/cve/CVE-2020-7595.html https://www.suse.com/security/cve/CVE-2021-3516.html https://www.suse.com/security/cve/CVE-2021-3517.html https://www.suse.com/security/cve/CVE-2021-3518.html https://www.suse.com/security/cve/CVE-2021-3537.html https://bugzilla.suse.com/1159928 https://bugzilla.suse.com/1161517 https://bugzilla.suse.com/1161521 https://bugzilla.suse.com/1176179 https://bugzilla.suse.com/1185408 https://bugzilla.suse.com/1185409 https://bugzilla.suse.com/1185410 https://bugzilla.suse.com/1185698 From sle-updates at lists.suse.com Wed May 19 19:21:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 21:21:44 +0200 (CEST) Subject: SUSE-SU-2021:1658-1: important: Security update for libxml2 Message-ID: <20210519192144.96A78FDD6@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1658-1 Rating: important References: #1185408 #1185409 #1185410 #1185698 Cross-References: CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVSS scores: CVE-2021-3516 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3517 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3518 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3537 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: Security issues fixed: CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1658=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1658=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1658=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1658=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1658=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1658=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1658=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1658=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1658=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1658=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1658=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1658=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1658=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libxml2-doc-2.9.4-46.43.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libxml2-doc-2.9.4-46.43.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 - SUSE OpenStack Cloud 9 (x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 - SUSE OpenStack Cloud 9 (noarch): libxml2-doc-2.9.4-46.43.1 - SUSE OpenStack Cloud 8 (noarch): libxml2-doc-2.9.4-46.43.1 - SUSE OpenStack Cloud 8 (x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.43.1 libxml2-devel-2.9.4-46.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libxml2-doc-2.9.4-46.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libxml2-doc-2.9.4-46.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libxml2-doc-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libxml2-doc-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libxml2-doc-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): libxml2-doc-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libxml2-doc-2.9.4-46.43.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 - HPE Helion Openstack 8 (noarch): libxml2-doc-2.9.4-46.43.1 - HPE Helion Openstack 8 (x86_64): libxml2-2-2.9.4-46.43.1 libxml2-2-32bit-2.9.4-46.43.1 libxml2-2-debuginfo-2.9.4-46.43.1 libxml2-2-debuginfo-32bit-2.9.4-46.43.1 libxml2-debugsource-2.9.4-46.43.1 libxml2-tools-2.9.4-46.43.1 libxml2-tools-debuginfo-2.9.4-46.43.1 python-libxml2-2.9.4-46.43.1 python-libxml2-debuginfo-2.9.4-46.43.1 python-libxml2-debugsource-2.9.4-46.43.1 References: https://www.suse.com/security/cve/CVE-2021-3516.html https://www.suse.com/security/cve/CVE-2021-3517.html https://www.suse.com/security/cve/CVE-2021-3518.html https://www.suse.com/security/cve/CVE-2021-3537.html https://bugzilla.suse.com/1185408 https://bugzilla.suse.com/1185409 https://bugzilla.suse.com/1185410 https://bugzilla.suse.com/1185698 From sle-updates at lists.suse.com Wed May 19 19:23:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 21:23:39 +0200 (CEST) Subject: SUSE-RU-2021:1656-1: Recommended update for ses-manual_en Message-ID: <20210519192339.8FBBFFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1656-1 Rating: low References: Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for ses-manual_en fixes the following issues: - Included SAMBA GW in the upgrade process - Info about health warning coming with the new Ceph point release - Update remnant of previous Grafana version - Updated ceph-dokan uid/gid instructions - doc: rook operator needs to get stoped on OSD removal - Update Grafana container tag version Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-1656=1 Package List: - SUSE Enterprise Storage 7 (noarch): ses-admin_en-pdf-7locdrop+git67.gef3cfb4d-3.12.1 ses-deployment_en-pdf-7locdrop+git67.gef3cfb4d-3.12.1 ses-manual_en-7locdrop+git67.gef3cfb4d-3.12.1 ses-troubleshooting_en-pdf-7locdrop+git67.gef3cfb4d-3.12.1 ses-windows_en-pdf-7locdrop+git67.gef3cfb4d-3.12.1 References: From sle-updates at lists.suse.com Wed May 19 19:24:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 May 2021 21:24:38 +0200 (CEST) Subject: SUSE-RU-2021:1657-1: moderate: Recommended update for crmsh Message-ID: <20210519192438.1A2E9FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1657-1 Rating: moderate References: #1178118 #1180126 #1180332 #1181415 #1181906 #1181907 #1183359 #1183654 #1183689 #1183883 #1185437 ECO-3567 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has 11 recommended fixes and contains one feature can now be installed. Description: This update for crmsh fixes the following issues: - Update to version 4.3.0: * Fix: bootstrap: add sbd via bootstrap stage on an existing cluster (bsc#1181906) * Fix: bootstrap: change StrictHostKeyChecking=no as a constants(bsc#1185437) * Dev: bootstrap: disable unnecessary warnings (bsc#1178118) * Fix: bootstrap: sync corosync.conf before finished joining(bsc#1183359) * Dev: add "crm corosync status qdevice" sub-command * Dev: ui_cluster: add qdevice help info * Dev: ui_cluster: enable/disable corosync-qdevice.service * Fix for bootstrap: parse space in sbd device correctly. (bsc#1183883) * Fix for bootstrap: get the peer node name correctly. (bsc#1183654) * Update version and author. (bsc#1183689) * Bootstrap development: enable configuring qdevice on interactive mode. (jsc#ECO-3567) * Fix for ui_resource: change return code and error to warning for some unharmful actions. (bsc#1180332) * Fix for bootstrap: raise warning when configuring diskless SBD with node's count less than 3. (bsc#1181907) * Fix for bootstrap: Adjust qdevice configure/remove process to avoid race condition due to quorum lost. (bsc#1181415) * Fix for ui_configure: raise error when params not exist. (bsc#1180126) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1657=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.3.0+20210507.bf02d791-3.62.1 crmsh-scripts-4.3.0+20210507.bf02d791-3.62.1 References: https://bugzilla.suse.com/1178118 https://bugzilla.suse.com/1180126 https://bugzilla.suse.com/1180332 https://bugzilla.suse.com/1181415 https://bugzilla.suse.com/1181906 https://bugzilla.suse.com/1181907 https://bugzilla.suse.com/1183359 https://bugzilla.suse.com/1183654 https://bugzilla.suse.com/1183689 https://bugzilla.suse.com/1183883 https://bugzilla.suse.com/1185437 From sle-updates at lists.suse.com Wed May 19 22:16:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 00:16:03 +0200 (CEST) Subject: SUSE-RU-2021:1659-1: moderate: Recommended update for pdsh, slurm_20_11 Message-ID: <20210519221603.E5F32FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for pdsh, slurm_20_11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1659-1 Rating: moderate References: ECO-2412 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for pdsh, slurm_20_11 fixes the following issues: - Preparing pdsh for Slurm 20.11 (jsc#ECO-2412) - Simplify convoluted condition. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2021-1659=1 - SUSE Linux Enterprise High Performance Computing 15-SP2: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-2021-1659=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64): libnss_slurm2_20_11-20.11.4-6.2.2 libpmi0_20_11-20.11.4-6.2.2 libslurm36-20.11.4-6.2.2 perl-slurm_20_11-20.11.4-6.2.2 slurm_20_11-20.11.4-6.2.2 slurm_20_11-auth-none-20.11.4-6.2.2 slurm_20_11-config-20.11.4-6.2.2 slurm_20_11-config-man-20.11.4-6.2.2 slurm_20_11-devel-20.11.4-6.2.2 slurm_20_11-doc-20.11.4-6.2.2 slurm_20_11-lua-20.11.4-6.2.2 slurm_20_11-munge-20.11.4-6.2.2 slurm_20_11-node-20.11.4-6.2.2 slurm_20_11-pam_slurm-20.11.4-6.2.2 slurm_20_11-plugins-20.11.4-6.2.2 slurm_20_11-slurmdbd-20.11.4-6.2.2 slurm_20_11-sql-20.11.4-6.2.2 slurm_20_11-sview-20.11.4-6.2.2 slurm_20_11-torque-20.11.4-6.2.2 slurm_20_11-webdoc-20.11.4-6.2.2 - SUSE Linux Enterprise High Performance Computing 15-SP2 (aarch64 x86_64): libnss_slurm2_20_11-20.11.4-6.2.2 libpmi0_20_11-20.11.4-6.2.2 libslurm36-20.11.4-6.2.2 perl-slurm_20_11-20.11.4-6.2.2 slurm_20_11-20.11.4-6.2.2 slurm_20_11-auth-none-20.11.4-6.2.2 slurm_20_11-config-20.11.4-6.2.2 slurm_20_11-config-man-20.11.4-6.2.2 slurm_20_11-devel-20.11.4-6.2.2 slurm_20_11-doc-20.11.4-6.2.2 slurm_20_11-lua-20.11.4-6.2.2 slurm_20_11-munge-20.11.4-6.2.2 slurm_20_11-node-20.11.4-6.2.2 slurm_20_11-pam_slurm-20.11.4-6.2.2 slurm_20_11-plugins-20.11.4-6.2.2 slurm_20_11-slurmdbd-20.11.4-6.2.2 slurm_20_11-sql-20.11.4-6.2.2 slurm_20_11-sview-20.11.4-6.2.2 slurm_20_11-torque-20.11.4-6.2.2 slurm_20_11-webdoc-20.11.4-6.2.2 References: From sle-updates at lists.suse.com Wed May 19 22:17:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 00:17:00 +0200 (CEST) Subject: SUSE-RU-2021:1661-1: moderate: Recommended update for s390-tools Message-ID: <20210519221700.C0DD3FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1661-1 Rating: moderate References: #1182816 #1182820 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for s390-tools fixes the following issues: - Adding a fflush(stdout) statement so that the dasdfmt command would produce the correct output for YaST. (bsc#1182816, bsc#1182820) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1661=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (s390x): osasnmpd-2.1.0-18.35.1 osasnmpd-debuginfo-2.1.0-18.35.1 s390-tools-2.1.0-18.35.1 s390-tools-debuginfo-2.1.0-18.35.1 s390-tools-debugsource-2.1.0-18.35.1 s390-tools-hmcdrvfs-2.1.0-18.35.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-18.35.1 s390-tools-zdsfs-2.1.0-18.35.1 s390-tools-zdsfs-debuginfo-2.1.0-18.35.1 References: https://bugzilla.suse.com/1182816 https://bugzilla.suse.com/1182820 From sle-updates at lists.suse.com Wed May 19 22:18:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 00:18:12 +0200 (CEST) Subject: SUSE-RU-2021:1660-1: moderate: Recommended update for python-kiwi Message-ID: <20210519221812.5D5A2FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1660-1 Rating: moderate References: SLE-12986 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for python-kiwi fixes the following issues: - Fix appx manifest for WSL containers This patch is two fold * This commit prevents KIWI from setting Identity Name attribute and DisplayName and PublisherDisplayName elements. Fixes #1780 * Fix WSL appx filemap relative paths not preserved During WSL appx image type creation step the file hierarchy under metadata_path is written to a temporary file for eventual use as argument to utility appx. The file hierarchy information is dropped resulting in all filemap entries appearing to be at the metadata_path root. The resulting image will side load and run but without icon and other resources. Stricter checks at Windows Store submission will fail due to mismatch between image manifest and contents. Fix by preserving relative path of filemap entries relative to metadata_path. Add log output showing both input absolute path and output relative path. (jsc#SLE-12986) - Recommend kiwi-systemdeps-containers This commit recommends 'kiwi-systemdeps-containers' instead of a hard requirement in kiwi-systemdeps package for SLE builds. This is needed because the containers tool chain is spread in different SLE modules. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1660=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1660=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1660=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): dracut-kiwi-lib-9.23.20-3.40.1 dracut-kiwi-oem-repart-9.23.20-3.40.1 python-kiwi-debugsource-9.23.20-3.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.23.20-3.40.1 dracut-kiwi-live-9.23.20-3.40.1 dracut-kiwi-oem-dump-9.23.20-3.40.1 dracut-kiwi-oem-repart-9.23.20-3.40.1 dracut-kiwi-overlay-9.23.20-3.40.1 kiwi-man-pages-9.23.20-3.40.1 kiwi-systemdeps-9.23.20-3.40.1 kiwi-systemdeps-bootloaders-9.23.20-3.40.1 kiwi-systemdeps-containers-9.23.20-3.40.1 kiwi-systemdeps-core-9.23.20-3.40.1 kiwi-systemdeps-disk-images-9.23.20-3.40.1 kiwi-systemdeps-filesystems-9.23.20-3.40.1 kiwi-systemdeps-image-validation-9.23.20-3.40.1 kiwi-systemdeps-iso-media-9.23.20-3.40.1 kiwi-tools-9.23.20-3.40.1 kiwi-tools-debuginfo-9.23.20-3.40.1 python-kiwi-debugsource-9.23.20-3.40.1 python3-kiwi-9.23.20-3.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): kiwi-pxeboot-9.23.20-3.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.23.20-3.40.1 dracut-kiwi-live-9.23.20-3.40.1 dracut-kiwi-oem-dump-9.23.20-3.40.1 dracut-kiwi-oem-repart-9.23.20-3.40.1 dracut-kiwi-overlay-9.23.20-3.40.1 kiwi-man-pages-9.23.20-3.40.1 kiwi-systemdeps-bootloaders-9.23.20-3.40.1 kiwi-systemdeps-core-9.23.20-3.40.1 kiwi-systemdeps-disk-images-9.23.20-3.40.1 kiwi-systemdeps-filesystems-9.23.20-3.40.1 kiwi-systemdeps-image-validation-9.23.20-3.40.1 kiwi-systemdeps-iso-media-9.23.20-3.40.1 kiwi-tools-9.23.20-3.40.1 kiwi-tools-debuginfo-9.23.20-3.40.1 python-kiwi-debugsource-9.23.20-3.40.1 python3-kiwi-9.23.20-3.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): kiwi-pxeboot-9.23.20-3.40.1 References: From sle-updates at lists.suse.com Thu May 20 01:15:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 03:15:36 +0200 (CEST) Subject: SUSE-RU-2021:1663-1: moderate: Recommended update for drbd-formula Message-ID: <20210520011536.4E89EFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1663-1 Rating: moderate References: #1179529 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd-formula fixes the following issues: - Support different backing device per node. (bsc#1179529) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-1663=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-1663=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-1663=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): drbd-formula-0.4.2+git.1616116365.1e3ab34-3.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): drbd-formula-0.4.2+git.1616116365.1e3ab34-3.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): drbd-formula-0.4.2+git.1616116365.1e3ab34-3.6.1 References: https://bugzilla.suse.com/1179529 From sle-updates at lists.suse.com Thu May 20 01:16:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 03:16:34 +0200 (CEST) Subject: SUSE-RU-2021:1662-1: moderate: Recommended update for saphanabootstrap-formula Message-ID: <20210520011634.581FCFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for saphanabootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1662-1 Rating: moderate References: #1185090 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for saphanabootstrap-formula fixes the following issues: - Fix the HANA sidadm usage to transform to lowercase some states managing the sudoers file in ha_cluster.sls state file. (bsc#1185090) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-1662=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-1662=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-1662=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): saphanabootstrap-formula-0.7.1+git.1619008686.8600866-3.11.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): saphanabootstrap-formula-0.7.1+git.1619008686.8600866-3.11.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): saphanabootstrap-formula-0.7.1+git.1619008686.8600866-3.11.1 References: https://bugzilla.suse.com/1185090 From sle-updates at lists.suse.com Thu May 20 06:19:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 08:19:00 +0200 (CEST) Subject: SUSE-CU-2021:167-1: Security update of suse/sle15 Message-ID: <20210520061900.1BF99B461B0@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:167-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.395 Container Release : 4.22.395 Severity : important Type : security References : 1181443 1184358 1185438 1185562 CVE-2021-3520 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). From sle-updates at lists.suse.com Thu May 20 06:19:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 08:19:11 +0200 (CEST) Subject: SUSE-CU-2021:168-1: Security update of suse/sle15 Message-ID: <20210520061911.38E49B461B0@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:168-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.396 Container Release : 4.22.396 Severity : important Type : security References : 1185408 1185409 1185410 1185698 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 20 06:35:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 08:35:03 +0200 (CEST) Subject: SUSE-CU-2021:169-1: Security update of suse/sle15 Message-ID: <20210520063503.A055EB461B0@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:169-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.457 Container Release : 6.2.457 Severity : important Type : security References : 1181443 1184358 1185408 1185409 1185410 1185438 1185562 1185698 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 20 06:44:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 08:44:48 +0200 (CEST) Subject: SUSE-CU-2021:170-1: Security update of suse/sle15 Message-ID: <20210520064448.5FBADB461B0@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:170-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.919 Container Release : 8.2.919 Severity : important Type : security References : 1181443 1184358 1185408 1185409 1185410 1185438 1185562 1185698 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 20 10:17:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 12:17:32 +0200 (CEST) Subject: SUSE-SU-2021:1664-1: moderate: Security update for libass Message-ID: <20210520101732.E7342FF54@maintenance.suse.de> SUSE Security Update: Security update for libass ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1664-1 Rating: moderate References: #1184153 Cross-References: CVE-2020-24994 CVSS scores: CVE-2020-24994 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libass fixes the following issues: - CVE-2020-24994: Fixed a stack overflow in the parse_tag (bsc#1184153). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1664=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1664=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libass-debugsource-0.14.0-3.6.1 libass-devel-0.14.0-3.6.1 libass9-0.14.0-3.6.1 libass9-debuginfo-0.14.0-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libass-debugsource-0.14.0-3.6.1 libass-devel-0.14.0-3.6.1 libass9-0.14.0-3.6.1 libass9-debuginfo-0.14.0-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-24994.html https://bugzilla.suse.com/1184153 From sle-updates at lists.suse.com Thu May 20 13:18:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 15:18:45 +0200 (CEST) Subject: SUSE-RU-2021:14730-1: moderate: Recommended update for apparmor-profiles Message-ID: <20210520131845.23B5DFF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor-profiles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14730-1 Rating: moderate References: #1181728 #956365 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for apparmor-profiles fixes the following issue: - Add `ld.so.preload` to `abstraction/base` (bsc#1181728) - Add crypto/fips_enabled to ntpd profile. (bsc#956365) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-apparmor-profiles-14730=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-apparmor-profiles-14730=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): apparmor-profiles-2.3-48.21.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): apparmor-profiles-2.3-48.21.5.1 References: https://bugzilla.suse.com/1181728 https://bugzilla.suse.com/956365 From sle-updates at lists.suse.com Thu May 20 13:20:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 15:20:03 +0200 (CEST) Subject: SUSE-RU-2021:1668-1: moderate: Recommended update for pacemaker Message-ID: <20210520132003.39779FF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1668-1 Rating: moderate References: #1173668 #1174696 #1177212 #1178865 #1180618 #1181744 #1182607 #1184557 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - controller: Fix for the issue when the re-joined node gets the host names of non-DC nodes and fails. (bsc#1180618) - Fixed an issue when pacemaker generates invalid xml for certain failures. (rh#1931332) - fencer: Optimize merging of fencing history by removing unneeded entries on creation of history diff. (bsc#1181744) - fencing: Add a new function for checking if a fencing operation is in pending state. (bsc#1181744) - fencer: Update outdated pending operations according to returned ones from remote peer history. (bsc#1181744) - fencer: Fix if broadcast returned fencing operations to update outdated pending ones in remote peer history. (bsc#1181744) - execd: Skips merging of canceled fencing monitors. (#CLBZ5393) - liblrmd: Limit node name addition to proxied 'attrd' update commands. (rh#1907726) - controller, Pacemaker Explained: Improved the documentation of 'stonith-watchdog-timeout' cluster option. (bsc#1174696, bsc#1184557) - scheduler: Improved the documentation of 'have-watchdog' cluster option. (bsc#1174696, bsc#1184557) - libpe_status: Downgrade the message about the meaning of 'have-watchdog=true' to 'info'. (bsc#1174696, bsc#1184557) - scheduler: Update 'migrate-fail-9' test for migration code change. (bsc#1177212, bsc#1182607) - scheduler: Don't schedule a dangling migration stop if one already occurred. (bsc#1177212, bsc#1182607) - attrd: Prevent leftover attributes of shutdown node in 'cib'. (bsc#1173668) - crmadmin: Printing DC quietly if needed (bsc#1178865) - scheduler: Properly detect dangling migrations (bsc#1177212) - scheduler: Only successful 'ops' count for migration comparisons. (bsc#1177212) - libpe_status: Add sanity check when unpacking migration history. (bsc#1177212) - libpe_status: Check for stops correctly when unpacking migration. (bsc#1177212) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1668=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.4+20200616.2deceaa3a-3.6.1 libpacemaker3-2.0.4+20200616.2deceaa3a-3.6.1 libpacemaker3-debuginfo-2.0.4+20200616.2deceaa3a-3.6.1 pacemaker-2.0.4+20200616.2deceaa3a-3.6.1 pacemaker-cli-2.0.4+20200616.2deceaa3a-3.6.1 pacemaker-cli-debuginfo-2.0.4+20200616.2deceaa3a-3.6.1 pacemaker-debuginfo-2.0.4+20200616.2deceaa3a-3.6.1 pacemaker-debugsource-2.0.4+20200616.2deceaa3a-3.6.1 pacemaker-remote-2.0.4+20200616.2deceaa3a-3.6.1 pacemaker-remote-debuginfo-2.0.4+20200616.2deceaa3a-3.6.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): pacemaker-cts-2.0.4+20200616.2deceaa3a-3.6.1 References: https://bugzilla.suse.com/1173668 https://bugzilla.suse.com/1174696 https://bugzilla.suse.com/1177212 https://bugzilla.suse.com/1178865 https://bugzilla.suse.com/1180618 https://bugzilla.suse.com/1181744 https://bugzilla.suse.com/1182607 https://bugzilla.suse.com/1184557 From sle-updates at lists.suse.com Thu May 20 13:21:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 15:21:51 +0200 (CEST) Subject: SUSE-RU-2021:1669-1: moderate: Recommended update for nfs-utils Message-ID: <20210520132151.43F66FF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1669-1 Rating: moderate References: #1181540 #1181651 #1183194 #1185170 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - The '/var/run' is long deprecated - switch all relevant paths to '/run'. (bsc#1185170) - Improve logging of authentication (bsc#1181540) - Add man page of the 'nconnect mount'. (bsc#1181651) - Fixed an issue when HANA crashed due to inaccessible/hanging NFS mount. (bsc#1183194) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1669=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1669=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1669=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): nfs-client-2.1.1-10.15.1 nfs-client-debuginfo-2.1.1-10.15.1 nfs-kernel-server-2.1.1-10.15.1 nfs-kernel-server-debuginfo-2.1.1-10.15.1 nfs-utils-debuginfo-2.1.1-10.15.1 nfs-utils-debugsource-2.1.1-10.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.15.1 nfs-client-debuginfo-2.1.1-10.15.1 nfs-doc-2.1.1-10.15.1 nfs-kernel-server-2.1.1-10.15.1 nfs-kernel-server-debuginfo-2.1.1-10.15.1 nfs-utils-debuginfo-2.1.1-10.15.1 nfs-utils-debugsource-2.1.1-10.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.15.1 nfs-client-debuginfo-2.1.1-10.15.1 nfs-doc-2.1.1-10.15.1 nfs-kernel-server-2.1.1-10.15.1 nfs-kernel-server-debuginfo-2.1.1-10.15.1 nfs-utils-debuginfo-2.1.1-10.15.1 nfs-utils-debugsource-2.1.1-10.15.1 References: https://bugzilla.suse.com/1181540 https://bugzilla.suse.com/1181651 https://bugzilla.suse.com/1183194 https://bugzilla.suse.com/1185170 From sle-updates at lists.suse.com Thu May 20 13:23:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 15:23:17 +0200 (CEST) Subject: SUSE-RU-2021:1667-1: moderate: Recommended update for audit Message-ID: <20210520132317.3CBEBFF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for audit ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1667-1 Rating: moderate References: #1179515 #1184362 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515, bsc#1184362) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1667=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1667=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): audit-debugsource-2.8.1-10.11.1 audit-devel-2.8.1-10.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): audit-2.8.1-10.11.2 audit-audispd-plugins-2.8.1-10.11.2 audit-audispd-plugins-debuginfo-2.8.1-10.11.2 audit-debuginfo-2.8.1-10.11.2 audit-debugsource-2.8.1-10.11.1 audit-secondary-debugsource-2.8.1-10.11.2 libaudit1-2.8.1-10.11.1 libaudit1-debuginfo-2.8.1-10.11.1 libauparse0-2.8.1-10.11.1 libauparse0-debuginfo-2.8.1-10.11.1 python2-audit-2.8.1-10.11.2 python2-audit-debuginfo-2.8.1-10.11.2 python3-audit-2.8.1-10.11.2 python3-audit-debuginfo-2.8.1-10.11.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libaudit1-32bit-2.8.1-10.11.1 libaudit1-debuginfo-32bit-2.8.1-10.11.1 References: https://bugzilla.suse.com/1179515 https://bugzilla.suse.com/1184362 From sle-updates at lists.suse.com Thu May 20 16:16:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 18:16:56 +0200 (CEST) Subject: SUSE-RU-2021:1675-1: moderate: Recommended update for snappy Message-ID: <20210520161656.D5799FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for snappy ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1675-1 Rating: moderate References: #1080040 #1184507 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for snappy fixes the following issues: Update from version 1.1.3 to 1.1.8 - Small performance improvements. - Removed `snappy::string` alias for `std::string`. - Improved `CMake` configuration. - Improved packages descriptions. - Fix RPM groups. - Aarch64 fixes - PPC speedups - PIE improvements - Fix license install. (bsc#1080040) - Fix a 1% performance regression when snappy is used in PIE executable. - Improve compression performance by 5%. - Improve decompression performance by 20%. - Use better download URL. - Fix a build issue for tensorflow2. (bsc#1184507) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1675=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1675=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1675=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libsnappy1-1.1.8-3.3.1 libsnappy1-debuginfo-1.1.8-3.3.1 snappy-debugsource-1.1.8-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsnappy1-1.1.8-3.3.1 libsnappy1-debuginfo-1.1.8-3.3.1 snappy-debugsource-1.1.8-3.3.1 snappy-devel-1.1.8-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsnappy1-1.1.8-3.3.1 libsnappy1-debuginfo-1.1.8-3.3.1 snappy-debugsource-1.1.8-3.3.1 snappy-devel-1.1.8-3.3.1 References: https://bugzilla.suse.com/1080040 https://bugzilla.suse.com/1184507 From sle-updates at lists.suse.com Thu May 20 16:18:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 18:18:07 +0200 (CEST) Subject: SUSE-RU-2021:1674-1: moderate: Recommended update for sle-manager-tools-release Message-ID: <20210520161807.A2298FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-manager-tools-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1674-1 Rating: moderate References: #1182501 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sle-manager-tools-release provides the following fix: - Make the SUSE Manager client tools for SUSE Linux Enterprise 15 compatible with openSUSE Leap 15 and SLE Micro 5.X. (bsc#1182501) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-1674=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): sle-manager-tools-release-15-113.8.1 References: https://bugzilla.suse.com/1182501 From sle-updates at lists.suse.com Thu May 20 16:19:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 18:19:15 +0200 (CEST) Subject: SUSE-RU-2021:1673-1: moderate: Recommended update for open-iscsi Message-ID: <20210520161915.8C2E5FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1673-1 Rating: moderate References: #1183741 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi fixes the following issues: - Do not restart iscsid and iscsiuio during package upgrade, if those daemons are running. (bsc#1183741) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1673=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-12.33.1 iscsiuio-debuginfo-0.7.8.2-12.33.1 libopeniscsiusr0_2_0-2.0.876-12.33.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-12.33.1 open-iscsi-2.0.876-12.33.1 open-iscsi-debuginfo-2.0.876-12.33.1 open-iscsi-debugsource-2.0.876-12.33.1 References: https://bugzilla.suse.com/1183741 From sle-updates at lists.suse.com Thu May 20 16:20:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 18:20:29 +0200 (CEST) Subject: SUSE-RU-2021:1672-1: moderate: Recommended update for supportutils Message-ID: <20210520162029.CF7EBFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1672-1 Rating: moderate References: #1021918 #1089870 #1168894 #1169122 #1169348 #1170092 #1170094 #1170858 #1176370 #1178491 #1180478 #1181351 #1181610 #1181679 #1181911 #1182904 #1182950 #1183732 #1183826 #1184829 #1184912 SLE-15557 SLE-15932 Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 21 recommended fixes and contains two features can now be installed. Description: This update for supportutils fixes the following issues: - Collects rotated logs with different compression types (bsc#1180478) - Captures now IBM Power bootlist (jsc#SLE-15557) - Fixed some errors with supportutils in combination with the btrfs filesystem (bsc#1168894) - Fixed an issue with ntp.txt, when it contains large binary data (bsc#1169122) - Checks package signatures in rpm.txt (bsc#1021918) - Optimize find (bsc#1184912) - Using zypper --xmlout (bsc#1181351) - Error fix for sysfs.txt (bsc#1089870) - Added list-timers to systemd.txt (bsc#1169348) - Including nfs4 in search (bsc#1184829) - [powerpc] Collect dynamic_debug log files for ibmvNIC #98 (bsc#1183826) - Fixed mismatched taint flags (bsc#1178491) - Removed redundant fdisk code that can cause timeout issues (bsc#1181679) - Supportconfig processes -f without hanging (bsc#1182904) - Collect logs for power specific components (using iprconfig) pr#94 (bsc#1182950) - [powerpc] Collect logs for power specific components (HNV) pr#88 (bsc#1181911) - Includes NVMe information with OPTION_NVME=1 in nvme.txt (bsc#1176370, SLE-15932) - No longer truncates boot log (bsc#1181610) - Collects rotated logs with different compression types (bsc#1180478) - Capture IBM Power bootlist (SLE-15557) - [powerpc] Collect logs for power specific components #72 (bscn#1176895) - Fixed btrfs errors (bsc#1168894) - Large ntp.txt with binary data (bsc#1169122) - Only include hostinfo details in /etc/motd (bsc#1170092) - Fixed CPU load average calculation (bsc#1170094) - Understands 3rd party packages on SLES or OpenSUSE (bsc#1170858) - Implement persistens host information across reboots (bsc#1183732) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1672=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1672=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1672=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1672=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1672=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1672=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1672=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1672=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1672=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1672=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1672=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1672=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1672=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1672=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1672=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (noarch): supportutils-3.1.15-5.31.2 - SUSE Manager Server 4.0 (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Manager Retail Branch Server 4.0 (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Manager Proxy 4.0 (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE Enterprise Storage 6 (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 - SUSE CaaS Platform 4.0 (noarch): hostinfo-1.0.6-20.4.2 supportutils-3.1.15-5.31.2 References: https://bugzilla.suse.com/1021918 https://bugzilla.suse.com/1089870 https://bugzilla.suse.com/1168894 https://bugzilla.suse.com/1169122 https://bugzilla.suse.com/1169348 https://bugzilla.suse.com/1170092 https://bugzilla.suse.com/1170094 https://bugzilla.suse.com/1170858 https://bugzilla.suse.com/1176370 https://bugzilla.suse.com/1178491 https://bugzilla.suse.com/1180478 https://bugzilla.suse.com/1181351 https://bugzilla.suse.com/1181610 https://bugzilla.suse.com/1181679 https://bugzilla.suse.com/1181911 https://bugzilla.suse.com/1182904 https://bugzilla.suse.com/1182950 https://bugzilla.suse.com/1183732 https://bugzilla.suse.com/1183826 https://bugzilla.suse.com/1184829 https://bugzilla.suse.com/1184912 From sle-updates at lists.suse.com Thu May 20 19:16:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 21:16:36 +0200 (CEST) Subject: SUSE-RU-2021:1680-1: moderate: Recommended update for sapwmp Message-ID: <20210520191636.A5143FF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapwmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1680-1 Rating: moderate References: #1184865 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sapwmp fixes the following issues: * Call 'sapwmp check' in supportconfig. * Remove 'sapstartsrv' from process tree and enable SLE15SP3 wmp-check. (bsc#1184865) * Install the 'wmp-check' to /usr/sbin * Include a script to check the setup of wmp. * capture: Graceful handling of missing PARENT_COMMANDS * capture: Apply scope limits only when they are non-zero * capture: Parse scope properties from config file Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-1680=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-1680=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): sapwmp-0.1+git.1619087532.40eb1b0-3.6.1 sapwmp-debuginfo-0.1+git.1619087532.40eb1b0-3.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): sapwmp-0.1+git.1619087532.40eb1b0-3.6.1 sapwmp-debuginfo-0.1+git.1619087532.40eb1b0-3.6.1 References: https://bugzilla.suse.com/1184865 From sle-updates at lists.suse.com Thu May 20 19:17:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 21:17:44 +0200 (CEST) Subject: SUSE-RU-2021:1677-1: Recommended update for purge-kernels-service Message-ID: <20210520191744.80ECFFF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for purge-kernels-service ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1677-1 Rating: low References: #1184399 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for purge-kernels-service fixes the following issues: - Add 'ZYPP_LOCK_TIMEOUT=-1' to keep waiting for the lock to avoid possible conflict with other background services uding zypper. (bsc#1184399) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1677=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1677=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): purge-kernels-service-0-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): purge-kernels-service-0-8.3.1 References: https://bugzilla.suse.com/1184399 From sle-updates at lists.suse.com Thu May 20 19:18:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 21:18:52 +0200 (CEST) Subject: SUSE-RU-2021:1676-1: moderate: Recommended update for prometheus-ha_cluster_exporter Message-ID: <20210520191852.72927FF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1676-1 Rating: moderate References: #1184422 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for prometheus-ha_cluster_exporter fixes the following issues: - Add parsing of the `crm_config` node in the CIB parser. - Update the minimum required Go version to 1.14. - Avoid duplicate metric recording errors for non-running OCFS resources. (bsc#1184422) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-1676=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-1676=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.2.2+git.1620117406.cf586eb-1.15.1 - SUSE Linux Enterprise Module for SAP Applications 15 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.2.2+git.1620117406.cf586eb-1.15.1 References: https://bugzilla.suse.com/1184422 From sle-updates at lists.suse.com Thu May 20 19:20:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 21:20:04 +0200 (CEST) Subject: SUSE-RU-2021:1678-1: moderate: Recommended update for prometheus-ha_cluster_exporter Message-ID: <20210520192004.A8F30FF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1678-1 Rating: moderate References: #1184422 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for prometheus-ha_cluster_exporter fixes the following issues: - Add parsing of the `crm_config` node in the CIB parser. - Update the minimum required Go version to 1.14. - Avoid duplicate metric recording errors for non-running OCFS resources. (bsc#1184422) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-1678=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-1678=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.2.2+git.1620117406.cf586eb-3.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.2.2+git.1620117406.cf586eb-3.12.1 References: https://bugzilla.suse.com/1184422 From sle-updates at lists.suse.com Thu May 20 19:21:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 21:21:14 +0200 (CEST) Subject: SUSE-RU-2021:1679-1: moderate: Recommended update for ddclient Message-ID: <20210520192114.04D1DFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ddclient ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1679-1 Rating: moderate References: #1185069 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ddclient fixes the following issues: - As '/var/run' is deprecated, replaced by '/run' in 'ddclient-tmpfiles.conf' (bsc#1185069) - Systemd expects the PID file to exist as soon as the main process exists. However, it takes quite a while until the pid file is created by the daemon process, so we delay the main process for 1 second before exit()ing. This gets rid of an annoying warning message in "systemctl status". Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1679=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1679=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): ddclient-3.8.3-3.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): ddclient-3.8.3-3.7.1 References: https://bugzilla.suse.com/1185069 From sle-updates at lists.suse.com Thu May 20 19:22:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 May 2021 21:22:26 +0200 (CEST) Subject: SUSE-RU-2021:1681-1: moderate: Recommended update for sapstartsrv-resource-agents Message-ID: <20210520192226.A60B7FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapstartsrv-resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1681-1 Rating: moderate References: #1185152 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sapstartsrv-resource-agents fixes the following issues: - Remove deprecated option "syslog" from the 'sapping.service' and 'sappong.service' files. (bsc#1185152) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-1681=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-1681=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-1681=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-1681=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): sapstartsrv-resource-agents-0.9.0+git.1619681975.ad20a04-1.9.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): sapstartsrv-resource-agents-0.9.0+git.1619681975.ad20a04-1.9.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): sapstartsrv-resource-agents-0.9.0+git.1619681975.ad20a04-1.9.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): sapstartsrv-resource-agents-0.9.0+git.1619681975.ad20a04-1.9.1 References: https://bugzilla.suse.com/1185152 From sle-updates at lists.suse.com Fri May 21 06:09:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 08:09:29 +0200 (CEST) Subject: SUSE-CU-2021:171-1: Security update of suse/sles12sp3 Message-ID: <20210521060929.307FFB46F0A@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:171-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.257 , suse/sles12sp3:latest Container Release : 24.257 Severity : important Type : security References : 1185408 1185409 1185410 1185698 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1658-1 Released: Wed May 19 18:20:42 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: Security issues fixed: CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Fri May 21 06:21:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 08:21:08 +0200 (CEST) Subject: SUSE-CU-2021:172-1: Security update of suse/sles12sp4 Message-ID: <20210521062108.6EECAB46F0A@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:172-1 Container Tags : suse/sles12sp4:26.294 , suse/sles12sp4:latest Container Release : 26.294 Severity : important Type : security References : 1179515 1184362 1185408 1185409 1185410 1185698 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1658-1 Released: Wed May 19 18:20:42 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: Security issues fixed: CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1667-1 Released: Thu May 20 09:34:34 2021 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515,1184362 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515, bsc#1184362) From sle-updates at lists.suse.com Fri May 21 06:29:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 08:29:43 +0200 (CEST) Subject: SUSE-CU-2021:173-1: Security update of suse/sles12sp5 Message-ID: <20210521062943.DE7DEB46F0A@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:173-1 Container Tags : suse/sles12sp5:6.5.179 , suse/sles12sp5:latest Container Release : 6.5.179 Severity : important Type : security References : 1179515 1184362 1185408 1185409 1185410 1185698 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1658-1 Released: Wed May 19 18:20:42 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: Security issues fixed: CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1667-1 Released: Thu May 20 09:34:34 2021 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515,1184362 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515, bsc#1184362) From sle-updates at lists.suse.com Fri May 21 16:16:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 18:16:49 +0200 (CEST) Subject: SUSE-RU-2021:1682-1: moderate: Recommended update for pacemaker Message-ID: <20210521161649.63B8DFF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1682-1 Rating: moderate References: #1148236 #1173668 #1174696 #1177212 #1178865 #1180618 #1181744 #1182607 #1184557 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - controller: Fix for the issue when the re-joined node gets the host names of non-DC nodes and fails. (bsc#1180618) - Fixed an issue when pacemaker generates invalid xml for certain failures. (rh#1931332) - fencer: Optimize merging of fencing history by removing unneeded entries on creation of history diff. (bsc#1181744) - fencing: Add a new function for checking if a fencing operation is in pending state. (bsc#1181744) - fencer: Update outdated pending operations according to returned ones from remote peer history. (bsc#1181744) - fencer: Fix if broadcast returned fencing operations to update outdated pending ones in remote peer history. (bsc#1181744) - execd: Skips merging of canceled fencing monitors. (#CLBZ5393) - liblrmd: Limit node name addition to proxied 'attrd' update commands. (rh#1907726) - controller, Pacemaker Explained: Improved the documentation of 'stonith-watchdog-timeout' cluster option. (bsc#1174696, bsc#1184557) - scheduler: Improved the documentation of 'have-watchdog' cluster option. (bsc#1174696, bsc#1184557) - libpe_status: Downgrade the message about the meaning of 'have-watchdog=true' to 'info'. (bsc#1174696, bsc#1184557) - scheduler: Update 'migrate-fail-9' test for migration code change. (bsc#1177212, bsc#1182607) - scheduler: Don't schedule a dangling migration stop if one already occurred. (bsc#1177212, bsc#1182607) - attrd: Prevent leftover attributes of shutdown node in 'cib'. (bsc#1173668) - crmadmin: Printing DC quietly if needed (bsc#1178865) - scheduler: Properly detect dangling migrations (bsc#1177212) - scheduler: Only successful 'ops' count for migration comparisons. (bsc#1177212) - libpe_status: Add sanity check when unpacking migration history. (bsc#1177212) - libpe_status: Check for stops correctly when unpacking migration. (bsc#1177212) - fencer: improve error checking and log messages for API action requests (bsc#1148236) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1682=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.1+20190417.13d370ca9-3.18.1 libpacemaker3-2.0.1+20190417.13d370ca9-3.18.1 libpacemaker3-debuginfo-2.0.1+20190417.13d370ca9-3.18.1 pacemaker-2.0.1+20190417.13d370ca9-3.18.1 pacemaker-cli-2.0.1+20190417.13d370ca9-3.18.1 pacemaker-cli-debuginfo-2.0.1+20190417.13d370ca9-3.18.1 pacemaker-debuginfo-2.0.1+20190417.13d370ca9-3.18.1 pacemaker-debugsource-2.0.1+20190417.13d370ca9-3.18.1 pacemaker-remote-2.0.1+20190417.13d370ca9-3.18.1 pacemaker-remote-debuginfo-2.0.1+20190417.13d370ca9-3.18.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): pacemaker-cts-2.0.1+20190417.13d370ca9-3.18.1 References: https://bugzilla.suse.com/1148236 https://bugzilla.suse.com/1173668 https://bugzilla.suse.com/1174696 https://bugzilla.suse.com/1177212 https://bugzilla.suse.com/1178865 https://bugzilla.suse.com/1180618 https://bugzilla.suse.com/1181744 https://bugzilla.suse.com/1182607 https://bugzilla.suse.com/1184557 From sle-updates at lists.suse.com Fri May 21 19:17:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:17:26 +0200 (CEST) Subject: SUSE-SU-2021:1693-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20210521191726.BAD78FF54@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1693-1 Rating: moderate References: #1185092 #1185281 Cross-References: CVE-2021-31607 CVSS scores: CVE-2021-31607 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the following issues: salt: - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) - Transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update - Remove duplicate directories from specfile - Improvements on "ansiblegate" module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks * General bugfixes spacecmd: - Rename system migration to system transfer - Rename SP to product migration Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-BETA-x86_64-2021-1693=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA (all): salt-common-3000+ds-1+2.15.1 salt-minion-3000+ds-1+2.15.1 spacecmd-4.2.8-2.15.1 References: https://www.suse.com/security/cve/CVE-2021-31607.html https://bugzilla.suse.com/1185092 https://bugzilla.suse.com/1185281 From sle-updates at lists.suse.com Fri May 21 19:18:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:18:37 +0200 (CEST) Subject: SUSE-SU-2021:14733-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20210521191837.0E076FF54@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14733-1 Rating: moderate References: #1099976 #1171257 #1172110 #1174855 #1176293 #1177474 #1179831 #1180101 #1180818 #1181290 #1181347 #1181368 #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182281 #1182293 #1182740 #1185092 #1185281 ECO-3212 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-31607 CVE-2021-3197 CVSS scores: CVE-2020-28243 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Description: This update fixes the following issues: salt: - Update to Salt release version 3002.2 (jsc#ECO-3212) - Drop support for Python2. Obsoletes `python2-salt` package - Virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devices passthrough support - Set distro requirement to oldest supported version in requirements/base.txt - Bring missing part of async batch implementation back - Always require python3-distro (bsc#1182293) - Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - Msgpack support for version >= 1.0.0 (bsc#1171257) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) - Transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update - Remove duplicate directories from specfile - Improvements on "ansiblegate" module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks * General bugfixes - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) - Only require python-certifi for CentOS7 - Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) - Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976) - Fix recursion false detection in payload (bsc#1180101) - Add sleep on exception handling on minion connection attempt to the master (bsc#1174855) - Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347) - Always require python-certifi (used by salt.ext.tornado) - Exclude SLE 12 from requiring python-certifi - Do not crash when unexpected cmd output at listing patches (bsc#1181290) - Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818) - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow extra_filerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - Virt: search for grub.xen path - Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs - Virt UEFI fix: virt.update when efi=True - Revert wrong zypper patch to support vendorchanges flags on pkg.install spacecmd: - Rename system migration to system transfer - Rename SP to product migration Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu184ct-client-tools-beta-202105-14733=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (all): salt-common-3002.2+ds-1+27.42.1 salt-minion-3002.2+ds-1+27.42.1 spacecmd-4.2.8-2.24.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-31607.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1099976 https://bugzilla.suse.com/1171257 https://bugzilla.suse.com/1172110 https://bugzilla.suse.com/1174855 https://bugzilla.suse.com/1176293 https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1179831 https://bugzilla.suse.com/1180101 https://bugzilla.suse.com/1180818 https://bugzilla.suse.com/1181290 https://bugzilla.suse.com/1181347 https://bugzilla.suse.com/1181368 https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182281 https://bugzilla.suse.com/1182293 https://bugzilla.suse.com/1182740 https://bugzilla.suse.com/1185092 https://bugzilla.suse.com/1185281 From sle-updates at lists.suse.com Fri May 21 19:22:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:22:04 +0200 (CEST) Subject: SUSE-SU-2021:14734-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20210521192204.A3D2CFF54@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14734-1 Rating: moderate References: #1099976 #1171257 #1172110 #1174855 #1176293 #1177474 #1179831 #1180101 #1180818 #1181290 #1181347 #1181368 #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182281 #1182293 #1182740 #1185092 #1185281 ECO-3212 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-31607 CVE-2021-3197 CVSS scores: CVE-2020-28243 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Description: This update fixes the following issues: salt: - Update to Salt release version 3002.2 (jsc#ECO-3212) - Drop support for Python2. Obsoletes `python2-salt` package - Virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devices passthrough support - Set distro requirement to oldest supported version in requirements/base.txt - Bring missing part of async batch implementation back - Always require python3-distro (bsc#1182293) - Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing (Revert https://github.com/saltstack/salt/pull/58655) - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - Msgpack support for version >= 1.0.0 (bsc#1171257) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) - Transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update - Remove duplicate directories from specfile - Improvements on "ansiblegate" module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Prevent breaking Ansible filter modules (bsc#1177474) - Only require python-certifi for CentOS7 - Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) - Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976) - Fix recursion false detection in payload (bsc#1180101) - Add sleep on exception handling on minion connection attempt to the master (bsc#1174855) - Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347) - Always require python-certifi (used by salt.ext.tornado) - Exclude SLE 12 from requiring python-certifi - Do not crash when unexpected cmd output at listing patches (bsc#1181290) - Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818) - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow extra_filerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - Virt: search for grub.xen path - Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs - Virt UEFI fix: virt.update when efi=True - Revert wrong zypper patch to support vendorchanges flags on pkg.install spacecmd: - Rename system migration to system transfer - Rename SP to product migration Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu204ct-client-tools-beta-202105-14734=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (all): salt-common-3002.2+ds-1+2.27.1 salt-minion-3002.2+ds-1+2.27.1 spacecmd-4.2.8-2.18.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-31607.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1099976 https://bugzilla.suse.com/1171257 https://bugzilla.suse.com/1172110 https://bugzilla.suse.com/1174855 https://bugzilla.suse.com/1176293 https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1179831 https://bugzilla.suse.com/1180101 https://bugzilla.suse.com/1180818 https://bugzilla.suse.com/1181290 https://bugzilla.suse.com/1181347 https://bugzilla.suse.com/1181368 https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182281 https://bugzilla.suse.com/1182293 https://bugzilla.suse.com/1182740 https://bugzilla.suse.com/1185092 https://bugzilla.suse.com/1185281 From sle-updates at lists.suse.com Fri May 21 19:25:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:25:22 +0200 (CEST) Subject: SUSE-RU-2021:1695-1: important: Include a cri-o and kubernetes bug fixes and a fresh rebuild of container images Message-ID: <20210521192522.0D6A4FF54@maintenance.suse.de> SUSE Recommended Update: Include a cri-o and kubernetes bug fixes and a fresh rebuild of container images ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1695-1 Rating: important References: #1181585 #1183541 Affected Products: SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: == Kubernetes bsc#1181585 kubernetes issue is a backport of the upstream bug: https://github.com/kubernetes/kubernetes/pull/89937 == Cri-o bsc#1183541 ensures cri-o service is started before kubelet service to fix a bad interaction of these two services performing image garbage collection Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.5 (aarch64 x86_64): caasp-release-4.5.4-1.16.2 cri-o-1.18-1.18.4-4.8.1 cri-o-1.18-kubeadm-criconfig-1.18.4-4.8.1 kubernetes-1.18-kubeadm-1.18.10-4.8.1 kubernetes-1.18-kubelet-1.18.10-4.8.1 skuba-2.1.14-3.15.10.2 - SUSE CaaS Platform 4.5 (noarch): skuba-update-2.1.14-3.15.10.2 References: https://bugzilla.suse.com/1181585 https://bugzilla.suse.com/1183541 From sle-updates at lists.suse.com Fri May 21 19:26:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:26:32 +0200 (CEST) Subject: SUSE-RU-2021:1696-1: moderate: Recommended update for mdadm Message-ID: <20210521192632.923FCFF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1696-1 Rating: moderate References: #1175758 #1181619 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - Fixed an issue when md device broke while adding another disk. (bsc#1181619) - imsm: Add nvme multipath support. (bsc#1175758) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1696=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1696=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): mdadm-4.1-15.32.1 mdadm-debuginfo-4.1-15.32.1 mdadm-debugsource-4.1-15.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): mdadm-4.1-15.32.1 mdadm-debuginfo-4.1-15.32.1 mdadm-debugsource-4.1-15.32.1 References: https://bugzilla.suse.com/1175758 https://bugzilla.suse.com/1181619 From sle-updates at lists.suse.com Fri May 21 19:27:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:27:47 +0200 (CEST) Subject: SUSE-RU-2021:1683-1: moderate: Recommended update for systemd Message-ID: <20210521192747.0BECDFF54@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1683-1 Rating: moderate References: #1178561 #1184967 #1185046 #1185331 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for systemd fixes the following issues: systemctl: add --value option execute: make sure to call into PAM after initializing resource limits. (bsc#1184967) rlimit-util: introduce setrlimit_closest_all() system-conf: drop reference to ShutdownWatchdogUsec= core: rename ShutdownWatchdogSec to RebootWatchdogSec. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: set execute bits. (bsc#1178561) udev: rework network device renaming. Revert "Revert "udev: network device renaming - immediately give up if the target name isn't available"" Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1683=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1683=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libudev-devel-228-157.27.1 systemd-debuginfo-228-157.27.1 systemd-debugsource-228-157.27.1 systemd-devel-228-157.27.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsystemd0-228-157.27.1 libsystemd0-debuginfo-228-157.27.1 libudev-devel-228-157.27.1 libudev1-228-157.27.1 libudev1-debuginfo-228-157.27.1 systemd-228-157.27.1 systemd-debuginfo-228-157.27.1 systemd-debugsource-228-157.27.1 systemd-devel-228-157.27.1 systemd-sysvinit-228-157.27.1 udev-228-157.27.1 udev-debuginfo-228-157.27.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsystemd0-32bit-228-157.27.1 libsystemd0-debuginfo-32bit-228-157.27.1 libudev1-32bit-228-157.27.1 libudev1-debuginfo-32bit-228-157.27.1 systemd-32bit-228-157.27.1 systemd-debuginfo-32bit-228-157.27.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-bash-completion-228-157.27.1 References: https://bugzilla.suse.com/1178561 https://bugzilla.suse.com/1184967 https://bugzilla.suse.com/1185046 https://bugzilla.suse.com/1185331 From sle-updates at lists.suse.com Fri May 21 19:29:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:29:07 +0200 (CEST) Subject: SUSE-SU-2021:1688-1: moderate: Security Beta update for Salt Message-ID: <20210521192907.48034FF54@maintenance.suse.de> SUSE Security Update: Security Beta update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1688-1 Rating: moderate References: #1173692 #1185092 #1185281 Cross-References: CVE-2021-31607 CVSS scores: CVE-2021-31607 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update fixes the following issues: salt: - Parsing Epoch out of version provided during pkg remove (bsc#1173692) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) - Transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update - Remove duplicate directories from specfile - Improvements on "ansiblegate" module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks * General bugfixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-1688=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): python2-salt-3000-49.35.1 python3-salt-3000-49.35.1 salt-3000-49.35.1 salt-doc-3000-49.35.1 salt-minion-3000-49.35.1 References: https://www.suse.com/security/cve/CVE-2021-31607.html https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1185092 https://bugzilla.suse.com/1185281 From sle-updates at lists.suse.com Fri May 21 19:30:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:30:23 +0200 (CEST) Subject: SUSE-SU-2021:14732-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20210521193023.49CB4FF54@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14732-1 Rating: moderate References: #1177884 #1185178 #1185281 Cross-References: CVE-2021-31607 CVSS scores: CVE-2021-31607 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update fixes the following issues: mgr-daemon: - Update translation strings mgr-osad: - Change the log file permissions as expected by logrotate (bsc#1177884) - Change deprecated path /var/run into /run for systemd (bsc#1185178) salt: - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) spacecmd: - Rename system migration to system transfer - Rename SP to product migration spacewalk-client-tools: - Update translations string Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA: zypper in -t patch slesctsp4-client-tools-beta-202105-14732=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA: zypper in -t patch slesctsp3-client-tools-beta-202105-14732=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (i586 ia64 ppc64 s390x x86_64): mgr-daemon-4.2.7-8.12.1 mgr-osad-4.2.5-8.15.1 python2-mgr-osa-common-4.2.5-8.15.1 python2-mgr-osad-4.2.5-8.15.1 python2-spacewalk-check-4.2.10-30.30.1 python2-spacewalk-client-setup-4.2.10-30.30.1 python2-spacewalk-client-tools-4.2.10-30.30.1 salt-2016.11.10-46.18.1 salt-doc-2016.11.10-46.18.1 salt-minion-2016.11.10-46.18.1 spacecmd-4.2.8-21.24.1 spacewalk-check-4.2.10-30.30.1 spacewalk-client-setup-4.2.10-30.30.1 spacewalk-client-tools-4.2.10-30.30.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (i586 ia64 ppc64 s390x x86_64): mgr-daemon-4.2.7-8.12.1 mgr-osad-4.2.5-8.15.1 python2-mgr-osa-common-4.2.5-8.15.1 python2-mgr-osad-4.2.5-8.15.1 python2-spacewalk-check-4.2.10-30.30.1 python2-spacewalk-client-setup-4.2.10-30.30.1 python2-spacewalk-client-tools-4.2.10-30.30.1 salt-2016.11.10-46.18.1 salt-doc-2016.11.10-46.18.1 salt-minion-2016.11.10-46.18.1 spacecmd-4.2.8-21.24.1 spacewalk-check-4.2.10-30.30.1 spacewalk-client-setup-4.2.10-30.30.1 spacewalk-client-tools-4.2.10-30.30.1 References: https://www.suse.com/security/cve/CVE-2021-31607.html https://bugzilla.suse.com/1177884 https://bugzilla.suse.com/1185178 https://bugzilla.suse.com/1185281 From sle-updates at lists.suse.com Fri May 21 19:31:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:31:45 +0200 (CEST) Subject: SUSE-SU-2021:1690-1: moderate: Security Beta update for Salt Message-ID: <20210521193145.52C0CFF54@maintenance.suse.de> SUSE Security Update: Security Beta update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1690-1 Rating: moderate References: #1099976 #1171257 #1172110 #1174855 #1176293 #1177474 #1179831 #1180101 #1180818 #1181290 #1181347 #1181368 #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182281 #1182293 #1182740 #1185092 #1185281 ECO-3212 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-31607 CVE-2021-3197 CVSS scores: CVE-2020-28243 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Description: This update fixes the following issues: salt: - Update to Salt release version 3002.2 (jsc#ECO-3212) - Drop support for Python2. Obsoletes "python2-salt" package - Virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devices passthrough support - Set distro requirement to oldest supported version in requirements/base.txt - Bring missing part of async batch implementation back - Always require python3-distro (bsc#1182293) - Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - Msgpack support for version >= 1.0.0 (bsc#1171257) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) - Transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update - Remove duplicate directories from specfile - Improvements on "ansiblegate" module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) - Only require python-certifi for CentOS7 - Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) - Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976) - Fix recursion false detection in payload (bsc#1180101) - Add sleep on exception handling on minion connection attempt to the master (bsc#1174855) - Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347) - Always require python-certifi (used by salt.ext.tornado) - Exclude SLE 12 from requiring python-certifi - Do not crash when unexpected cmd output at listing patches (bsc#1181290) - Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818) - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow extra_filerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - Virt: search for grub.xen path - Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs - Virt UEFI fix: virt.update when efi=True - Revert wrong zypper patch to support vendorchanges flags on pkg.install Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-1690=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-8.41.1 salt-3002.2-8.41.1 salt-api-3002.2-8.41.1 salt-cloud-3002.2-8.41.1 salt-doc-3002.2-8.41.1 salt-master-3002.2-8.41.1 salt-minion-3002.2-8.41.1 salt-proxy-3002.2-8.41.1 salt-ssh-3002.2-8.41.1 salt-standalone-formulas-configuration-3002.2-8.41.1 salt-syndic-3002.2-8.41.1 - SUSE Manager Tools 15-BETA (noarch): salt-bash-completion-3002.2-8.41.1 salt-fish-completion-3002.2-8.41.1 salt-zsh-completion-3002.2-8.41.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-31607.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1099976 https://bugzilla.suse.com/1171257 https://bugzilla.suse.com/1172110 https://bugzilla.suse.com/1174855 https://bugzilla.suse.com/1176293 https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1179831 https://bugzilla.suse.com/1180101 https://bugzilla.suse.com/1180818 https://bugzilla.suse.com/1181290 https://bugzilla.suse.com/1181347 https://bugzilla.suse.com/1181368 https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182281 https://bugzilla.suse.com/1182293 https://bugzilla.suse.com/1182740 https://bugzilla.suse.com/1185092 https://bugzilla.suse.com/1185281 From sle-updates at lists.suse.com Fri May 21 19:35:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:35:04 +0200 (CEST) Subject: SUSE-RU-2021:1687-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20210521193504.2CA14FF54@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1687-1 Rating: moderate References: #1177884 #1185178 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-prometheus-prometheus: - Upgrade to upstream version 2.26.0 + Changes * Alerting: Using Alertmanager v2 API by default. * Prometheus/Promtool: Binaries are now printing help and usage to stdout instead of stderr. * UI: Make the React UI default. * Remote write: The following metrics were removed/renamed in remote write. > prometheus_remote_storage_succeeded_samples_total was removed and prometheus_remote_storage_samples_total was introduced for all the samples attempted to send. > prometheus_remote_storage_sent_bytes_total was removed and replaced with prometheus_remote_storage_samples_bytes_total and prometheus_remote_storage_metadata_bytes_total. > prometheus_remote_storage_failed_samples_total -> prometheus_remote_storage_samples_failed_total. > prometheus_remote_storage_retried_samples_total -> prometheus_remote_storage_samples_retried_total. > prometheus_remote_storage_dropped_samples_total -> prometheus_remote_storage_samples_dropped_total. > prometheus_remote_storage_pending_samples -> prometheus_remote_storage_samples_pending. * Remote: Do not collect non-initialized timestamp metrics. + Features * Remote: Add support for AWS SigV4 auth method for remote_write. * PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. * UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. * Include a new `--enable-feature=` flag that enables experimental features. * Add TLS and basic authentication to HTTP endpoints. * promtool: Add check web-config subcommand to check web config files. * promtool: Add tsdb create-blocks-from openmetrics subcommand to backfill metrics data from an OpenMetrics file. + Enhancements * PromQL: Add last_over_time, sgn, clamp functions. * Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. * Scrape: Add follow_redirects option to scrape configuration. * Remote: Allow retries on HTTP 429 response code for remote_write. * Remote: Allow configuring custom headers for remote_read. * UI: Hitting Enter now triggers new query. * UI: Better handling of long rule and names on the /rules and /targets pages. * UI: Add collapse/expand all button on the /targets page. * Add optional name property to testgroup for better test failure output. * Add warnings into React Panel on the Graph page. * TSDB: Increase the number of buckets for the compaction duration metric. * Remote: Allow passing along custom remote_write HTTP headers. * Mixins: Scope grafana configuration. * Kubernetes SD: Add endpoint labels metadata. * UI: Expose total number of label pairs in head in TSDB stats page. * TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. * Cache basic authentication results to significantly improve performance of HTTP endpoints. * HTTP API: Fast-fail queries with only empty matchers. * HTTP API: Support matchers for labels API. * promtool: Improve checking of URLs passed on the command line. * SD: Expose IPv6 as a label in EC2 SD. * SD: Reuse EC2 client, reducing frequency of requesting credentials. * TSDB: Add logging when compaction takes more than the block time range. * TSDB: Avoid unnecessary GC runs after compaction. * Remote write: Added a metric prometheus_remote_storage_max_samples_per_send for remote write. * TSDB: Make the snapshot directory name always the same length. * TSDB: Create a checkpoint only once at the end of all head compactions. * TSDB: Avoid Series API from hitting the chunks. * TSDB: Cache label name and last value when adding series during compactions making compactions faster. * PromQL: Improved performance of Hash method making queries a bit faster. * promtool: tsdb list now prints block sizes. * promtool: Calculate mint and maxt per test avoiding unnecessary calculations. * SD: Add filtering of services to Docker Swarm SD. + Bug fixes * API: Fix global URL when external address has no port. * Deprecate unused flag --alertmanager.timeout. mgr-daemon: - Update translation strings mgr-osad: - Change the log file permissions as expected by logrotate (bsc#1177884) - Change deprecated path /var/run into /run for systemd (bsc#1185178) spacecmd: - Rename system migration to system transfer - Rename SP to product migration spacewalk-client-tools: - Update translations string Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-1687=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.26.0-4.18.1 - SUSE Manager Tools 12-BETA (noarch): mgr-daemon-4.2.7-4.12.1 mgr-osad-4.2.5-4.15.1 python2-mgr-osa-common-4.2.5-4.15.1 python2-mgr-osad-4.2.5-4.15.1 python2-spacewalk-check-4.2.10-55.30.1 python2-spacewalk-client-setup-4.2.10-55.30.1 python2-spacewalk-client-tools-4.2.10-55.30.1 spacecmd-4.2.8-41.24.1 spacewalk-check-4.2.10-55.30.1 spacewalk-client-setup-4.2.10-55.30.1 spacewalk-client-tools-4.2.10-55.30.1 References: https://bugzilla.suse.com/1177884 https://bugzilla.suse.com/1185178 From sle-updates at lists.suse.com Fri May 21 19:36:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:36:18 +0200 (CEST) Subject: SUSE-SU-2021:1694-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20210521193618.74981FF54@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1694-1 Rating: moderate References: #1099976 #1171257 #1172110 #1174855 #1176293 #1177474 #1179831 #1180101 #1180818 #1181290 #1181347 #1181368 #1181550 #1181556 #1181557 #1181558 #1181559 #1181560 #1181561 #1181562 #1181563 #1181564 #1181565 #1182281 #1182293 #1182740 #1185092 #1185281 ECO-3212 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-31607 CVE-2021-3197 CVSS scores: CVE-2020-28243 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-28972 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-35662 (SUSE): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2021-25281 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25281 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25282 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-25282 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25284 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2021-25284 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3144 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3144 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3148 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3197 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Description: This update fixes the following issues: salt: - Update to Salt release version 3002.2 (jsc#ECO-3212) - Drop support for Python2. Obsoletes "python2-salt" package - Virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devices passthrough support - Set distro requirement to oldest supported version in requirements/base.txt - Bring missing part of async batch implementation back - Always require python3-distro (bsc#1182293) - Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - Msgpack support for version >= 1.0.0 (bsc#1171257) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) - Remove duplicate directories from specfile - Improvements on "ansiblegate" module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) - Add core grains support for AlmaLinux - Allow vendor change option with zypper - Virt: virtual network backports to Salt 3000 - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) - Only require python-certifi for CentOS7 - Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) - Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976) - Fix recursion false detection in payload (bsc#1180101) - Add sleep on exception handling on minion connection attempt to the master (bsc#1174855) - Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347) - Always require python-certifi (used by salt.ext.tornado) - Exclude SLE 12 from requiring python-certifi - Do not crash when unexpected cmd output at listing patches (bsc#1181290) - Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818) - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow extra_filerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - Virt: search for grub.xen path - Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs - Virt UEFI fix: virt.update when efi=True - Revert wrong zypper patch to support vendorchanges flags on pkg.install spacecmd: - Rename system migration to system transfer - Rename SP to product migration Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-x86_64-2021-1694=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (all): salt-common-3002.2+ds-1+2.24.1 salt-minion-3002.2+ds-1+2.24.1 spacecmd-4.2.8-2.15.1 References: https://www.suse.com/security/cve/CVE-2020-28243.html https://www.suse.com/security/cve/CVE-2020-28972.html https://www.suse.com/security/cve/CVE-2020-35662.html https://www.suse.com/security/cve/CVE-2021-25281.html https://www.suse.com/security/cve/CVE-2021-25282.html https://www.suse.com/security/cve/CVE-2021-25283.html https://www.suse.com/security/cve/CVE-2021-25284.html https://www.suse.com/security/cve/CVE-2021-3144.html https://www.suse.com/security/cve/CVE-2021-3148.html https://www.suse.com/security/cve/CVE-2021-31607.html https://www.suse.com/security/cve/CVE-2021-3197.html https://bugzilla.suse.com/1099976 https://bugzilla.suse.com/1171257 https://bugzilla.suse.com/1172110 https://bugzilla.suse.com/1174855 https://bugzilla.suse.com/1176293 https://bugzilla.suse.com/1177474 https://bugzilla.suse.com/1179831 https://bugzilla.suse.com/1180101 https://bugzilla.suse.com/1180818 https://bugzilla.suse.com/1181290 https://bugzilla.suse.com/1181347 https://bugzilla.suse.com/1181368 https://bugzilla.suse.com/1181550 https://bugzilla.suse.com/1181556 https://bugzilla.suse.com/1181557 https://bugzilla.suse.com/1181558 https://bugzilla.suse.com/1181559 https://bugzilla.suse.com/1181560 https://bugzilla.suse.com/1181561 https://bugzilla.suse.com/1181562 https://bugzilla.suse.com/1181563 https://bugzilla.suse.com/1181564 https://bugzilla.suse.com/1181565 https://bugzilla.suse.com/1182281 https://bugzilla.suse.com/1182293 https://bugzilla.suse.com/1182740 https://bugzilla.suse.com/1185092 https://bugzilla.suse.com/1185281 From sle-updates at lists.suse.com Fri May 21 19:39:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 May 2021 21:39:36 +0200 (CEST) Subject: SUSE-RU-2021:1689-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20210521193936.7EC5BFF59@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1689-1 Rating: moderate References: #1177884 #1185178 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: POS_Image-Graphical7: - Use absolute path in bootloader service POS_Image-JeOS7: - Use absolute path in bootloader service golang-github-prometheus-prometheus: - Upgrade to upstream version 2.26.0 + Changes * Alerting: Using Alertmanager v2 API by default. * Prometheus/Promtool: Binaries are now printing help and usage to stdout instead of stderr. * UI: Make the React UI default. * Remote write: The following metrics were removed/renamed in remote write. > prometheus_remote_storage_succeeded_samples_total was removed and prometheus_remote_storage_samples_total was introduced for all the samples attempted to send. > prometheus_remote_storage_sent_bytes_total was removed and replaced with prometheus_remote_storage_samples_bytes_total and prometheus_remote_storage_metadata_bytes_total. > prometheus_remote_storage_failed_samples_total -> prometheus_remote_storage_samples_failed_total. > prometheus_remote_storage_retried_samples_total -> prometheus_remote_storage_samples_retried_total. > prometheus_remote_storage_dropped_samples_total -> prometheus_remote_storage_samples_dropped_total. > prometheus_remote_storage_pending_samples -> prometheus_remote_storage_samples_pending. * Remote: Do not collect non-initialized timestamp metrics. + Features * Remote: Add support for AWS SigV4 auth method for remote_write. * PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. * UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. * Include a new `--enable-feature=` flag that enables experimental features. * Add TLS and basic authentication to HTTP endpoints. * promtool: Add check web-config subcommand to check web config files. * promtool: Add tsdb create-blocks-from openmetrics subcommand to backfill metrics data from an OpenMetrics file. + Enhancements * PromQL: Add last_over_time, sgn, clamp functions. * Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. * Scrape: Add follow_redirects option to scrape configuration. * Remote: Allow retries on HTTP 429 response code for remote_write. * Remote: Allow configuring custom headers for remote_read. * UI: Hitting Enter now triggers new query. * UI: Better handling of long rule and names on the /rules and /targets pages. * UI: Add collapse/expand all button on the /targets page. * Add optional name property to testgroup for better test failure output. * Add warnings into React Panel on the Graph page. * TSDB: Increase the number of buckets for the compaction duration metric. * Remote: Allow passing along custom remote_write HTTP headers. * Mixins: Scope grafana configuration. * Kubernetes SD: Add endpoint labels metadata. * UI: Expose total number of label pairs in head in TSDB stats page. * TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. * Cache basic authentication results to significantly improve performance of HTTP endpoints. * HTTP API: Fast-fail queries with only empty matchers. * HTTP API: Support matchers for labels API. * promtool: Improve checking of URLs passed on the command line. * SD: Expose IPv6 as a label in EC2 SD. * SD: Reuse EC2 client, reducing frequency of requesting credentials. * TSDB: Add logging when compaction takes more than the block time range. * TSDB: Avoid unnecessary GC runs after compaction. * Remote write: Added a metric prometheus_remote_storage_max_samples_per_send for remote write. * TSDB: Make the snapshot directory name always the same length. * TSDB: Create a checkpoint only once at the end of all head compactions. * TSDB: Avoid Series API from hitting the chunks. * TSDB: Cache label name and last value when adding series during compactions making compactions faster. * PromQL: Improved performance of Hash method making queries a bit faster. * promtool: tsdb list now prints block sizes. * promtool: Calculate mint and maxt per test avoiding unnecessary calculations. * SD: Add filtering of services to Docker Swarm SD. + Bug fixes * API: Fix global URL when external address has no port. * Deprecate unused flag --alertmanager.timeout. mgr-daemon: - Update translation strings mgr-osad: - Change the log file permissions as expected by logrotate (bsc#1177884) - Change deprecated path /var/run into /run for systemd (bsc#1185178) spacecmd: - Rename system migration to system transfer - Rename SP to product migration spacewalk-client-tools: - Update translations string Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-1689=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.26.0-6.18.1 - SUSE Manager Tools 15-BETA (noarch): POS_Image-Graphical7-0.1.1620138994.d7f39a0-3.21.1 POS_Image-JeOS7-0.1.1620138994.d7f39a0-3.21.1 ansible-2.9.21-3.3.1 ansible-doc-2.9.21-3.3.1 mgr-daemon-4.2.7-4.12.1 mgr-osad-4.2.5-4.15.1 python3-mgr-osa-common-4.2.5-4.15.1 python3-mgr-osad-4.2.5-4.15.1 python3-python-memcached-1.59-6.2.1 python3-pyvmomi-6.7.3-3.3.1 python3-redis-3.4.1-6.2.1 python3-spacewalk-check-4.2.10-6.30.1 python3-spacewalk-client-setup-4.2.10-6.30.1 python3-spacewalk-client-tools-4.2.10-6.30.1 spacecmd-4.2.8-6.24.1 spacewalk-check-4.2.10-6.30.1 spacewalk-client-setup-4.2.10-6.30.1 spacewalk-client-tools-4.2.10-6.30.1 References: https://bugzilla.suse.com/1177884 https://bugzilla.suse.com/1185178 From sle-updates at lists.suse.com Fri May 21 22:16:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 May 2021 00:16:53 +0200 (CEST) Subject: SUSE-RU-2021:1698-1: moderate: Recommended update for SAPHanaSR-ScaleOut Message-ID: <20210521221653.5DF80FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1698-1 Rating: moderate References: #1144442 #1182115 #1182545 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SAPHanaSR-ScaleOut fixes the following issues: - The resource start and stop timeout is now configurable by increasing the timeout for the action 'start' and/or 'stop'. (bsc#1182545) - Add return codes for saphana_stop and saphana_StopSystem. (bsc#1182115) - Man page SAPhanaSR-ScaleOut minor mistakes. (bsc#1144442) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-1698=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-1698=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-1698=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-1698=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): SAPHanaSR-ScaleOut-0.164.2-3.16.1 SAPHanaSR-ScaleOut-doc-0.164.2-3.16.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): SAPHanaSR-ScaleOut-0.164.2-3.16.1 SAPHanaSR-ScaleOut-doc-0.164.2-3.16.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): SAPHanaSR-ScaleOut-0.164.2-3.16.1 SAPHanaSR-ScaleOut-doc-0.164.2-3.16.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): SAPHanaSR-ScaleOut-0.164.2-3.16.1 SAPHanaSR-ScaleOut-doc-0.164.2-3.16.1 References: https://bugzilla.suse.com/1144442 https://bugzilla.suse.com/1182115 https://bugzilla.suse.com/1182545 From sle-updates at lists.suse.com Fri May 21 22:18:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 May 2021 00:18:15 +0200 (CEST) Subject: SUSE-RU-2021:1697-1: moderate: Recommended update for yast2-auth-client Message-ID: <20210521221815.149AAFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-auth-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1697-1 Rating: moderate References: #1083947 #1172340 #1181927 #1184630 #1185499 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for yast2-auth-client fixes the following issues: - Fix an error importing the configuration when the json does not contain all keys. (bsc#1184630) - Fix 'nss_ldap' package unnecessarily installed. (bsc#1185499) - Fix reading value of 'LDAP TLS' setting. (bsc#1181927) - Fix cli 'help' handling for 'auth-client' and 'ldapkrb'. (bsc#1172340) - Fix untranslated text in YaST dialog. (bsc#1083947) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1697=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-auth-client-4.2.6-3.3.1 References: https://bugzilla.suse.com/1083947 https://bugzilla.suse.com/1172340 https://bugzilla.suse.com/1181927 https://bugzilla.suse.com/1184630 https://bugzilla.suse.com/1185499 From sle-updates at lists.suse.com Sat May 22 06:07:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 May 2021 08:07:37 +0200 (CEST) Subject: SUSE-CU-2021:175-1: Recommended update of suse/sles12sp5 Message-ID: <20210522060737.E1E6FB46F0A@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:175-1 Container Tags : suse/sles12sp5:6.5.180 , suse/sles12sp5:latest Container Release : 6.5.180 Severity : moderate Type : recommended References : 1178561 1184967 1185046 1185331 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1683-1 Released: Fri May 21 15:38:24 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178561,1184967,1185046,1185331 This update for systemd fixes the following issues: systemctl: add --value option execute: make sure to call into PAM after initializing resource limits. (bsc#1184967) rlimit-util: introduce setrlimit_closest_all() system-conf: drop reference to ShutdownWatchdogUsec= core: rename ShutdownWatchdogSec to RebootWatchdogSec. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: set execute bits. (bsc#1178561) udev: rework network device renaming. Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available'' From sle-updates at lists.suse.com Mon May 24 13:16:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 May 2021 15:16:44 +0200 (CEST) Subject: SUSE-RU-2021:1699-1: Recommended update for python36 Message-ID: <20210524131644.B559AFD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for python36 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1699-1 Rating: low References: Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for python36 fixes the following issues: - Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1699=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.13-4.42.1 libpython3_6m1_0-debuginfo-3.6.13-4.42.1 python36-3.6.13-4.42.1 python36-base-3.6.13-4.42.1 python36-base-debuginfo-3.6.13-4.42.1 python36-debuginfo-3.6.13-4.42.1 python36-debugsource-3.6.13-4.42.1 References: From sle-updates at lists.suse.com Mon May 24 19:16:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 May 2021 21:16:43 +0200 (CEST) Subject: SUSE-RU-2021:1700-1: moderate: Recommended update for google-guest-agent, google-guest-oslogin, google-osconfig-agent Message-ID: <20210524191643.685C4FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-oslogin, google-osconfig-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1700-1 Rating: moderate References: #1185848 #1185849 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-guest-agent, google-guest-oslogin, google-osconfig-agent contains the following fixes: - Update to version 20210414.00 (bsc#1185848, bsc#1185849) * start sshd (#106) * Add systemd-networkd.service restart dependency. (#104) * Update error message for handleHealthCheckRequest. (#105) - Update to version 20210429.00 (bsc#1185848, bsc#1185849) * correct pagetoken in groupsforuser (#59) * resolve self groups last (#58) * support empty groups (#57) * no paginating to find groups (#56) * clear users vector (#55) * correct usage of pagetoken (#54) - Update to version 20210506.00 (bsc#1185848, bsc#1185849) * Add more os policy assignment examples (#348) * e2e_tests: enable stable tests for OSPolicies (#347) * Align start and end task logs (#346) * ConfigTask: add additional info logs (#345) * e2e_tests: add validation tests (#344) * Config Task: make sure agent respects policy mode (#343) * update * e2e_tests: readd retries to OSPolicies * Set minWaitDuration as a string instead of object (#341) * e2e_tests: Fix a few SUSE tests (#339) * Remove pre-release flag from config (#340) * e2e_tests: fixup OSPolicy tests (#338) * e2e_tests: unlock mutex for CreatePolicies as soon as create finishes (#337) * e2e_tests: Don't retry failed OSPolicy tests, fix msi test (#336) * Examples for os policy assignments (#334) * e2e_tests: increase the deadline for OSPolicy tests and only start after a zone has been secured (#335) * Fix panic when installing MSI (#332) * e2e_tests: Add test cases of installing dbe, rpm and msi packages (#333) * e2e_tests: add more logging * e2e_tests: (#330) * e2e_test: Add timouts to OSPolicy tests so we don't wait forever (#329) * Create top level directories for gcloud and console for os policy assignment examples (#328) * e2e_tests: Move api from an internal directory (#327) * Make sure we use the same test name for reruns (#326) * Add CONFIG_V1 capability (#325) * e2e_tests: reduce size of instances, use pd-balanced, rerun failed tests once (#324) * Only report installed packages for dpkg (#322) * e2e_tests: fix windows package and repository tests (#323) * Add top level directories for os policy examples (#321) * e2e_tests: move to using inventory api for inventory reporting (#320) * e2e_tests: add ExecResource tests (#319) * ExecResource: make sure we set permissions correctly for downloaded files (#318) * Config task: only run post check on resources that have already been evaluated (#317) * e2e_test: reorganize OSPolicy tests to be per Resource type (#316) * Set custom user agent (#299) * e2e_tests: check InstanceOSPoliciesCompliance for each test case, add LocalPath FileResource test (#314) * PackageResource: make sure to run AptUpdate prior to package install (#315) * Fix bugs/add more logging for OSPolicies (#313) * Change metadata http client to ignore http proxies (#312) * e2e_test: add tests for FileResource (#311) * Add task_type context logging (#310) * Fix e2e_test typo (#309) * Fix e2e_tests (#308) * Disable OSPolicies by default since it is an unreleased feature (#307) * e2e_tests: Add more OSPolicies package and repo tests (#306) * Do not enforce repo_gpgcheck in guestpolicies (#305) * Gather inventory 3-5min after agent start (#303) * e2e_tests: add OSPolicies tests for package install (#302) * Add helpful error log if a service account is missing (#304) * OSPolicies: correct apt repo extension, remove yum/zypper gpgcheck override (#301) * Update cos library to parse new version of packages file (#300) * config_task: Rework config step logic (#296) * e2e_test: enable serial logs in cos to support ReportInventory test (#297) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-1700=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1700=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-1700=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): google-guest-agent-20210414.00-1.20.1 google-guest-oslogin-20210429.00-1.18.1 google-guest-oslogin-debuginfo-20210429.00-1.18.1 google-guest-oslogin-debugsource-20210429.00-1.18.1 google-osconfig-agent-20210506.00-1.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): google-guest-agent-20210414.00-1.20.1 google-guest-oslogin-20210429.00-1.18.1 google-guest-oslogin-debuginfo-20210429.00-1.18.1 google-guest-oslogin-debugsource-20210429.00-1.18.1 google-osconfig-agent-20210506.00-1.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-guest-agent-20210414.00-1.20.1 google-guest-oslogin-20210429.00-1.18.1 google-guest-oslogin-debuginfo-20210429.00-1.18.1 google-guest-oslogin-debugsource-20210429.00-1.18.1 google-osconfig-agent-20210506.00-1.11.1 References: https://bugzilla.suse.com/1185848 https://bugzilla.suse.com/1185849 From sle-updates at lists.suse.com Mon May 24 19:17:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 May 2021 21:17:55 +0200 (CEST) Subject: SUSE-RU-2021:1701-1: moderate: Recommended update for google-guest-agent, google-guest-oslogin, google-osconfig-agent Message-ID: <20210524191755.DA5C3FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-oslogin, google-osconfig-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1701-1 Rating: moderate References: #1185848 #1185849 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-guest-agent, google-guest-oslogin, google-osconfig-agent contains the following fixes: - Update to version 20210414.00 (bsc#1185848, bsc#1185849) * start sshd (#106) * Add systemd-networkd.service restart dependency. (#104) * Update error message for handleHealthCheckRequest. (#105) - Update to version 20210429.00 (bsc#1185848, bsc#1185849) * correct pagetoken in groupsforuser (#59) * resolve self groups last (#58) * support empty groups (#57) * no paginating to find groups (#56) * clear users vector (#55) * correct usage of pagetoken (#54) - Update to version 20210506.00 (bsc#1185848, bsc#1185849) * Add more os policy assignment examples (#348) * e2e_tests: enable stable tests for OSPolicies (#347) * Align start and end task logs (#346) * ConfigTask: add additional info logs (#345) * e2e_tests: add validation tests (#344) * Config Task: make sure agent respects policy mode (#343) * update * e2e_tests: readd retries to OSPolicies * Set minWaitDuration as a string instead of object (#341) * e2e_tests: Fix a few SUSE tests (#339) * Remove pre-release flag from config (#340) * e2e_tests: fixup OSPolicy tests (#338) * e2e_tests: unlock mutex for CreatePolicies as soon as create finishes (#337) * e2e_tests: Don't retry failed OSPolicy tests, fix msi test (#336) * Examples for os policy assignments (#334) * e2e_tests: increase the deadline for OSPolicy tests and only start after a zone has been secured (#335) * Fix panic when installing MSI (#332) * e2e_tests: Add test cases of installing dbe, rpm and msi packages (#333) * e2e_tests: add more logging * e2e_tests: (#330) * e2e_test: Add timouts to OSPolicy tests so we don't wait forever (#329) * Create top level directories for gcloud and console for os policy assignment examples (#328) * e2e_tests: Move api from an internal directory (#327) * Make sure we use the same test name for reruns (#326) * Add CONFIG_V1 capability (#325) * e2e_tests: reduce size of instances, use pd-balanced, rerun failed tests once (#324) * Only report installed packages for dpkg (#322) * e2e_tests: fix windows package and repository tests (#323) * Add top level directories for os policy examples (#321) * e2e_tests: move to using inventory api for inventory reporting (#320) * e2e_tests: add ExecResource tests (#319) * ExecResource: make sure we set permissions correctly for downloaded files (#318) * Config task: only run post check on resources that have already been evaluated (#317) * e2e_test: reorganize OSPolicy tests to be per Resource type (#316) * Set custom user agent (#299) * e2e_tests: check InstanceOSPoliciesCompliance for each test case, add LocalPath FileResource test (#314) * PackageResource: make sure to run AptUpdate prior to package install (#315) * Fix bugs/add more logging for OSPolicies (#313) * Change metadata http client to ignore http proxies (#312) * e2e_test: add tests for FileResource (#311) * Add task_type context logging (#310) * Fix e2e_test typo (#309) * Fix e2e_tests (#308) * Disable OSPolicies by default since it is an unreleased feature (#307) * e2e_tests: Add more OSPolicies package and repo tests (#306) * Do not enforce repo_gpgcheck in guestpolicies (#305) * Gather inventory 3-5min after agent start (#303) * e2e_tests: add OSPolicies tests for package install (#302) * Add helpful error log if a service account is missing (#304) * OSPolicies: correct apt repo extension, remove yum/zypper gpgcheck override (#301) * Update cos library to parse new version of packages file (#300) * config_task: Rework config step logic (#296) * e2e_test: enable serial logs in cos to support ReportInventory test (#297) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-1701=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-guest-agent-20210414.00-1.20.1 google-guest-oslogin-20210429.00-1.17.1 google-guest-oslogin-debuginfo-20210429.00-1.17.1 google-guest-oslogin-debugsource-20210429.00-1.17.1 google-osconfig-agent-20210506.00-1.11.1 References: https://bugzilla.suse.com/1185848 https://bugzilla.suse.com/1185849 From sle-updates at lists.suse.com Tue May 25 13:18:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 15:18:05 +0200 (CEST) Subject: SUSE-RU-2021:1702-1: moderate: Recommended update for shim Message-ID: <20210525131805.14C49FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for shim ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1702-1 Rating: moderate References: #1185464 #1185961 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for shim fixes the following issues: - shim-install: instead of assuming "removable" for Azure, remove fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot to make \EFI\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1702=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1702=1 Package List: - SUSE MicroOS 5.0 (x86_64): shim-15.4-3.23.1 shim-debuginfo-15.4-3.23.1 shim-debugsource-15.4-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): shim-15.4-3.23.1 shim-debuginfo-15.4-3.23.1 shim-debugsource-15.4-3.23.1 References: https://bugzilla.suse.com/1185464 https://bugzilla.suse.com/1185961 From sle-updates at lists.suse.com Tue May 25 16:17:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 18:17:15 +0200 (CEST) Subject: SUSE-RU-2021:1752-1: moderate: Recommended update for expect Message-ID: <20210525161715.1C763FD14@maintenance.suse.de> SUSE Recommended Update: Recommended update for expect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1752-1 Rating: moderate References: #1172681 #1183904 #1184122 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for expect fixes the following issues: - Fixed an issue when expect in permanently open connection causes hanging for scripts. (bsc#1183904) - pass explicit -pie flag to CFLAGS and hack `make` invocation so that /usr/bin/expect actually becomes a PIE binary. This is especially awkard since the expect build system implicitly passes -fPIC which breaks our gcc-PIE package, but does not pass -pie while linking the executable. Shared libraries are also not linked with -shared so we need to explicitly pass this, too, to avoid build breakage. (bsc#1184122) - Add an unversioned symlink to make linking easier for applications that use libexpect without Tcl. (bsc#1172681) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1752=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1752=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): expect-5.45.4-3.3.1 expect-debuginfo-5.45.4-3.3.1 expect-debugsource-5.45.4-3.3.1 expect-devel-5.45.4-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): expect-5.45.4-3.3.1 expect-debuginfo-5.45.4-3.3.1 expect-debugsource-5.45.4-3.3.1 expect-devel-5.45.4-3.3.1 References: https://bugzilla.suse.com/1172681 https://bugzilla.suse.com/1183904 https://bugzilla.suse.com/1184122 From sle-updates at lists.suse.com Tue May 25 16:18:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 18:18:31 +0200 (CEST) Subject: SUSE-RU-2021:1754-1: moderate: Recommended update for rmt-server Message-ID: <20210525161831.39050FD14@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1754-1 Rating: moderate References: #1180018 #1184814 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Fix: Don't append slash to custom repository urls - Add enabled attribute to syncing process to fix wrong marked repositories when syncing. (bsc#1184814) - Enable 'Installer-Updates' repositories when enabling a product, so they can get used by the installer to patch the installation system itself. (bsc#1184814) - Do not raise an exception when mirroring. (bsc#1180018) - Set 'cloud_povider' info when registering the instance. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1754=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1754=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): rmt-server-2.6.9-3.12.1 rmt-server-config-2.6.9-3.12.1 rmt-server-debuginfo-2.6.9-3.12.1 rmt-server-debugsource-2.6.9-3.12.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.6.9-3.12.1 rmt-server-debugsource-2.6.9-3.12.1 rmt-server-pubcloud-2.6.9-3.12.1 References: https://bugzilla.suse.com/1180018 https://bugzilla.suse.com/1184814 From sle-updates at lists.suse.com Tue May 25 16:19:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 18:19:41 +0200 (CEST) Subject: SUSE-RU-2021:1753-1: moderate: Recommended update for sle-rt-hw_en Message-ID: <20210525161941.35B3FFD14@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-rt-hw_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1753-1 Rating: moderate References: #1185328 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sle-rt-hw_en fixes the following issues: - Update the documentation content of the section about 'Determining Latencies with the Hardware Latency Detector'. (bsc#1185328) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2021-1753=1 - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1753=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): sle-rt-hw_en-15.2-3.6.2 - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): sle-rt-hw_en-15.2-3.6.2 References: https://bugzilla.suse.com/1185328 From sle-updates at lists.suse.com Tue May 25 16:21:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 18:21:54 +0200 (CEST) Subject: SUSE-RU-2021:1756-1: moderate: Recommended update for nvme-cli Message-ID: <20210525162154.46C57FD14@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1756-1 Rating: moderate References: #1179825 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nvme-cli fixes the following issues: - Lookup existing persistent controllers (bsc#1179825) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1756=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1756=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): nvme-cli-1.10-4.12.1 nvme-cli-debuginfo-1.10-4.12.1 nvme-cli-debugsource-1.10-4.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): nvme-cli-1.10-4.12.1 nvme-cli-debuginfo-1.10-4.12.1 nvme-cli-debugsource-1.10-4.12.1 References: https://bugzilla.suse.com/1179825 From sle-updates at lists.suse.com Tue May 25 16:23:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 18:23:07 +0200 (CEST) Subject: SUSE-SU-2021:1728-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15) Message-ID: <20210525162307.93F10FD14@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1728-1 Rating: important References: #1178066 #1184710 #1184952 Cross-References: CVE-2020-0433 CVE-2020-36322 CVE-2021-29154 CVSS scores: CVE-2020-0433 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0433 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_66 fixes several issues. The following security issues were fixed: - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1178066). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-1727=1 SUSE-SLE-Module-Live-Patching-15-2021-1728=1 SUSE-SLE-Module-Live-Patching-15-2021-1729=1 SUSE-SLE-Module-Live-Patching-15-2021-1730=1 SUSE-SLE-Module-Live-Patching-15-2021-1731=1 SUSE-SLE-Module-Live-Patching-15-2021-1732=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_52-default-10-2.2 kernel-livepatch-4_12_14-150_52-default-debuginfo-10-2.2 kernel-livepatch-4_12_14-150_55-default-10-2.2 kernel-livepatch-4_12_14-150_55-default-debuginfo-10-2.2 kernel-livepatch-4_12_14-150_58-default-9-2.2 kernel-livepatch-4_12_14-150_58-default-debuginfo-9-2.2 kernel-livepatch-4_12_14-150_63-default-7-2.2 kernel-livepatch-4_12_14-150_63-default-debuginfo-7-2.2 kernel-livepatch-4_12_14-150_66-default-5-2.2 kernel-livepatch-4_12_14-150_66-default-debuginfo-5-2.2 kernel-livepatch-4_12_14-150_69-default-4-2.2 kernel-livepatch-4_12_14-150_69-default-debuginfo-4-2.2 References: https://www.suse.com/security/cve/CVE-2020-0433.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-29154.html https://bugzilla.suse.com/1178066 https://bugzilla.suse.com/1184710 https://bugzilla.suse.com/1184952 From sle-updates at lists.suse.com Tue May 25 16:24:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 18:24:41 +0200 (CEST) Subject: SUSE-SU-2021:1715-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP1) Message-ID: <20210525162441.C7712FD14@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1715-1 Rating: important References: #1184710 #1184952 Cross-References: CVE-2020-36322 CVE-2021-29154 CVSS scores: CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_86 fixes several issues. The following security issues were fixed: - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1703=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1704=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1705=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1706=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1707=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1708=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1709=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1710=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1711=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1712=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1713=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-1714=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1715=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1716=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1734=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1746=1 SUSE-SLE-Live-Patching-12-SP4-2021-1747=1 SUSE-SLE-Live-Patching-12-SP4-2021-1748=1 SUSE-SLE-Live-Patching-12-SP4-2021-1749=1 SUSE-SLE-Live-Patching-12-SP4-2021-1750=1 SUSE-SLE-Live-Patching-12-SP4-2021-1751=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-22-default-11-5.2 kernel-livepatch-5_3_18-22-default-debuginfo-11-5.2 kernel-livepatch-5_3_18-24_12-default-9-2.2 kernel-livepatch-5_3_18-24_12-default-debuginfo-9-2.2 kernel-livepatch-5_3_18-24_15-default-9-2.2 kernel-livepatch-5_3_18-24_15-default-debuginfo-9-2.2 kernel-livepatch-5_3_18-24_24-default-9-2.2 kernel-livepatch-5_3_18-24_24-default-debuginfo-9-2.2 kernel-livepatch-5_3_18-24_29-default-7-2.2 kernel-livepatch-5_3_18-24_29-default-debuginfo-7-2.2 kernel-livepatch-5_3_18-24_34-default-7-2.2 kernel-livepatch-5_3_18-24_34-default-debuginfo-7-2.2 kernel-livepatch-5_3_18-24_37-default-7-2.2 kernel-livepatch-5_3_18-24_37-default-debuginfo-7-2.2 kernel-livepatch-5_3_18-24_43-default-6-2.2 kernel-livepatch-5_3_18-24_43-default-debuginfo-6-2.2 kernel-livepatch-5_3_18-24_46-default-6-2.2 kernel-livepatch-5_3_18-24_46-default-debuginfo-6-2.2 kernel-livepatch-5_3_18-24_49-default-5-2.2 kernel-livepatch-5_3_18-24_49-default-debuginfo-5-2.2 kernel-livepatch-5_3_18-24_52-default-4-2.2 kernel-livepatch-5_3_18-24_52-default-debuginfo-4-2.2 kernel-livepatch-5_3_18-24_9-default-10-2.2 kernel-livepatch-5_3_18-24_9-default-debuginfo-10-2.2 kernel-livepatch-SLE15-SP2_Update_0-debugsource-11-5.2 kernel-livepatch-SLE15-SP2_Update_1-debugsource-10-2.2 kernel-livepatch-SLE15-SP2_Update_10-debugsource-5-2.2 kernel-livepatch-SLE15-SP2_Update_11-debugsource-4-2.2 kernel-livepatch-SLE15-SP2_Update_2-debugsource-9-2.2 kernel-livepatch-SLE15-SP2_Update_3-debugsource-9-2.2 kernel-livepatch-SLE15-SP2_Update_4-debugsource-9-2.2 kernel-livepatch-SLE15-SP2_Update_5-debugsource-7-2.2 kernel-livepatch-SLE15-SP2_Update_6-debugsource-7-2.2 kernel-livepatch-SLE15-SP2_Update_7-debugsource-7-2.2 kernel-livepatch-SLE15-SP2_Update_8-debugsource-6-2.2 kernel-livepatch-SLE15-SP2_Update_9-debugsource-6-2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_83-default-5-2.2 kernel-livepatch-4_12_14-197_86-default-4-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_63-default-4-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_54-default-10-2.2 kgraft-patch-4_12_14-95_57-default-10-2.2 kgraft-patch-4_12_14-95_60-default-9-2.2 kgraft-patch-4_12_14-95_65-default-6-2.2 kgraft-patch-4_12_14-95_68-default-5-2.2 kgraft-patch-4_12_14-95_71-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-29154.html https://bugzilla.suse.com/1184710 https://bugzilla.suse.com/1184952 From sle-updates at lists.suse.com Tue May 25 16:26:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 18:26:09 +0200 (CEST) Subject: SUSE-SU-2021:1733-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP5) Message-ID: <20210525162609.4EDD9FD14@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1733-1 Rating: important References: #1184171 #1184952 Cross-References: CVE-2020-36322 CVE-2021-3444 CVSS scores: CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_66 fixes several issues. The following security issues were fixed: - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952). - CVE-2021-3444: Fixed incorrect mod32 BPF verifier truncation (bsc#1184171). - CVE-2021-3444: Fixed incorrect mod32 BPF verifier truncation (bsc#1184171). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1733=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_66-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-3444.html https://bugzilla.suse.com/1184171 https://bugzilla.suse.com/1184952 From sle-updates at lists.suse.com Tue May 25 16:27:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 18:27:25 +0200 (CEST) Subject: SUSE-RU-2021:1297-2: moderate: Recommended update for systemd Message-ID: <20210525162725.F2C7AFD14@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1297-2 Rating: moderate References: #1178219 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1297=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1297=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1297=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1297=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1297=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1297=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1297=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1297=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1297=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1297=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1297=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1297=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1297=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libsystemd0-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Manager Server 4.0 (x86_64): libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 - SUSE Manager Server 4.0 (noarch): systemd-bash-completion-234-24.82.1 - SUSE Manager Retail Branch Server 4.0 (noarch): systemd-bash-completion-234-24.82.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libsystemd0-234-24.82.1 libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Manager Proxy 4.0 (x86_64): libsystemd0-234-24.82.1 libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Manager Proxy 4.0 (noarch): systemd-bash-completion-234-24.82.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libsystemd0-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): systemd-bash-completion-234-24.82.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le): libsystemd0-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): systemd-bash-completion-234-24.82.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): systemd-bash-completion-234-24.82.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libsystemd0-234-24.82.1 libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): systemd-bash-completion-234-24.82.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsystemd0-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): systemd-bash-completion-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libsystemd0-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): systemd-bash-completion-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libsystemd0-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): systemd-bash-completion-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsystemd0-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): systemd-bash-completion-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsystemd0-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): systemd-bash-completion-234-24.82.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libsystemd0-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 - SUSE Enterprise Storage 6 (x86_64): libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 - SUSE Enterprise Storage 6 (noarch): systemd-bash-completion-234-24.82.1 - SUSE CaaS Platform 4.0 (noarch): systemd-bash-completion-234-24.82.1 - SUSE CaaS Platform 4.0 (x86_64): libsystemd0-234-24.82.1 libsystemd0-32bit-234-24.82.1 libsystemd0-32bit-debuginfo-234-24.82.1 libsystemd0-debuginfo-234-24.82.1 libudev-devel-234-24.82.1 libudev1-234-24.82.1 libudev1-32bit-234-24.82.1 libudev1-32bit-debuginfo-234-24.82.1 libudev1-debuginfo-234-24.82.1 systemd-234-24.82.1 systemd-32bit-234-24.82.1 systemd-32bit-debuginfo-234-24.82.1 systemd-container-234-24.82.1 systemd-container-debuginfo-234-24.82.1 systemd-coredump-234-24.82.1 systemd-coredump-debuginfo-234-24.82.1 systemd-debuginfo-234-24.82.1 systemd-debugsource-234-24.82.1 systemd-devel-234-24.82.1 systemd-sysvinit-234-24.82.1 udev-234-24.82.1 udev-debuginfo-234-24.82.1 References: https://bugzilla.suse.com/1178219 From sle-updates at lists.suse.com Tue May 25 16:28:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 18:28:39 +0200 (CEST) Subject: SUSE-RU-2021:1757-1: moderate: Recommended update for libsolv, libzypp Message-ID: <20210525162839.EF6D4FD14@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1757-1 Rating: moderate References: #1180851 #1181874 #1182936 #1183628 #1184997 #1185239 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Installer 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for libsolv and libzypp fixes the following issues: libsolv: Upgrade from version 0.7.17 to version 0.7.19 - Fix rare segfault in `resolve_jobrules()` that could happen if new rules are learned. - Fix memory leaks in error cases - Fix error handling in `solv_xfopen_fd()` - Fix regex code on win32 - fixed memory leak in choice rule generation - `repo_add_conda`: add a flag to skip version 2 packages. libzypp: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1757=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1757=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2021-1757=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1757=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1757=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libsolv-debuginfo-0.7.19-3.45.1 libsolv-debugsource-0.7.19-3.45.1 libsolv-devel-0.7.19-3.45.1 libsolv-devel-debuginfo-0.7.19-3.45.1 libsolv-tools-0.7.19-3.45.1 libsolv-tools-debuginfo-0.7.19-3.45.1 libzypp-17.25.10-3.69.1 libzypp-debuginfo-17.25.10-3.69.1 libzypp-debugsource-17.25.10-3.69.1 libzypp-devel-17.25.10-3.69.1 perl-solv-0.7.19-3.45.1 perl-solv-debuginfo-0.7.19-3.45.1 python-solv-0.7.19-3.45.1 python-solv-debuginfo-0.7.19-3.45.1 python3-solv-0.7.19-3.45.1 python3-solv-debuginfo-0.7.19-3.45.1 ruby-solv-0.7.19-3.45.1 ruby-solv-debuginfo-0.7.19-3.45.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsolv-debuginfo-0.7.19-3.45.1 libsolv-debugsource-0.7.19-3.45.1 libsolv-devel-0.7.19-3.45.1 libsolv-devel-debuginfo-0.7.19-3.45.1 libsolv-tools-0.7.19-3.45.1 libsolv-tools-debuginfo-0.7.19-3.45.1 libzypp-17.25.10-3.69.1 libzypp-debuginfo-17.25.10-3.69.1 libzypp-debugsource-17.25.10-3.69.1 libzypp-devel-17.25.10-3.69.1 perl-solv-0.7.19-3.45.1 perl-solv-debuginfo-0.7.19-3.45.1 python-solv-0.7.19-3.45.1 python-solv-debuginfo-0.7.19-3.45.1 python3-solv-0.7.19-3.45.1 python3-solv-debuginfo-0.7.19-3.45.1 ruby-solv-0.7.19-3.45.1 ruby-solv-debuginfo-0.7.19-3.45.1 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.19-3.45.1 libzypp-17.25.10-3.69.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsolv-debuginfo-0.7.19-3.45.1 libsolv-debugsource-0.7.19-3.45.1 libsolv-devel-0.7.19-3.45.1 libsolv-devel-debuginfo-0.7.19-3.45.1 libsolv-tools-0.7.19-3.45.1 libsolv-tools-debuginfo-0.7.19-3.45.1 libzypp-17.25.10-3.69.1 libzypp-debuginfo-17.25.10-3.69.1 libzypp-debugsource-17.25.10-3.69.1 libzypp-devel-17.25.10-3.69.1 perl-solv-0.7.19-3.45.1 perl-solv-debuginfo-0.7.19-3.45.1 python-solv-0.7.19-3.45.1 python-solv-debuginfo-0.7.19-3.45.1 python3-solv-0.7.19-3.45.1 python3-solv-debuginfo-0.7.19-3.45.1 ruby-solv-0.7.19-3.45.1 ruby-solv-debuginfo-0.7.19-3.45.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsolv-debuginfo-0.7.19-3.45.1 libsolv-debugsource-0.7.19-3.45.1 libsolv-devel-0.7.19-3.45.1 libsolv-devel-debuginfo-0.7.19-3.45.1 libsolv-tools-0.7.19-3.45.1 libsolv-tools-debuginfo-0.7.19-3.45.1 libzypp-17.25.10-3.69.1 libzypp-debuginfo-17.25.10-3.69.1 libzypp-debugsource-17.25.10-3.69.1 libzypp-devel-17.25.10-3.69.1 perl-solv-0.7.19-3.45.1 perl-solv-debuginfo-0.7.19-3.45.1 python-solv-0.7.19-3.45.1 python-solv-debuginfo-0.7.19-3.45.1 python3-solv-0.7.19-3.45.1 python3-solv-debuginfo-0.7.19-3.45.1 ruby-solv-0.7.19-3.45.1 ruby-solv-debuginfo-0.7.19-3.45.1 References: https://bugzilla.suse.com/1180851 https://bugzilla.suse.com/1181874 https://bugzilla.suse.com/1182936 https://bugzilla.suse.com/1183628 https://bugzilla.suse.com/1184997 https://bugzilla.suse.com/1185239 From sle-updates at lists.suse.com Tue May 25 16:30:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 18:30:15 +0200 (CEST) Subject: SUSE-SU-2021:1755-1: moderate: Security update for libu2f-host Message-ID: <20210525163015.48074FD14@maintenance.suse.de> SUSE Security Update: Security update for libu2f-host ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1755-1 Rating: moderate References: #1124781 #1128140 #1184648 ECO-3687 Cross-References: CVE-2018-20340 CVE-2019-9578 CVSS scores: CVE-2018-20340 (NVD) : 6.8 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-20340 (SUSE): 6.4 CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-9578 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-9578 (SUSE): 2.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities, contains one feature and has one errata is now available. Description: This update for libu2f-host fixes the following issues: This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648) Version 1.1.10 (released 2019-05-15) - Add new devices to udev rules. - Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140) Version 1.1.9 (released 2019-03-06) - Fix CID copying from the init response, which broke compatibility with some devices. Version 1.1.8 (released 2019-03-05) - Add udev rules - Drop 70-old-u2f.rules and use 70-u2f.rules for everything - Use a random nonce for setting up CID to prevent fingerprinting - CVE-2019-9578: Parse the response to init in a more stable way to prevent leakage of uninitialized stack memory back to the device (bsc#1128140). Version 1.1.7 (released 2019-01-08) - Fix for trusting length from device in device init. - Fix for buffer overflow when receiving data from device. (YSA-2019-01, CVE-2018-20340, bsc#1124781) - Add udev rules for some new devices. - Add udev rule for Feitian ePass FIDO - Add a timeout to the register and authenticate actions. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1755=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1755=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.10-3.9.1 libu2f-host-debugsource-1.1.10-3.9.1 libu2f-host-devel-1.1.10-3.9.1 libu2f-host0-1.1.10-3.9.1 libu2f-host0-debuginfo-1.1.10-3.9.1 u2f-host-1.1.10-3.9.1 u2f-host-debuginfo-1.1.10-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.10-3.9.1 libu2f-host-debugsource-1.1.10-3.9.1 libu2f-host-devel-1.1.10-3.9.1 libu2f-host0-1.1.10-3.9.1 libu2f-host0-debuginfo-1.1.10-3.9.1 u2f-host-1.1.10-3.9.1 u2f-host-debuginfo-1.1.10-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-20340.html https://www.suse.com/security/cve/CVE-2019-9578.html https://bugzilla.suse.com/1124781 https://bugzilla.suse.com/1128140 https://bugzilla.suse.com/1184648 From sle-updates at lists.suse.com Tue May 25 16:31:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 May 2021 18:31:48 +0200 (CEST) Subject: SUSE-SU-2021:1724-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP1) Message-ID: <20210525163148.5BDB5FD14@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1724-1 Rating: important References: #1183452 #1184710 #1184952 Cross-References: CVE-2020-36322 CVE-2021-29154 CVSS scores: CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-197_51 fixes several issues. The following security issues were fixed: - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710) - Fix system crash on kernfs_kill_sb() as a sysfs superblock's kernfs_super_info node list was NULL (bsc#1183452). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1717=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1718=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1719=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1720=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1721=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1722=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1723=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1724=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1725=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-1726=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1735=1 SUSE-SLE-Live-Patching-12-SP5-2021-1736=1 SUSE-SLE-Live-Patching-12-SP5-2021-1737=1 SUSE-SLE-Live-Patching-12-SP5-2021-1738=1 SUSE-SLE-Live-Patching-12-SP5-2021-1739=1 SUSE-SLE-Live-Patching-12-SP5-2021-1740=1 SUSE-SLE-Live-Patching-12-SP5-2021-1741=1 SUSE-SLE-Live-Patching-12-SP5-2021-1742=1 SUSE-SLE-Live-Patching-12-SP5-2021-1743=1 SUSE-SLE-Live-Patching-12-SP5-2021-1744=1 SUSE-SLE-Live-Patching-12-SP5-2021-1745=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_45-default-10-2.2 kernel-livepatch-4_12_14-197_48-default-10-2.2 kernel-livepatch-4_12_14-197_51-default-10-2.2 kernel-livepatch-4_12_14-197_56-default-9-2.2 kernel-livepatch-4_12_14-197_61-default-8-2.2 kernel-livepatch-4_12_14-197_64-default-7-2.2 kernel-livepatch-4_12_14-197_67-default-7-2.2 kernel-livepatch-4_12_14-197_72-default-6-2.2 kernel-livepatch-4_12_14-197_75-default-6-2.2 kernel-livepatch-4_12_14-197_78-default-6-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_23-default-12-2.2 kgraft-patch-4_12_14-122_26-default-12-2.2 kgraft-patch-4_12_14-122_29-default-12-2.2 kgraft-patch-4_12_14-122_32-default-12-2.2 kgraft-patch-4_12_14-122_37-default-11-2.2 kgraft-patch-4_12_14-122_41-default-10-2.2 kgraft-patch-4_12_14-122_46-default-8-2.2 kgraft-patch-4_12_14-122_51-default-8-2.2 kgraft-patch-4_12_14-122_54-default-6-2.2 kgraft-patch-4_12_14-122_57-default-6-2.2 kgraft-patch-4_12_14-122_60-default-5-2.2 References: https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-29154.html https://bugzilla.suse.com/1183452 https://bugzilla.suse.com/1184710 https://bugzilla.suse.com/1184952 From sle-updates at lists.suse.com Wed May 26 06:17:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:17:57 +0200 (CEST) Subject: SUSE-CU-2021:177-1: Recommended update of suse/sle15 Message-ID: <20210526061757.D6962B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:177-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.397 Container Release : 4.22.397 Severity : moderate Type : recommended References : 1180851 1181874 1182936 1183628 1184997 1185239 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1757-1 Released: Tue May 25 14:26:03 2021 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libsolv and libzypp fixes the following issues: libsolv: Upgrade from version 0.7.17 to version 0.7.19 - Fix rare segfault in `resolve_jobrules()` that could happen if new rules are learned. - Fix memory leaks in error cases - Fix error handling in `solv_xfopen_fd()` - Fix regex code on win32 - fixed memory leak in choice rule generation - `repo_add_conda`: add a flag to skip version 2 packages. libzypp: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. From sle-updates at lists.suse.com Wed May 26 06:19:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:19:56 +0200 (CEST) Subject: SUSE-CU-2021:178-1: Security update of caasp/v4.5/389-ds Message-ID: <20210526061956.C89D8B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:178-1 Container Tags : caasp/v4.5/389-ds:1.4.3 , caasp/v4.5/389-ds:1.4.3-rev4 , caasp/v4.5/389-ds:1.4.3-rev4-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1041090 1049382 1050625 1078466 1084671 1116658 1136234 1141597 1146705 1155094 1155141 1161276 1169006 1171883 1172695 1173404 1173409 1173410 1173471 1173582 1174016 1174091 1174436 1174465 1174571 1174701 1174942 1175458 1175514 1175519 1175623 1176201 1176262 1176547 1177127 1177211 1177238 1177275 1177427 1177460 1177460 1177490 1177583 1177955 1178009 1178219 1178346 1178386 1178554 1178775 1178775 1178807 1178823 1178825 1178909 1178910 1178943 1178944 1178966 1179025 1179083 1179193 1179203 1179222 1179363 1179415 1179503 1179630 1179694 1179721 1179756 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180377 1180596 1180603 1180603 1180663 1180686 1180721 1180836 1180851 1180885 1181011 1181122 1181126 1181159 1181328 1181443 1181505 1181622 1181644 1181831 1181872 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182379 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182790 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183374 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1183942 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-25013 CVE-2019-5010 CVE-2020-14422 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-27618 CVE-2020-27619 CVE-2020-29562 CVE-2020-29573 CVE-2020-35518 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2020-8492 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3177 CVE-2021-3326 CVE-2021-3426 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:526-1 Released: Fri Feb 19 12:46:27 2021 Summary: Recommended update for python-distro Type: recommended Severity: moderate References: This update for python-distro fixes the following issues: Upgrade from version 1.2.0 to 1.5.0 (jsc#ECO-3212) - Backward compatibility: - Keep output as native string so we can compatible with python2 interface - Prefer the `VERSION_CODENAME` field of `os-release` to parsing it from `VERSION` - Bug Fixes: - Fix detection of RHEL 6 `ComputeNode` - Fix Oracle 4/5 `lsb_release` id and names - Ignore `/etc/plesk-release` file while parsing distribution - Return `_uname_info` from the `uname_info()` method - Fixed `CloudLinux` id discovery - Update Oracle matching - Warn about wrong locale. - Documentation: - Distro is the recommended replacement for `platform.linux_distribution` - Add Ansible reference implementation and fix arch-linux link - Add facter reference implementation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:529-1 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:724-1 Released: Mon Mar 8 16:46:57 2021 Summary: Security update for 389-ds Type: security Severity: moderate References: 1181159,CVE-2020-35518 This update for 389-ds fixes the following issues: - 389-ds was updated to version 1.4.3.19 - CVE-2020-35518: Fixed an information disclosure during the binding of a DN (bsc#1181159). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:927-1 Released: Tue Mar 23 14:07:05 2021 Summary: Recommended update for libreoffice Type: recommended Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1007-1 Released: Thu Apr 1 17:47:20 2021 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1183942,CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987 This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1557-1 Released: Tue May 11 09:50:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1183374,CVE-2021-3426 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:20:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:20:21 +0200 (CEST) Subject: SUSE-CU-2021:179-1: Security update of caasp/v4.5/busybox Message-ID: <20210526062021.3B378B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:179-1 Container Tags : caasp/v4.5/busybox:1.26.2 , caasp/v4.5/busybox:1.26.2-rev3 , caasp/v4.5/busybox:1.26.2-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:20:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:20:46 +0200 (CEST) Subject: SUSE-CU-2021:180-1: Security update of caasp/v4.5/caasp-dex Message-ID: <20210526062046.3FDF1B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/caasp-dex ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:180-1 Container Tags : caasp/v4.5/caasp-dex:2.23.0 , caasp/v4.5/caasp-dex:2.23.0-rev3 , caasp/v4.5/caasp-dex:2.23.0-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/caasp-dex was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:21:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:21:10 +0200 (CEST) Subject: SUSE-CU-2021:181-1: Security update of caasp/v4.5/cert-exporter Message-ID: <20210526062110.DCC58B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/cert-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:181-1 Container Tags : caasp/v4.5/cert-exporter:2.3.0 , caasp/v4.5/cert-exporter:2.3.0-rev3 , caasp/v4.5/cert-exporter:2.3.0-rev3-build3.8.1 Container Release : 3.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/cert-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:21:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:21:36 +0200 (CEST) Subject: SUSE-CU-2021:182-1: Security update of caasp/v4.5/cert-manager-cainjector Message-ID: <20210526062136.17A6EB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/cert-manager-cainjector ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:182-1 Container Tags : caasp/v4.5/cert-manager-cainjector:0.15.1 , caasp/v4.5/cert-manager-cainjector:0.15.1-rev3 , caasp/v4.5/cert-manager-cainjector:0.15.1-rev3-build4.8.1 Container Release : 4.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/cert-manager-cainjector was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:22:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:22:01 +0200 (CEST) Subject: SUSE-CU-2021:183-1: Security update of caasp/v4.5/cert-manager-controller Message-ID: <20210526062201.0FABBB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/cert-manager-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:183-1 Container Tags : caasp/v4.5/cert-manager-controller:0.15.1 , caasp/v4.5/cert-manager-controller:0.15.1-rev3 , caasp/v4.5/cert-manager-controller:0.15.1-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/cert-manager-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:22:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:22:26 +0200 (CEST) Subject: SUSE-CU-2021:184-1: Security update of caasp/v4.5/cert-manager-webhook Message-ID: <20210526062226.0C3E6B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/cert-manager-webhook ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:184-1 Container Tags : caasp/v4.5/cert-manager-webhook:0.15.1 , caasp/v4.5/cert-manager-webhook:0.15.1-rev3 , caasp/v4.5/cert-manager-webhook:0.15.1-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/cert-manager-webhook was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:22:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:22:58 +0200 (CEST) Subject: SUSE-CU-2021:185-1: Security update of caasp/v4.5/cilium-etcd-operator Message-ID: <20210526062258.43989B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/cilium-etcd-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:185-1 Container Tags : caasp/v4.5/cilium-etcd-operator:2.0.5 , caasp/v4.5/cilium-etcd-operator:2.0.5-rev5 , caasp/v4.5/cilium-etcd-operator:2.0.5-rev5-build5.13.1 Container Release : 5.13.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/cilium-etcd-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:23:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:23:50 +0200 (CEST) Subject: SUSE-CU-2021:186-1: Security update of caasp/v4.5/cilium Message-ID: <20210526062350.9642AB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/cilium ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:186-1 Container Tags : caasp/v4.5/cilium:1.7.6 , caasp/v4.5/cilium:1.7.6-rev6 , caasp/v4.5/cilium:1.7.6-rev6-build5.18.1 Container Release : 5.18.1 Severity : important Type : security References : 1067478 1078466 1083473 1109367 1112500 1115408 1141190 1145085 1146705 1161276 1165780 1165780 1173582 1175519 1176201 1177047 1177127 1178219 1178386 1178680 1178775 1179694 1179721 1179847 1180020 1180038 1180073 1180083 1180596 1180713 1180836 1180851 1181011 1181328 1181443 1181505 1181618 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183012 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184136 1184358 1184401 1184435 1184614 1184687 1184690 1184920 1184997 1185163 1185190 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/cilium was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:596-1 Released: Thu Feb 25 10:26:30 2021 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1181618 This update for gcc7 fixes the following issues: - Fixed webkit2gtk3 build (bsc#1181618) - Change GCC exception licenses to SPDX format - Remove include-fixed/pthread.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1291-1 Released: Wed Apr 21 14:04:06 2021 Summary: Recommended update for mpfr Type: recommended Severity: moderate References: 1141190 This update for mpfr fixes the following issues: - Fixed an issue when building for ppc64le (bsc#1141190) Technical library fixes: - A subtraction of two numbers of the same sign or addition of two numbers of different signs can be rounded incorrectly (and the ternary value can be incorrect) when one of the two inputs is reused as the output (destination) and all these MPFR numbers have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines). - The mpfr_fma and mpfr_fms functions can behave incorrectly in case of internal overflow or underflow. - The result of the mpfr_sqr function can be rounded incorrectly in a rare case near underflow when the destination has exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines) and the input has at most GMP_NUMB_BITS bits of precision. - The behavior and documentation of the mpfr_get_str function are inconsistent concerning the minimum precision (this is related to the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The get_str patch fixes this issue in the following way: the value 1 can now be provided for n (4th argument of mpfr_get_str); if n = 0, then the number of significant digits in the output string can now be 1, as already implied by the documentation (but the code was increasing it to 2). - The mpfr_cmp_q function can behave incorrectly when the rational (mpq_t) number has a null denominator. - The mpfr_inp_str and mpfr_out_str functions might behave incorrectly when the stream is a null pointer: the stream is replaced by stdin and stdout, respectively. This behavior is useless, not documented (thus incorrect in case a null pointer would have a special meaning), and not consistent with other input/output functions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1618-1 Released: Mon May 17 13:11:28 2021 Summary: Recommended update for llvm7 and libqt5-qttools Type: recommended Severity: moderate References: 1067478,1109367,1145085,1184920 This update for llvm7 and libqt5-qttools fixes the following issues: libqt5-qttools: - Use `libclang` instead of `clang`, now that `llvm7` moved the header files to `libclang` (bsc#1109367, bsc#1184920) llvm7: - Remove unneeded and unused dependencies: - groff, bison, flex, jsoncpp - Devel packages are only required in other devel packages, when their headers are included in the installed headers. - Skip a test that is broken with 387 FPU registers and avoids check failure on i586. (bsc#1145085) - Link `libomp` with `atomic` if needed and fix build using gcc-4.8. (bsc#1145085) - Make build of `gnustep-libobjc2` package reproducible. (bsc#1067478) - Remove `-fno-strict-aliasing` which upstream doesn't use any more. - Package `clang` builtin headers with `libclang`. (bsc#1109367) - The library is unusable without the builtin headers. Currently consumers of `libclang` have to require `clang` as well, although only the headers are needed. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:24:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:24:30 +0200 (CEST) Subject: SUSE-CU-2021:187-1: Security update of caasp/v4.5/cilium-operator Message-ID: <20210526062430.6BE01B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/cilium-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:187-1 Container Tags : caasp/v4.5/cilium-operator:1.7.6 , caasp/v4.5/cilium-operator:1.7.6-rev6 , caasp/v4.5/cilium-operator:1.7.6-rev6-build5.18.1 Container Release : 5.18.1 Severity : important Type : security References : 1078466 1146705 1161276 1173582 1175519 1176201 1178219 1178386 1178775 1179694 1179721 1179847 1180020 1180038 1180073 1180083 1180596 1180836 1180851 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/cilium-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:24:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:24:55 +0200 (CEST) Subject: SUSE-CU-2021:188-1: Security update of caasp/v4.5/configmap-reload Message-ID: <20210526062455.49F36B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/configmap-reload ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:188-1 Container Tags : caasp/v4.5/configmap-reload:0.3.0 , caasp/v4.5/configmap-reload:0.3.0-rev3 , caasp/v4.5/configmap-reload:0.3.0-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/configmap-reload was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:25:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:25:20 +0200 (CEST) Subject: SUSE-CU-2021:189-1: Security update of caasp/v4.5/coredns Message-ID: <20210526062520.2BA27B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/coredns ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:189-1 Container Tags : caasp/v4.5/coredns:1.6.7 , caasp/v4.5/coredns:1.6.7-rev3 , caasp/v4.5/coredns:1.6.7-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/coredns was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:25:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:25:44 +0200 (CEST) Subject: SUSE-CU-2021:190-1: Security update of caasp/v4.5/curl Message-ID: <20210526062544.C888EB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/curl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:190-1 Container Tags : caasp/v4.5/curl:7.66.0 , caasp/v4.5/curl:7.66.0-rev3 , caasp/v4.5/curl:7.66.0-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/curl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:26:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:26:10 +0200 (CEST) Subject: SUSE-CU-2021:191-1: Security update of caasp/v4.5/default-http-backend Message-ID: <20210526062610.D6BF7B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/default-http-backend ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:191-1 Container Tags : caasp/v4.5/default-http-backend:0.15.0 , caasp/v4.5/default-http-backend:0.15.0-rev3 , caasp/v4.5/default-http-backend:0.15.0-rev3-build4.8.1 Container Release : 4.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/default-http-backend was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:26:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:26:40 +0200 (CEST) Subject: SUSE-CU-2021:192-1: Security update of caasp/v4.5/etcd Message-ID: <20210526062640.831DFB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/etcd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:192-1 Container Tags : caasp/v4.5/etcd:3.4.13 , caasp/v4.5/etcd:3.4.13-rev3 , caasp/v4.5/etcd:3.4.13-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1083473 1084671 1098449 1112500 1115408 1141597 1144793 1146705 1161276 1165780 1165780 1168771 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177533 1177583 1177658 1178219 1178346 1178386 1178554 1178680 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179691 1179691 1179694 1179721 1179738 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181319 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183012 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184136 1184358 1184401 1184435 1184614 1184687 1184690 1184997 1185163 1185190 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/etcd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:27:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:27:08 +0200 (CEST) Subject: SUSE-CU-2021:193-1: Security update of caasp/v4.5/gangway Message-ID: <20210526062708.A9379B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/gangway ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:193-1 Container Tags : caasp/v4.5/gangway:3.1.0 , caasp/v4.5/gangway:3.1.0-rev7 , caasp/v4.5/gangway:3.1.0-rev7-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/gangway was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:27:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:27:34 +0200 (CEST) Subject: SUSE-CU-2021:194-1: Security update of caasp/v4.5/grafana Message-ID: <20210526062734.59F98B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:194-1 Container Tags : caasp/v4.5/grafana:7.3.1 , caasp/v4.5/grafana:7.3.1-rev3 , caasp/v4.5/grafana:7.3.1-rev3-build4.8.1 Container Release : 4.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:321-1 Released: Mon Feb 8 10:29:48 2021 Summary: Recommended update for grafana, system-user-grafana Type: recommended Severity: moderate References: This update for grafana, system-user-grafana fixes the following issues: - Update packaging * avoid systemd and shadow hard requirements * Require the user from a new dedicated 'system-user-grafana' sibling package * avoid pinning to a specific Go version in the spec file - Update to version 7.3.1: * Breaking changes - CloudWatch: The AWS CloudWatch data source's authentication scheme has changed. See the upgrade notes for details and how this may affect you. - Units: The date time units `YYYY-MM-DD HH:mm:ss` and `MM/DD/YYYY h:mm:ss a` have been renamed to `Datetime ISO` and `Datetime US` respectively. * Features / Enhancements - AzureMonitor: Support decimal (as float64) type in analytics/logs. - Add monitoring mixing for Grafana. - CloudWatch: Missing Namespace AWS/EC2CapacityReservations. - CloudWatch: Add support for AWS DirectConnect virtual interface metrics and add missing dimensions. - CloudWatch: Adding support for Amazon ElastiCache Redis metrics. - CloudWatch: Adding support for additional Amazon CloudFront metrics. - CloudWatch: Re-implement authentication. - Elasticsearch: Support multiple pipeline aggregations for a query. - Prometheus: Add time range parameters to labels API. - Loki: Visually distinguish error logs for LogQL2. - Api: Add /healthz endpoint for health checks. - API: Enrich add user to org endpoints with user ID in the response. - API: Enrich responses and improve error handling for alerting API endpoints. - Elasticsearch: Add support for date_nanos type. - Elasticsearch: Allow fields starting with underscore. - Elasticsearch: Increase maximum geohash aggregation precision to 12. - Postgres: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Provisioning: Remove provisioned dashboards without parental reader. - API: Return ID of the deleted resource for dashboard, datasource and folder DELETE endpoints. - API: Support paging in the admin orgs list API. - API: return resource ID for auth key creation, folder permissions update and user invite complete endpoints. - BackendSrv: Uses credentials, deprecates withCredentials & defaults to same-origin. - CloudWatch: Update list of AmazonMQ metrics and dimensions. - Cloudwatch: Add Support for external ID in assume role. - Cloudwatch: Add af-south-1 region. - DateFormats: Default ISO & US formats never omit date part even if date is today (breaking change). - Explore: Transform prometheus query to elasticsearch query. - InfluxDB/Flux: Increase series limit for Flux datasource. - InfluxDB: exclude result and table column from Flux table results. - InfluxDB: return a table rather than an error when timeseries is missing time. - Loki: Add scopedVars support in legend formatting for repeated variables. - Loki: Re-introduce running of instant queries. - Loki: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - MixedDatasource: Shows retrieved data even if a data source fails. - Postgres: Support Unix socket for host. - Prometheus: Add scopedVars support in legend formatting for repeated variables. - Prometheus: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Prometheus: add $__rate_interval variable. - Table: Adds column filtering. - grafana-cli: Add ability to read password from stdin to reset admin password. - Variables: enables cancel for slow query variables queries. - AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used. - TextPanel: Fix content overflowing panel boundaries. - Fix golang version = 1.14 to avoid dependency conflicts on some OBS projects ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:27:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:27:59 +0200 (CEST) Subject: SUSE-CU-2021:195-1: Security update of caasp/v4.5/helm-tiller Message-ID: <20210526062759.11082B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/helm-tiller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:195-1 Container Tags : caasp/v4.5/helm-tiller:2.16.12 , caasp/v4.5/helm-tiller:2.16.12-rev3 , caasp/v4.5/helm-tiller:2.16.12-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/helm-tiller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:28:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:28:29 +0200 (CEST) Subject: SUSE-CU-2021:196-1: Security update of ingress-nginx-controller Message-ID: <20210526062829.F1F72B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: ingress-nginx-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:196-1 Container Tags : caasp/v4.5/ingress-nginx-controller:0.15.0-rev5 , caasp/v4.5/ingress-nginx-controller:0.15.0-rev5-build4.8.1 , ingress-nginx-controller:0.15.0 Container Release : 4.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181963 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container ingress-nginx-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:761-1 Released: Wed Mar 10 12:26:54 2021 Summary: Recommended update for libX11 Type: recommended Severity: moderate References: 1181963 This update for libX11 fixes the following issues: - Fixes a race condition in 'libX11' that causes various applications to crash randomly. (bsc#1181963) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 06:29:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 08:29:01 +0200 (CEST) Subject: SUSE-CU-2021:197-1: Security update of caasp/v4.5/k8s-sidecar Message-ID: <20210526062901.DE210B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/k8s-sidecar ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:197-1 Container Tags : caasp/v4.5/k8s-sidecar:0.1.75 , caasp/v4.5/k8s-sidecar:0.1.75-rev3 , caasp/v4.5/k8s-sidecar:0.1.75-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1125671 1140565 1141597 1146705 1154393 1155094 1161276 1169006 1171883 1172695 1173582 1174016 1174091 1174436 1174514 1174571 1174701 1174942 1175289 1175458 1175514 1175519 1175623 1176201 1176262 1176784 1176785 1177127 1177211 1177238 1177275 1177427 1177490 1177583 1178009 1178168 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179193 1179222 1179363 1179415 1179503 1179630 1179694 1179721 1179756 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180377 1180596 1180603 1180603 1180663 1180686 1180721 1180836 1180851 1180885 1181011 1181126 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182066 1182117 1182279 1182328 1182331 1182333 1182362 1182379 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183374 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-25013 CVE-2019-5010 CVE-2020-14343 CVE-2020-14422 CVE-2020-25659 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-27618 CVE-2020-27619 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-36242 CVE-2020-8025 CVE-2020-8492 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3177 CVE-2021-3326 CVE-2021-3426 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/k8s-sidecar was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:529-1 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:594-1 Released: Thu Feb 25 09:29:35 2021 Summary: Security update for python-cryptography Type: security Severity: important References: 1182066,CVE-2020-36242 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:42:46 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1557-1 Released: Tue May 11 09:50:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1183374,CVE-2021-3426 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Wed May 26 13:16:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 15:16:10 +0200 (CEST) Subject: SUSE-SU-2021:1759-1: important: Security update for rubygem-actionpack-5_1 Message-ID: <20210526131610.770D5FD07@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-5_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1759-1 Rating: important References: #1185715 Cross-References: CVE-2021-22885 CVSS scores: CVE-2021-22885 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack (bsc#1185715). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-1759=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1759=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1759=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-1759=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-3.9.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-3.9.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-3.9.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-22885.html https://bugzilla.suse.com/1185715 From sle-updates at lists.suse.com Wed May 26 13:17:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 15:17:21 +0200 (CEST) Subject: SUSE-SU-2021:1761-1: moderate: Security update for hivex Message-ID: <20210526131721.7C3CAFD07@maintenance.suse.de> SUSE Security Update: Security update for hivex ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1761-1 Rating: moderate References: #1185013 Cross-References: CVE-2021-3504 CVSS scores: CVE-2021-3504 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2021-3504 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hivex fixes the following issues: - CVE-2021-3504: hivex: missing bounds check within hivex_open() (bsc#1185013) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1761=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1761=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1761=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1761=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1761=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): hivex-debuginfo-1.3.14-5.3.1 hivex-debugsource-1.3.14-5.3.1 libhivex0-1.3.14-5.3.1 libhivex0-debuginfo-1.3.14-5.3.1 perl-Win-Hivex-1.3.14-5.3.1 perl-Win-Hivex-debuginfo-1.3.14-5.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.14-5.3.1 hivex-debugsource-1.3.14-5.3.1 ocaml-hivex-1.3.14-5.3.1 ocaml-hivex-debuginfo-1.3.14-5.3.1 ocaml-hivex-devel-1.3.14-5.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.14-5.3.1 hivex-debugsource-1.3.14-5.3.1 ocaml-hivex-1.3.14-5.3.1 ocaml-hivex-debuginfo-1.3.14-5.3.1 ocaml-hivex-devel-1.3.14-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.14-5.3.1 hivex-debugsource-1.3.14-5.3.1 hivex-devel-1.3.14-5.3.1 libhivex0-1.3.14-5.3.1 libhivex0-debuginfo-1.3.14-5.3.1 perl-Win-Hivex-1.3.14-5.3.1 perl-Win-Hivex-debuginfo-1.3.14-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.14-5.3.1 hivex-debugsource-1.3.14-5.3.1 hivex-devel-1.3.14-5.3.1 libhivex0-1.3.14-5.3.1 libhivex0-debuginfo-1.3.14-5.3.1 perl-Win-Hivex-1.3.14-5.3.1 perl-Win-Hivex-debuginfo-1.3.14-5.3.1 References: https://www.suse.com/security/cve/CVE-2021-3504.html https://bugzilla.suse.com/1185013 From sle-updates at lists.suse.com Wed May 26 13:18:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 15:18:29 +0200 (CEST) Subject: SUSE-SU-2021:1760-1: moderate: Security update for hivex Message-ID: <20210526131829.14686FD07@maintenance.suse.de> SUSE Security Update: Security update for hivex ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1760-1 Rating: moderate References: #1185013 Cross-References: CVE-2021-3504 CVSS scores: CVE-2021-3504 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2021-3504 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hivex fixes the following issues: - CVE-2021-3504: hivex: missing bounds check within hivex_open() (bsc#1185013) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1760=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1760=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.10-5.3.1 hivex-debugsource-1.3.10-5.3.1 hivex-devel-1.3.10-5.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.10-5.3.1 hivex-debugsource-1.3.10-5.3.1 libhivex0-1.3.10-5.3.1 libhivex0-debuginfo-1.3.10-5.3.1 perl-Win-Hivex-1.3.10-5.3.1 perl-Win-Hivex-debuginfo-1.3.10-5.3.1 References: https://www.suse.com/security/cve/CVE-2021-3504.html https://bugzilla.suse.com/1185013 From sle-updates at lists.suse.com Wed May 26 16:16:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 18:16:11 +0200 (CEST) Subject: SUSE-SU-2021:1766-1: moderate: Security update for libX11 Message-ID: <20210526161611.4C80FFD07@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1766-1 Rating: moderate References: #1182506 Cross-References: CVE-2021-31535 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libX11 fixes the following issues: - CVE-2021-31535: Fixed missing request length checks in libX11 (bsc#1182506). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1766=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1766=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-debugsource-1.6.2-12.18.1 libX11-devel-1.6.2-12.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.18.1 libX11-6-debuginfo-1.6.2-12.18.1 libX11-debugsource-1.6.2-12.18.1 libX11-xcb1-1.6.2-12.18.1 libX11-xcb1-debuginfo-1.6.2-12.18.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libX11-6-32bit-1.6.2-12.18.1 libX11-6-debuginfo-32bit-1.6.2-12.18.1 libX11-xcb1-32bit-1.6.2-12.18.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.18.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libX11-data-1.6.2-12.18.1 References: https://www.suse.com/security/cve/CVE-2021-31535.html https://bugzilla.suse.com/1182506 From sle-updates at lists.suse.com Wed May 26 16:18:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 18:18:21 +0200 (CEST) Subject: SUSE-RU-2021:1770-1: moderate: Recommended update for resource-agents Message-ID: <20210526161821.823CAFD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1770-1 Rating: moderate References: #1177796 #1179977 #1180590 #1183971 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - A bug was fixed where the stop operation failed if /root/.profile has unexpected content (bsc#1179977) - Fixed an issue when 'ethmonitor' bloats journal with warnings for VLAN devices. (bsc#1177796) - A bug was fixed where the stop operation failed if /root/.profile has unexpected content (bsc#1179977) - Fixed an issue when 'ethmonitor' bloats journal with warnings for VLAN devices. (bsc#1177796) - Fixed an issue when azure-events puts both nodes in standby. (bsc#1183971) - Fixed an issue when the resource agent 'stop operation' fails if the profile has an unexpected content. (bsc#1179977) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1770=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-4.48.1 resource-agents-4.3.0184.6ee15eb2-4.48.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-4.48.1 resource-agents-debugsource-4.3.0184.6ee15eb2-4.48.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-4.48.1 References: https://bugzilla.suse.com/1177796 https://bugzilla.suse.com/1179977 https://bugzilla.suse.com/1180590 https://bugzilla.suse.com/1183971 From sle-updates at lists.suse.com Wed May 26 16:19:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 18:19:41 +0200 (CEST) Subject: SUSE-SU-2021:1763-1: moderate: Security update for curl Message-ID: <20210526161941.E2FD2FD07@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1763-1 Rating: moderate References: #1186114 SLE-17954 Cross-References: CVE-2021-22898 CVSS scores: CVE-2021-22898 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1763=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1763=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.18.1 curl-debugsource-7.60.0-11.18.1 libcurl-devel-7.60.0-11.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.18.1 curl-debuginfo-7.60.0-11.18.1 curl-debugsource-7.60.0-11.18.1 libcurl4-7.60.0-11.18.1 libcurl4-debuginfo-7.60.0-11.18.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.18.1 libcurl4-debuginfo-32bit-7.60.0-11.18.1 References: https://www.suse.com/security/cve/CVE-2021-22898.html https://bugzilla.suse.com/1186114 From sle-updates at lists.suse.com Wed May 26 16:20:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 18:20:46 +0200 (CEST) Subject: SUSE-SU-2021:14735-1: moderate: Security update for curl Message-ID: <20210526162046.3664EFD07@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14735-1 Rating: moderate References: #1186114 Cross-References: CVE-2021-22898 CVSS scores: CVE-2021-22898 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-14735=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.37.0-70.63.1 libcurl4-openssl1-7.37.0-70.63.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.37.0-70.63.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.37.0-70.63.1 References: https://www.suse.com/security/cve/CVE-2021-22898.html https://bugzilla.suse.com/1186114 From sle-updates at lists.suse.com Wed May 26 16:21:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 18:21:53 +0200 (CEST) Subject: SUSE-SU-2021:1765-1: moderate: Security update for libX11 Message-ID: <20210526162153.833CAFD07@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1765-1 Rating: moderate References: #1182506 Cross-References: CVE-2021-31535 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libX11 fixes the following issues: - CVE-2021-31535: Fixed missing request length checks in libX11 (bsc#1182506). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1765=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1765=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1765=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libX11-6-1.6.5-3.18.1 libX11-6-debuginfo-1.6.5-3.18.1 libX11-debugsource-1.6.5-3.18.1 libX11-xcb1-1.6.5-3.18.1 libX11-xcb1-debuginfo-1.6.5-3.18.1 - SUSE MicroOS 5.0 (noarch): libX11-data-1.6.5-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-3.18.1 libX11-6-debuginfo-1.6.5-3.18.1 libX11-debugsource-1.6.5-3.18.1 libX11-devel-1.6.5-3.18.1 libX11-xcb1-1.6.5-3.18.1 libX11-xcb1-debuginfo-1.6.5-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libX11-6-32bit-1.6.5-3.18.1 libX11-6-32bit-debuginfo-1.6.5-3.18.1 libX11-xcb1-32bit-1.6.5-3.18.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libX11-data-1.6.5-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-3.18.1 libX11-6-debuginfo-1.6.5-3.18.1 libX11-debugsource-1.6.5-3.18.1 libX11-devel-1.6.5-3.18.1 libX11-xcb1-1.6.5-3.18.1 libX11-xcb1-debuginfo-1.6.5-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libX11-6-32bit-1.6.5-3.18.1 libX11-6-32bit-debuginfo-1.6.5-3.18.1 libX11-xcb1-32bit-1.6.5-3.18.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libX11-data-1.6.5-3.18.1 References: https://www.suse.com/security/cve/CVE-2021-31535.html https://bugzilla.suse.com/1182506 From sle-updates at lists.suse.com Wed May 26 16:23:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 18:23:02 +0200 (CEST) Subject: SUSE-SU-2021:1762-1: moderate: Security update for curl Message-ID: <20210526162302.774EBFD07@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1762-1 Rating: moderate References: #1186114 SLE-17956 Cross-References: CVE-2021-22898 CVSS scores: CVE-2021-22898 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1762=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1762=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1762=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): curl-7.66.0-4.17.1 curl-debuginfo-7.66.0-4.17.1 curl-debugsource-7.66.0-4.17.1 libcurl4-7.66.0-4.17.1 libcurl4-debuginfo-7.66.0-4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.17.1 curl-debuginfo-7.66.0-4.17.1 curl-debugsource-7.66.0-4.17.1 libcurl-devel-7.66.0-4.17.1 libcurl4-7.66.0-4.17.1 libcurl4-debuginfo-7.66.0-4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcurl4-32bit-7.66.0-4.17.1 libcurl4-32bit-debuginfo-7.66.0-4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.17.1 curl-debuginfo-7.66.0-4.17.1 curl-debugsource-7.66.0-4.17.1 libcurl-devel-7.66.0-4.17.1 libcurl4-7.66.0-4.17.1 libcurl4-debuginfo-7.66.0-4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcurl4-32bit-7.66.0-4.17.1 libcurl4-32bit-debuginfo-7.66.0-4.17.1 References: https://www.suse.com/security/cve/CVE-2021-22898.html https://bugzilla.suse.com/1186114 From sle-updates at lists.suse.com Wed May 26 19:15:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 21:15:45 +0200 (CEST) Subject: SUSE-RU-2021:1772-1: moderate: Recommended update for motif Message-ID: <20210526191545.70FEAFD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for motif ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1772-1 Rating: moderate References: #1184184 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for motif fixes the following issues: - Add patches to prevent the third party application crashing. (bsc#1184184) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1772=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1772=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libMrm4-2.3.4-3.3.1 libMrm4-debuginfo-2.3.4-3.3.1 libUil4-2.3.4-3.3.1 libUil4-debuginfo-2.3.4-3.3.1 libXm4-2.3.4-3.3.1 libXm4-debuginfo-2.3.4-3.3.1 motif-2.3.4-3.3.1 motif-debuginfo-2.3.4-3.3.1 motif-debugsource-2.3.4-3.3.1 motif-devel-2.3.4-3.3.1 motif-devel-debuginfo-2.3.4-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): libMrm4-32bit-2.3.4-3.3.1 libMrm4-32bit-debuginfo-2.3.4-3.3.1 libUil4-32bit-2.3.4-3.3.1 libUil4-32bit-debuginfo-2.3.4-3.3.1 libXm4-32bit-2.3.4-3.3.1 libXm4-32bit-debuginfo-2.3.4-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libMrm4-2.3.4-3.3.1 libMrm4-debuginfo-2.3.4-3.3.1 libUil4-2.3.4-3.3.1 libUil4-debuginfo-2.3.4-3.3.1 libXm4-2.3.4-3.3.1 libXm4-debuginfo-2.3.4-3.3.1 motif-2.3.4-3.3.1 motif-debuginfo-2.3.4-3.3.1 motif-debugsource-2.3.4-3.3.1 motif-devel-2.3.4-3.3.1 motif-devel-debuginfo-2.3.4-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): libMrm4-32bit-2.3.4-3.3.1 libMrm4-32bit-debuginfo-2.3.4-3.3.1 libUil4-32bit-2.3.4-3.3.1 libUil4-32bit-debuginfo-2.3.4-3.3.1 libXm4-32bit-2.3.4-3.3.1 libXm4-32bit-debuginfo-2.3.4-3.3.1 References: https://bugzilla.suse.com/1184184 From sle-updates at lists.suse.com Wed May 26 19:16:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 May 2021 21:16:52 +0200 (CEST) Subject: SUSE-RU-2021:1773-1: Recommended update for python3 Message-ID: <20210526191652.A4D85FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1773-1 Rating: low References: Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for python3 fixes the following issues: - Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1773=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1773=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1773=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1773=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1773=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libpython3_6m1_0-3.6.13-3.84.1 libpython3_6m1_0-debuginfo-3.6.13-3.84.1 python3-3.6.13-3.84.1 python3-base-3.6.13-3.84.1 python3-base-debuginfo-3.6.13-3.84.1 python3-core-debugsource-3.6.13-3.84.1 python3-debuginfo-3.6.13-3.84.1 python3-debugsource-3.6.13-3.84.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.13-3.84.1 python3-tools-3.6.13-3.84.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): python3-tools-3.6.13-3.84.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.13-3.84.1 libpython3_6m1_0-debuginfo-3.6.13-3.84.1 python3-3.6.13-3.84.1 python3-base-3.6.13-3.84.1 python3-base-debuginfo-3.6.13-3.84.1 python3-core-debugsource-3.6.13-3.84.1 python3-curses-3.6.13-3.84.1 python3-curses-debuginfo-3.6.13-3.84.1 python3-dbm-3.6.13-3.84.1 python3-dbm-debuginfo-3.6.13-3.84.1 python3-debuginfo-3.6.13-3.84.1 python3-debugsource-3.6.13-3.84.1 python3-devel-3.6.13-3.84.1 python3-devel-debuginfo-3.6.13-3.84.1 python3-idle-3.6.13-3.84.1 python3-tk-3.6.13-3.84.1 python3-tk-debuginfo-3.6.13-3.84.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.13-3.84.1 libpython3_6m1_0-debuginfo-3.6.13-3.84.1 python3-3.6.13-3.84.1 python3-base-3.6.13-3.84.1 python3-curses-3.6.13-3.84.1 python3-curses-debuginfo-3.6.13-3.84.1 python3-dbm-3.6.13-3.84.1 python3-dbm-debuginfo-3.6.13-3.84.1 python3-debuginfo-3.6.13-3.84.1 python3-debugsource-3.6.13-3.84.1 python3-devel-3.6.13-3.84.1 python3-devel-debuginfo-3.6.13-3.84.1 python3-idle-3.6.13-3.84.1 python3-tk-3.6.13-3.84.1 python3-tk-debuginfo-3.6.13-3.84.1 References: From sle-updates at lists.suse.com Wed May 26 22:16:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 00:16:47 +0200 (CEST) Subject: SUSE-RU-2021:1774-1: moderate: Recommended update for python-six Message-ID: <20210526221647.426BEFD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-six ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1774-1 Rating: moderate References: #1176784 ECO-3105 ECO-3352 PM-2352 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix and contains three features can now be installed. Description: This update for python-six fixes the following issues: - Update in SLE-12 to allow refreshing the AWS and Azure SDKs. (bsc#1176784, jsc#ECO-3105, jsc#ECO-3352, jsc#PM-2352) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1774=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1774=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1774=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1774=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1774=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-six-1.14.0-13.6.1 python3-six-1.14.0-13.6.1 - SUSE OpenStack Cloud 9 (noarch): python-six-1.14.0-13.6.1 python3-six-1.14.0-13.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): python-six-1.14.0-13.6.1 python3-six-1.14.0-13.6.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-six-1.14.0-13.6.1 python3-six-1.14.0-13.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): python-six-1.14.0-13.6.1 python3-six-1.14.0-13.6.1 References: https://bugzilla.suse.com/1176784 From sle-updates at lists.suse.com Thu May 27 06:10:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:10:23 +0200 (CEST) Subject: SUSE-CU-2021:198-1: Security update of suse/sles12sp3 Message-ID: <20210527061023.34668B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:198-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.259 , suse/sles12sp3:latest Container Release : 24.259 Severity : moderate Type : security References : 1186114 CVE-2021-22898 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1665-1 Released: Wed May 26 12:32:50 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). From sle-updates at lists.suse.com Thu May 27 06:19:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:19:22 +0200 (CEST) Subject: SUSE-CU-2021:199-1: Security update of suse/sles12sp5 Message-ID: <20210527061922.D4FE8B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:199-1 Container Tags : suse/sles12sp5:6.5.182 , suse/sles12sp5:latest Container Release : 6.5.182 Severity : moderate Type : security References : 1186114 CVE-2021-22898 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1763-1 Released: Wed May 26 12:31:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. From sle-updates at lists.suse.com Thu May 27 06:28:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:28:53 +0200 (CEST) Subject: SUSE-CU-2021:200-1: Security update of suse/sle15 Message-ID: <20210527062853.C6521B460B4@westernhagen.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:200-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.922 Container Release : 8.2.922 Severity : moderate Type : security References : 1186114 CVE-2021-22898 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. From sle-updates at lists.suse.com Thu May 27 06:31:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:31:17 +0200 (CEST) Subject: SUSE-CU-2021:197-1: Security update of caasp/v4.5/k8s-sidecar Message-ID: <20210527063118.019CEB460B4@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/k8s-sidecar ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:197-1 Container Tags : caasp/v4.5/k8s-sidecar:0.1.75 , caasp/v4.5/k8s-sidecar:0.1.75-rev3 , caasp/v4.5/k8s-sidecar:0.1.75-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1125671 1140565 1141597 1146705 1154393 1155094 1161276 1169006 1171883 1172695 1173582 1174016 1174091 1174436 1174514 1174571 1174701 1174942 1175289 1175458 1175514 1175519 1175623 1176201 1176262 1176784 1176785 1177127 1177211 1177238 1177275 1177427 1177490 1177583 1178009 1178168 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179193 1179222 1179363 1179415 1179503 1179630 1179694 1179721 1179756 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180377 1180596 1180603 1180603 1180663 1180686 1180721 1180836 1180851 1180885 1181011 1181126 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182066 1182117 1182279 1182328 1182331 1182333 1182362 1182379 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183374 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-25013 CVE-2019-5010 CVE-2020-14343 CVE-2020-14422 CVE-2020-25659 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-27618 CVE-2020-27619 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-36242 CVE-2020-8025 CVE-2020-8492 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3177 CVE-2021-3326 CVE-2021-3426 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/k8s-sidecar was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:529-1 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:594-1 Released: Thu Feb 25 09:29:35 2021 Summary: Security update for python-cryptography Type: security Severity: important References: 1182066,CVE-2020-36242 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:42:46 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1557-1 Released: Tue May 11 09:50:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1183374,CVE-2021-3426 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:31:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:31:43 +0200 (CEST) Subject: SUSE-CU-2021:201-1: Security update of caasp/v4.5/kube-apiserver Message-ID: <20210527063143.3F7FBB460B4@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:201-1 Container Tags : caasp/v4.5/kube-apiserver:v1.18.10 , caasp/v4.5/kube-apiserver:v1.18.10-rev4 , caasp/v4.5/kube-apiserver:v1.18.10-rev4-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181585 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183541 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/kube-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1695-1 Released: Fri May 21 17:14:37 2021 Summary: Include a cri-o and kubernetes bug fixes and a fresh rebuild of container images Type: recommended Severity: important References: 1181585,1183541 == Kubernetes bsc#1181585 kubernetes issue is a backport of the upstream bug: https://github.com/kubernetes/kubernetes/pull/89937 == Cri-o bsc#1183541 ensures cri-o service is started before kubelet service to fix a bad interaction of these two services performing image garbage collection From sle-updates at lists.suse.com Thu May 27 06:32:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:32:12 +0200 (CEST) Subject: SUSE-CU-2021:202-1: Security update of caasp/v4.5/kube-controller-manager Message-ID: <20210527063212.EB781B460B4@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-controller-manager ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:202-1 Container Tags : caasp/v4.5/kube-controller-manager:v1.18.10 , caasp/v4.5/kube-controller-manager:v1.18.10-rev4 , caasp/v4.5/kube-controller-manager:v1.18.10-rev4-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1083473 1084671 1098449 1112500 1115408 1125671 1140565 1141597 1144793 1146705 1154393 1155094 1161276 1165780 1165780 1168771 1169006 1171883 1172695 1172926 1173582 1174016 1174091 1174436 1174514 1174571 1174701 1174942 1175289 1175458 1175514 1175519 1175623 1176201 1176262 1176390 1176489 1176679 1176784 1176785 1176828 1177211 1177238 1177275 1177360 1177427 1177490 1177533 1177583 1177658 1177857 1178009 1178168 1178219 1178346 1178386 1178554 1178680 1178775 1178775 1178823 1178825 1178837 1178860 1178860 1178905 1178909 1178910 1178932 1178966 1179016 1179083 1179193 1179222 1179363 1179415 1179503 1179569 1179630 1179691 1179691 1179694 1179721 1179738 1179756 1179802 1179816 1179824 1179847 1179909 1179997 1180020 1180038 1180073 1180077 1180083 1180107 1180138 1180155 1180225 1180377 1180596 1180603 1180603 1180663 1180686 1180721 1180836 1180851 1180885 1181011 1181126 1181319 1181328 1181443 1181505 1181585 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182379 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182766 1182791 1182899 1182936 1182959 1183012 1183064 1183074 1183094 1183370 1183371 1183374 1183456 1183457 1183541 1183628 1183791 1183797 1183801 1183852 1183899 1183933 1183934 1184136 1184231 1184358 1184401 1184435 1184614 1184687 1184690 1184997 1185163 1185190 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-25013 CVE-2019-5010 CVE-2020-14343 CVE-2020-14422 CVE-2020-25659 CVE-2020-25678 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-27618 CVE-2020-27619 CVE-2020-27781 CVE-2020-27839 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2020-8492 CVE-2021-20231 CVE-2021-20232 CVE-2021-20288 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3177 CVE-2021-3326 CVE-2021-3426 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/kube-controller-manager was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3895-1 Released: Mon Dec 21 12:56:25 2020 Summary: Security update for ceph Type: security Severity: important References: 1178860,1179016,1179802,1180107,1180155,CVE-2020-27781 This update for ceph fixes the following issues: Security issue fixed: - CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1180155, bsc#1179802). Non-security issues fixed: - Update to 15.2.8-80-g1f4b6229ca: + Rebase on tip of upstream 'octopus' branch, SHA1 bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55 * upstream Octopus v15.2.8 release, see https://ceph.io/releases/v15-2-8-octopus-released/ - Update to 15.2.7-776-g343cd10fe5: + Rebase on tip of upstream 'octopus' branch, SHA1 1b8a634fdcd94dfb3ba650793fb1b6d09af65e05 * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1 + (bsc#1179016) rpm: require smartmontools on SUSE + (bsc#1180107) ceph-volume: pass --filter-for-batch from drive-group subcommand ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:529-1 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:42:46 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1108-1 Released: Thu Apr 8 11:48:47 2021 Summary: Security update for ceph Type: security Severity: moderate References: 1172926,1176390,1176489,1176679,1176828,1177360,1177857,1178837,1178860,1178905,1178932,1179569,1179997,1182766,CVE-2020-25678,CVE-2020-27839 This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence 'Failed to evict container' log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857) - rgw: cls/user: set from_index for reset stats calls (bsc#1178837) - mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) - cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1474-1 Released: Tue May 4 08:59:01 2021 Summary: Security update for ceph Type: security Severity: important References: 1183074,1183899,1184231,CVE-2021-20288 This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074). * disk gets replaced with no rocksdb/wal (bsc#1184231). * BlueStore handles huge(>4GB) writes from RocksDB to BlueFS poorly, potentially causing data corruption (bsc#1183899). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1557-1 Released: Tue May 11 09:50:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1183374,CVE-2021-3426 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1695-1 Released: Fri May 21 17:14:37 2021 Summary: Include a cri-o and kubernetes bug fixes and a fresh rebuild of container images Type: recommended Severity: important References: 1181585,1183541 == Kubernetes bsc#1181585 kubernetes issue is a backport of the upstream bug: https://github.com/kubernetes/kubernetes/pull/89937 == Cri-o bsc#1183541 ensures cri-o service is started before kubelet service to fix a bad interaction of these two services performing image garbage collection From sle-updates at lists.suse.com Thu May 27 06:32:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:32:41 +0200 (CEST) Subject: SUSE-CU-2021:203-1: Security update of caasp/v4.5/kube-proxy Message-ID: <20210527063241.25855B460B4@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-proxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:203-1 Container Tags : caasp/v4.5/kube-proxy:v1.18.10 , caasp/v4.5/kube-proxy:v1.18.10-rev4 , caasp/v4.5/kube-proxy:v1.18.10-rev4-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1083473 1084671 1098449 1112500 1115408 1141597 1144793 1146705 1161276 1165780 1165780 1168771 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177533 1177583 1177658 1178219 1178346 1178386 1178554 1178680 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179691 1179691 1179694 1179721 1179738 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181319 1181328 1181443 1181505 1181585 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182824 1182899 1182936 1182959 1183012 1183064 1183094 1183370 1183371 1183456 1183457 1183541 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184136 1184358 1184401 1184435 1184614 1184687 1184690 1184997 1185163 1185190 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/kube-proxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1479-1 Released: Tue May 4 14:11:33 2021 Summary: Recommended update for ebtables Type: recommended Severity: important References: 1182824 This update for ebtables fixes the following issue: - Lock properly when on `NFS` shares and the `--concurrent` flag is used in a non standard order. (bsc#1182824) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1695-1 Released: Fri May 21 17:14:37 2021 Summary: Include a cri-o and kubernetes bug fixes and a fresh rebuild of container images Type: recommended Severity: important References: 1181585,1183541 == Kubernetes bsc#1181585 kubernetes issue is a backport of the upstream bug: https://github.com/kubernetes/kubernetes/pull/89937 == Cri-o bsc#1183541 ensures cri-o service is started before kubelet service to fix a bad interaction of these two services performing image garbage collection From sle-updates at lists.suse.com Thu May 27 06:33:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:33:06 +0200 (CEST) Subject: SUSE-CU-2021:204-1: Security update of caasp/v4.5/kube-scheduler Message-ID: <20210527063306.5F1D5B460B4@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-scheduler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:204-1 Container Tags : caasp/v4.5/kube-scheduler:v1.18.10 , caasp/v4.5/kube-scheduler:v1.18.10-rev4 , caasp/v4.5/kube-scheduler:v1.18.10-rev4-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181585 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183541 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/kube-scheduler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1695-1 Released: Fri May 21 17:14:37 2021 Summary: Include a cri-o and kubernetes bug fixes and a fresh rebuild of container images Type: recommended Severity: important References: 1181585,1183541 == Kubernetes bsc#1181585 kubernetes issue is a backport of the upstream bug: https://github.com/kubernetes/kubernetes/pull/89937 == Cri-o bsc#1183541 ensures cri-o service is started before kubelet service to fix a bad interaction of these two services performing image garbage collection From sle-updates at lists.suse.com Thu May 27 06:33:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:33:32 +0200 (CEST) Subject: SUSE-CU-2021:205-1: Security update of caasp/v4.5/kube-state-metrics Message-ID: <20210527063332.2A28DB460B4@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-state-metrics ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:205-1 Container Tags : caasp/v4.5/kube-state-metrics:1.9.5 , caasp/v4.5/kube-state-metrics:1.9.5-rev3 , caasp/v4.5/kube-state-metrics:1.9.5-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/kube-state-metrics was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:33:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:33:57 +0200 (CEST) Subject: SUSE-CU-2021:206-1: Security update of caasp/v4.5/kubernetes-client Message-ID: <20210527063357.75925B460B4@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/kubernetes-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:206-1 Container Tags : caasp/v4.5/kubernetes-client:1.18.10 , caasp/v4.5/kubernetes-client:1.18.10-rev6 , caasp/v4.5/kubernetes-client:1.18.10-rev6-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/kubernetes-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:34:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:34:22 +0200 (CEST) Subject: SUSE-CU-2021:207-1: Security update of caasp/v4.5/kucero Message-ID: <20210527063422.F1B87B460B4@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/kucero ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:207-1 Container Tags : caasp/v4.5/kucero:1.3.0 , caasp/v4.5/kucero:1.3.0-rev6 , caasp/v4.5/kucero:1.3.0-rev6-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/kucero was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:34:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:34:49 +0200 (CEST) Subject: SUSE-CU-2021:208-1: Security update of caasp/v4.5/kured Message-ID: <20210527063449.CA7F5B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/kured ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:208-1 Container Tags : caasp/v4.5/kured:1.4.3 , caasp/v4.5/kured:1.4.3-rev6 , caasp/v4.5/kured:1.4.3-rev6-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/kured was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:35:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:35:15 +0200 (CEST) Subject: SUSE-CU-2021:209-1: Security update of caasp/v4.5/metrics-server Message-ID: <20210527063515.A24FAB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/metrics-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:209-1 Container Tags : caasp/v4.5/metrics-server:0.3.6 , caasp/v4.5/metrics-server:0.3.6-rev3 , caasp/v4.5/metrics-server:0.3.6-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/metrics-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:35:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:35:57 +0200 (CEST) Subject: SUSE-CU-2021:211-1: Security update of caasp/v4.5/prometheus-alertmanager Message-ID: <20210527063557.D935DB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/prometheus-alertmanager ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:211-1 Container Tags : caasp/v4.5/prometheus-alertmanager:0.16.2 , caasp/v4.5/prometheus-alertmanager:0.16.2-rev4 , caasp/v4.5/prometheus-alertmanager:0.16.2-rev4-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1083473 1084671 1098449 1112500 1115408 1141597 1144793 1146705 1161276 1165780 1165780 1168771 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177533 1177583 1177658 1178219 1178346 1178386 1178554 1178680 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179691 1179691 1179694 1179721 1179738 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181319 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183012 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184136 1184358 1184401 1184435 1184614 1184687 1184690 1184997 1185163 1185190 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/prometheus-alertmanager was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:36:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:36:25 +0200 (CEST) Subject: SUSE-CU-2021:212-1: Security update of caasp/v4.5/prometheus-node-exporter Message-ID: <20210527063625.5287AB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/prometheus-node-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:212-1 Container Tags : caasp/v4.5/prometheus-node-exporter:1.0.1 , caasp/v4.5/prometheus-node-exporter:1.0.1-rev4 , caasp/v4.5/prometheus-node-exporter:1.0.1-rev4-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1083473 1084671 1098449 1112500 1115408 1141597 1144793 1146705 1161276 1165780 1165780 1168771 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177533 1177583 1177658 1178219 1178346 1178386 1178554 1178680 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179691 1179691 1179694 1179721 1179738 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181319 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183012 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184136 1184358 1184401 1184435 1184614 1184687 1184690 1184997 1185163 1185190 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/prometheus-node-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:36:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:36:52 +0200 (CEST) Subject: SUSE-CU-2021:213-1: Security update of caasp/v4.5/prometheus-pushgateway Message-ID: <20210527063652.D8656B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/prometheus-pushgateway ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:213-1 Container Tags : caasp/v4.5/prometheus-pushgateway:0.6.0 , caasp/v4.5/prometheus-pushgateway:0.6.0-rev4 , caasp/v4.5/prometheus-pushgateway:0.6.0-rev4-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1083473 1084671 1098449 1112500 1115408 1141597 1144793 1146705 1161276 1165780 1165780 1168771 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177533 1177583 1177658 1178219 1178346 1178386 1178554 1178680 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179691 1179691 1179694 1179721 1179738 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181319 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183012 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184136 1184358 1184401 1184435 1184614 1184687 1184690 1184997 1185163 1185190 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/prometheus-pushgateway was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:37:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:37:20 +0200 (CEST) Subject: SUSE-CU-2021:214-1: Security update of caasp/v4.5/prometheus-server Message-ID: <20210527063720.70EA4B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/prometheus-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:214-1 Container Tags : caasp/v4.5/prometheus-server:2.18.0 , caasp/v4.5/prometheus-server:2.18.0-rev4 , caasp/v4.5/prometheus-server:2.18.0-rev4-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1083473 1084671 1098449 1112500 1115408 1141597 1144793 1146705 1161276 1165780 1165780 1168771 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177533 1177583 1177658 1178219 1178346 1178386 1178554 1178680 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179691 1179691 1179694 1179721 1179738 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181319 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183012 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184136 1184358 1184401 1184435 1184614 1184687 1184690 1184997 1185163 1185190 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/prometheus-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:37:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:37:46 +0200 (CEST) Subject: SUSE-CU-2021:215-1: Security update of caasp/v4.5/reloader Message-ID: <20210527063746.D6721B46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/reloader ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:215-1 Container Tags : caasp/v4.5/reloader:0.0.58 , caasp/v4.5/reloader:0.0.58-rev3 , caasp/v4.5/reloader:0.0.58-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/reloader was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:38:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:38:14 +0200 (CEST) Subject: SUSE-CU-2021:216-1: Security update of caasp/v4.5/rsyslog Message-ID: <20210527063814.B976DB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/rsyslog ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:216-1 Container Tags : caasp/v4.5/rsyslog:8.39.0 , caasp/v4.5/rsyslog:8.39.0-rev3 , caasp/v4.5/rsyslog:8.39.0-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1083473 1084671 1098449 1112500 1115408 1141597 1144793 1146705 1161276 1165780 1165780 1168771 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177533 1177583 1177658 1178219 1178346 1178386 1178490 1178554 1178680 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179691 1179691 1179694 1179721 1179738 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181319 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183012 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184136 1184358 1184401 1184435 1184614 1184687 1184690 1184997 1185163 1185190 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/rsyslog was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1205-1 Released: Thu Apr 15 15:14:31 2021 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1178490 This update for rsyslog fixes the following issues: - Fix groupname retrieval for large groups. (bsc#1178490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:38:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:38:40 +0200 (CEST) Subject: SUSE-CU-2021:217-1: Security update of caasp/v4.5/skuba-tooling Message-ID: <20210527063840.3547CB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/skuba-tooling ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:217-1 Container Tags : caasp/v4.5/skuba-tooling:0.1.0 , caasp/v4.5/skuba-tooling:0.1.0-rev3 , caasp/v4.5/skuba-tooling:0.1.0-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/skuba-tooling was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 06:39:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 08:39:05 +0200 (CEST) Subject: SUSE-CU-2021:218-1: Security update of caasp/v4.5/velero Message-ID: <20210527063905.EED5EB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/velero ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:218-1 Container Tags : caasp/v4.5/velero:1.4.2 , caasp/v4.5/velero:1.4.2-rev3 , caasp/v4.5/velero:1.4.2-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/velero was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Thu May 27 13:16:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 15:16:10 +0200 (CEST) Subject: SUSE-RU-2021:1775-1: important: Recommended update for yast2-pkg-bindings Message-ID: <20210527131610.E1C28FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-pkg-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1775-1 Rating: important References: #1185240 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-pkg-bindings fixes the following issues: - Fixes an issue in the self-installer, where sometimes old package versions were downloaded instead of the latest ones (bsc#1185240) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1775=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-1775=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-pkg-bindings-4.2.16-3.15.1 yast2-pkg-bindings-debuginfo-4.2.16-3.15.1 yast2-pkg-bindings-debugsource-4.2.16-3.15.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-pkg-bindings-4.2.16-3.15.1 References: https://bugzilla.suse.com/1185240 From sle-updates at lists.suse.com Thu May 27 13:17:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 15:17:16 +0200 (CEST) Subject: SUSE-SU-2021:1779-1: moderate: Security update for python-httplib2 Message-ID: <20210527131716.5F4E3FD07@maintenance.suse.de> SUSE Security Update: Security update for python-httplib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1779-1 Rating: moderate References: #1171998 #1182053 Cross-References: CVE-2020-11078 CVE-2021-21240 CVSS scores: CVE-2020-11078 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2020-11078 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2021-21240 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21240 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header (bsc#1182053). - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body (bsc#1171998). Non security fixes included in this update: - Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240) - update to 0.19.0: * auth: parse headers using pyparsing instead of regexp * auth: WSSE token needs to be string not bytes - update to 0.18.1: (bsc#1171998, CVE-2020-11078) * explicit build-backend workaround for pip build isolation bug * IMPORTANT security vulnerability CWE-93 CRLF injection Force %xx quote of space, CR, LF characters in uri. * Ship test suite in source dist - update to 0.17.3: * bugfixes - Update to 0.17.1 * python3: no_proxy was not checked with https * feature: Http().redirect_codes set, works after follow(_all)_redirects check This allows one line workaround for old gcloud library that uses 308 response without redirect semantics. * IMPORTANT cache invalidation change, fix 307 keep method, add 308 Redirects * proxy: username/password as str compatible with pysocks * python2: regression in connect() error handling * add support for password protected certificate files * feature: Http.close() to clean persistent connections and sensitive data - Update to 0.14.0: * Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError - version update to 0.13.1 0.13.1 * Python3: Use no_proxy https://github.com/httplib2/httplib2/pull/140 0.13.0 * Allow setting TLS max/min versions https://github.com/httplib2/httplib2/pull/138 0.12.3 * No changes to library. Distribute py3 wheels. 0.12.1 * Catch socket timeouts and clear dead connection https://github.com/httplib2/httplib2/issues/18 https://github.com/httplib2/httplib2/pull/111 * Officially support Python 3.7 (package metadata) https://github.com/httplib2/httplib2/issues/123 0.12.0 * Drop support for Python 3.3 * ca_certs from environment HTTPLIB2_CA_CERTS or certifi https://github.com/httplib2/httplib2/pull/117 * PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required https://github.com/httplib2/httplib2/pull/115 * Revert http:443->https workaround https://github.com/httplib2/httplib2/issues/112 * eliminate connection pool read race https://github.com/httplib2/httplib2/pull/110 * cache: stronger safename https://github.com/httplib2/httplib2/pull/101 0.11.3 * No changes, just reupload of 0.11.2 after fixing automatic release conditions in Travis. 0.11.2 * proxy: py3 NameError basestring https://github.com/httplib2/httplib2/pull/100 0.11.1 * Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info https://github.com/httplib2/httplib2/pull/97 0.11.0 * Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5 https://github.com/httplib2/httplib2/pull/91 * python3 proxy support https://github.com/httplib2/httplib2/pull/90 * If no_proxy environment value ends with comma then proxy is not used https://github.com/httplib2/httplib2/issues/11 * fix UnicodeDecodeError using socks5 proxy https://github.com/httplib2/httplib2/pull/64 * Respect NO_PROXY env var in proxy_info_from_url https://github.com/httplib2/httplib2/pull/58 * NO_PROXY=bar was matching foobar (suffix without dot delimiter) New behavior matches curl/wget: - no_proxy=foo.bar will only skip proxy for exact hostname match - no_proxy=.wild.card will skip proxy for any.subdomains.wild.card https://github.com/httplib2/httplib2/issues/94 * Bugfix for Content-Encoding: deflate https://stackoverflow.com/a/22311297 - deleted patches - httplib2 started to use certifi and this is already bent to use system certificate bundle. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1779=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1779=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-httplib2-0.19.0-8.3.4 - SUSE OpenStack Cloud 9 (noarch): python-httplib2-0.19.0-8.3.4 References: https://www.suse.com/security/cve/CVE-2020-11078.html https://www.suse.com/security/cve/CVE-2021-21240.html https://bugzilla.suse.com/1171998 https://bugzilla.suse.com/1182053 From sle-updates at lists.suse.com Thu May 27 16:16:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 18:16:02 +0200 (CEST) Subject: SUSE-RU-2021:1780-1: Recommended update for release-notes-caasp Message-ID: <20210527161602.86FBCFD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-caasp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1780-1 Rating: low References: #1186469 Affected Products: SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-caasp fixes the following issues: - Updated release notes to version 4.5.4 (bsc#1186469) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.5 (noarch): release-notes-caasp-4.5.20210526-3.19.1 References: https://bugzilla.suse.com/1186469 From sle-updates at lists.suse.com Thu May 27 19:16:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:16:07 +0200 (CEST) Subject: SUSE-SU-2021:1782-1: moderate: Security update for postgresql10 Message-ID: <20210527191607.1D861FD07@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1782-1 Rating: moderate References: #1179945 #1183118 #1183168 #1185924 #1185925 Cross-References: CVE-2021-32027 CVE-2021-32028 CVSS scores: CVE-2021-32027 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-32028 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for postgresql10 fixes the following issues: - Upgrade to version 10.17: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1782=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1782=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql10-debugsource-10.17-4.16.4 postgresql10-devel-10.17-4.16.4 postgresql10-devel-debuginfo-10.17-4.16.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql10-10.17-4.16.4 postgresql10-contrib-10.17-4.16.4 postgresql10-contrib-debuginfo-10.17-4.16.4 postgresql10-debuginfo-10.17-4.16.4 postgresql10-debugsource-10.17-4.16.4 postgresql10-plperl-10.17-4.16.4 postgresql10-plperl-debuginfo-10.17-4.16.4 postgresql10-plpython-10.17-4.16.4 postgresql10-plpython-debuginfo-10.17-4.16.4 postgresql10-pltcl-10.17-4.16.4 postgresql10-pltcl-debuginfo-10.17-4.16.4 postgresql10-server-10.17-4.16.4 postgresql10-server-debuginfo-10.17-4.16.4 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql10-docs-10.17-4.16.4 References: https://www.suse.com/security/cve/CVE-2021-32027.html https://www.suse.com/security/cve/CVE-2021-32028.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1183118 https://bugzilla.suse.com/1183168 https://bugzilla.suse.com/1185924 https://bugzilla.suse.com/1185925 From sle-updates at lists.suse.com Thu May 27 19:17:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:17:29 +0200 (CEST) Subject: SUSE-SU-2021:1791-1: important: Security update for slurm_20_11 Message-ID: <20210527191729.584ADFD07@maintenance.suse.de> SUSE Security Update: Security update for slurm_20_11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1791-1 Rating: important References: #1180700 #1185603 #1186024 Cross-References: CVE-2021-31215 CVSS scores: CVE-2021-31215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31215 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for slurm_20_11 fixes the following issues: - Udpate to 20.11.7: - CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling (bsc#1186024) - Ship REST API version and auth plugins with slurmrestd. - Add YAML support for REST API to build (bsc#1185603). - Fix Provides:/Conflicts: for libnss_slurm (bsc#1180700). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2021-1791=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libnss_slurm2_20_11-20.11.7-3.8.1 libnss_slurm2_20_11-debuginfo-20.11.7-3.8.1 libpmi0_20_11-20.11.7-3.8.1 libpmi0_20_11-debuginfo-20.11.7-3.8.1 libslurm36-20.11.7-3.8.1 libslurm36-debuginfo-20.11.7-3.8.1 perl-slurm_20_11-20.11.7-3.8.1 perl-slurm_20_11-debuginfo-20.11.7-3.8.1 slurm_20_11-20.11.7-3.8.1 slurm_20_11-auth-none-20.11.7-3.8.1 slurm_20_11-auth-none-debuginfo-20.11.7-3.8.1 slurm_20_11-config-20.11.7-3.8.1 slurm_20_11-config-man-20.11.7-3.8.1 slurm_20_11-debuginfo-20.11.7-3.8.1 slurm_20_11-debugsource-20.11.7-3.8.1 slurm_20_11-devel-20.11.7-3.8.1 slurm_20_11-doc-20.11.7-3.8.1 slurm_20_11-lua-20.11.7-3.8.1 slurm_20_11-lua-debuginfo-20.11.7-3.8.1 slurm_20_11-munge-20.11.7-3.8.1 slurm_20_11-munge-debuginfo-20.11.7-3.8.1 slurm_20_11-node-20.11.7-3.8.1 slurm_20_11-node-debuginfo-20.11.7-3.8.1 slurm_20_11-pam_slurm-20.11.7-3.8.1 slurm_20_11-pam_slurm-debuginfo-20.11.7-3.8.1 slurm_20_11-plugins-20.11.7-3.8.1 slurm_20_11-plugins-debuginfo-20.11.7-3.8.1 slurm_20_11-slurmdbd-20.11.7-3.8.1 slurm_20_11-slurmdbd-debuginfo-20.11.7-3.8.1 slurm_20_11-sql-20.11.7-3.8.1 slurm_20_11-sql-debuginfo-20.11.7-3.8.1 slurm_20_11-sview-20.11.7-3.8.1 slurm_20_11-sview-debuginfo-20.11.7-3.8.1 slurm_20_11-torque-20.11.7-3.8.1 slurm_20_11-torque-debuginfo-20.11.7-3.8.1 slurm_20_11-webdoc-20.11.7-3.8.1 References: https://www.suse.com/security/cve/CVE-2021-31215.html https://bugzilla.suse.com/1180700 https://bugzilla.suse.com/1185603 https://bugzilla.suse.com/1186024 From sle-updates at lists.suse.com Thu May 27 19:18:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:18:42 +0200 (CEST) Subject: SUSE-SU-2021:1793-1: important: Security update for slurm_20_11 Message-ID: <20210527191842.892A0FD07@maintenance.suse.de> SUSE Security Update: Security update for slurm_20_11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1793-1 Rating: important References: #1180700 #1185603 #1186024 Cross-References: CVE-2021-31215 CVSS scores: CVE-2021-31215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31215 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for slurm_20_11 fixes the following issues: - Udpate to 20.11.7: - CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling (bsc#1186024) - Ship REST API version and auth plugins with slurmrestd. - Add YAML support for REST API to build (bsc#1185603). - Fix Provides:/Conflicts: for libnss_slurm (bsc#1180700). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1793=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1793=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libnss_slurm2_20_11-20.11.7-3.11.1 libpmi0_20_11-20.11.7-3.11.1 libslurm36-20.11.7-3.11.1 perl-slurm_20_11-20.11.7-3.11.1 slurm_20_11-20.11.7-3.11.1 slurm_20_11-auth-none-20.11.7-3.11.1 slurm_20_11-config-20.11.7-3.11.1 slurm_20_11-config-man-20.11.7-3.11.1 slurm_20_11-devel-20.11.7-3.11.1 slurm_20_11-doc-20.11.7-3.11.1 slurm_20_11-lua-20.11.7-3.11.1 slurm_20_11-munge-20.11.7-3.11.1 slurm_20_11-node-20.11.7-3.11.1 slurm_20_11-pam_slurm-20.11.7-3.11.1 slurm_20_11-plugins-20.11.7-3.11.1 slurm_20_11-slurmdbd-20.11.7-3.11.1 slurm_20_11-sql-20.11.7-3.11.1 slurm_20_11-sview-20.11.7-3.11.1 slurm_20_11-torque-20.11.7-3.11.1 slurm_20_11-webdoc-20.11.7-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libnss_slurm2_20_11-20.11.7-3.11.1 libpmi0_20_11-20.11.7-3.11.1 libslurm36-20.11.7-3.11.1 perl-slurm_20_11-20.11.7-3.11.1 slurm_20_11-20.11.7-3.11.1 slurm_20_11-auth-none-20.11.7-3.11.1 slurm_20_11-config-20.11.7-3.11.1 slurm_20_11-config-man-20.11.7-3.11.1 slurm_20_11-devel-20.11.7-3.11.1 slurm_20_11-doc-20.11.7-3.11.1 slurm_20_11-lua-20.11.7-3.11.1 slurm_20_11-munge-20.11.7-3.11.1 slurm_20_11-node-20.11.7-3.11.1 slurm_20_11-pam_slurm-20.11.7-3.11.1 slurm_20_11-plugins-20.11.7-3.11.1 slurm_20_11-slurmdbd-20.11.7-3.11.1 slurm_20_11-sql-20.11.7-3.11.1 slurm_20_11-sview-20.11.7-3.11.1 slurm_20_11-torque-20.11.7-3.11.1 slurm_20_11-webdoc-20.11.7-3.11.1 References: https://www.suse.com/security/cve/CVE-2021-31215.html https://bugzilla.suse.com/1180700 https://bugzilla.suse.com/1185603 https://bugzilla.suse.com/1186024 From sle-updates at lists.suse.com Thu May 27 19:19:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:19:54 +0200 (CEST) Subject: SUSE-SU-2021:1789-1: important: Security update for slurm_20_11 Message-ID: <20210527191954.75364FD07@maintenance.suse.de> SUSE Security Update: Security update for slurm_20_11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1789-1 Rating: important References: #1186024 Cross-References: CVE-2021-31215 CVSS scores: CVE-2021-31215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31215 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm_20_11 fixes the following issues: - Udpate to 20.02.7: - CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling (bsc#1186024) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2021-1789=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libnss_slurm2_20_02-20.02.7-3.11.1 libnss_slurm2_20_02-debuginfo-20.02.7-3.11.1 libpmi0_20_02-20.02.7-3.11.1 libpmi0_20_02-debuginfo-20.02.7-3.11.1 libslurm35-20.02.7-3.11.1 libslurm35-debuginfo-20.02.7-3.11.1 perl-slurm_20_02-20.02.7-3.11.1 perl-slurm_20_02-debuginfo-20.02.7-3.11.1 slurm_20_02-20.02.7-3.11.1 slurm_20_02-auth-none-20.02.7-3.11.1 slurm_20_02-auth-none-debuginfo-20.02.7-3.11.1 slurm_20_02-config-20.02.7-3.11.1 slurm_20_02-config-man-20.02.7-3.11.1 slurm_20_02-debuginfo-20.02.7-3.11.1 slurm_20_02-debugsource-20.02.7-3.11.1 slurm_20_02-devel-20.02.7-3.11.1 slurm_20_02-doc-20.02.7-3.11.1 slurm_20_02-lua-20.02.7-3.11.1 slurm_20_02-lua-debuginfo-20.02.7-3.11.1 slurm_20_02-munge-20.02.7-3.11.1 slurm_20_02-munge-debuginfo-20.02.7-3.11.1 slurm_20_02-node-20.02.7-3.11.1 slurm_20_02-node-debuginfo-20.02.7-3.11.1 slurm_20_02-pam_slurm-20.02.7-3.11.1 slurm_20_02-pam_slurm-debuginfo-20.02.7-3.11.1 slurm_20_02-plugins-20.02.7-3.11.1 slurm_20_02-plugins-debuginfo-20.02.7-3.11.1 slurm_20_02-slurmdbd-20.02.7-3.11.1 slurm_20_02-slurmdbd-debuginfo-20.02.7-3.11.1 slurm_20_02-sql-20.02.7-3.11.1 slurm_20_02-sql-debuginfo-20.02.7-3.11.1 slurm_20_02-sview-20.02.7-3.11.1 slurm_20_02-sview-debuginfo-20.02.7-3.11.1 slurm_20_02-torque-20.02.7-3.11.1 slurm_20_02-torque-debuginfo-20.02.7-3.11.1 References: https://www.suse.com/security/cve/CVE-2021-31215.html https://bugzilla.suse.com/1186024 From sle-updates at lists.suse.com Thu May 27 19:21:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:21:01 +0200 (CEST) Subject: SUSE-SU-2021:1784-1: moderate: Security update for postgresql13 Message-ID: <20210527192101.ADB59FD07@maintenance.suse.de> SUSE Security Update: Security update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1784-1 Rating: moderate References: #1179945 #1183118 #1183168 #1185924 #1185925 #1185926 Cross-References: CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 CVSS scores: CVE-2021-32027 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-32028 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-32029 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for postgresql13 fixes the following issues: - Upgrade to version 13.3: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING "pg_psql_temporary_savepoint" does not exist (bsc#1185926). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1784=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1784=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql13-debugsource-13.3-3.9.2 postgresql13-debugsource-13.3-3.9.3 postgresql13-devel-13.3-3.9.3 postgresql13-devel-debuginfo-13.3-3.9.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql13-server-devel-13.3-3.9.3 postgresql13-server-devel-debuginfo-13.3-3.9.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libecpg6-13.3-3.9.3 libecpg6-debuginfo-13.3-3.9.3 libpq5-13.3-3.9.3 libpq5-debuginfo-13.3-3.9.3 postgresql13-13.3-3.9.3 postgresql13-contrib-13.3-3.9.3 postgresql13-contrib-debuginfo-13.3-3.9.3 postgresql13-debuginfo-13.3-3.9.3 postgresql13-debugsource-13.3-3.9.2 postgresql13-debugsource-13.3-3.9.3 postgresql13-plperl-13.3-3.9.3 postgresql13-plperl-debuginfo-13.3-3.9.3 postgresql13-plpython-13.3-3.9.3 postgresql13-plpython-debuginfo-13.3-3.9.3 postgresql13-pltcl-13.3-3.9.3 postgresql13-pltcl-debuginfo-13.3-3.9.3 postgresql13-server-13.3-3.9.3 postgresql13-server-debuginfo-13.3-3.9.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpq5-32bit-13.3-3.9.3 libpq5-debuginfo-32bit-13.3-3.9.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql13-docs-13.3-3.9.3 References: https://www.suse.com/security/cve/CVE-2021-32027.html https://www.suse.com/security/cve/CVE-2021-32028.html https://www.suse.com/security/cve/CVE-2021-32029.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1183118 https://bugzilla.suse.com/1183168 https://bugzilla.suse.com/1185924 https://bugzilla.suse.com/1185925 https://bugzilla.suse.com/1185926 From sle-updates at lists.suse.com Thu May 27 19:22:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:22:31 +0200 (CEST) Subject: SUSE-SU-2021:1787-1: important: Security update for slurm Message-ID: <20210527192231.1C8F5FD07@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1787-1 Rating: important References: #1186024 Cross-References: CVE-2021-31215 CVSS scores: CVE-2021-31215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31215 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm fixes the following issues: - CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling (bsc#1186024) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2021-1787=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpmi0-17.02.11-6.50.1 libpmi0-debuginfo-17.02.11-6.50.1 libslurm31-17.02.11-6.50.1 libslurm31-debuginfo-17.02.11-6.50.1 perl-slurm-17.02.11-6.50.1 perl-slurm-debuginfo-17.02.11-6.50.1 slurm-17.02.11-6.50.1 slurm-auth-none-17.02.11-6.50.1 slurm-auth-none-debuginfo-17.02.11-6.50.1 slurm-config-17.02.11-6.50.1 slurm-debuginfo-17.02.11-6.50.1 slurm-debugsource-17.02.11-6.50.1 slurm-devel-17.02.11-6.50.1 slurm-doc-17.02.11-6.50.1 slurm-lua-17.02.11-6.50.1 slurm-lua-debuginfo-17.02.11-6.50.1 slurm-munge-17.02.11-6.50.1 slurm-munge-debuginfo-17.02.11-6.50.1 slurm-pam_slurm-17.02.11-6.50.1 slurm-pam_slurm-debuginfo-17.02.11-6.50.1 slurm-plugins-17.02.11-6.50.1 slurm-plugins-debuginfo-17.02.11-6.50.1 slurm-sched-wiki-17.02.11-6.50.1 slurm-slurmdb-direct-17.02.11-6.50.1 slurm-slurmdbd-17.02.11-6.50.1 slurm-slurmdbd-debuginfo-17.02.11-6.50.1 slurm-sql-17.02.11-6.50.1 slurm-sql-debuginfo-17.02.11-6.50.1 slurm-torque-17.02.11-6.50.1 slurm-torque-debuginfo-17.02.11-6.50.1 References: https://www.suse.com/security/cve/CVE-2021-31215.html https://bugzilla.suse.com/1186024 From sle-updates at lists.suse.com Thu May 27 19:23:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:23:38 +0200 (CEST) Subject: SUSE-SU-2021:1785-1: moderate: Security update for postgresql13 Message-ID: <20210527192338.566E2FD07@maintenance.suse.de> SUSE Security Update: Security update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1785-1 Rating: moderate References: #1179945 #1183118 #1183168 #1185924 #1185925 #1185926 Cross-References: CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 CVSS scores: CVE-2021-32027 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-32028 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-32029 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for postgresql13 fixes the following issues: - Upgrade to version 13.3: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1785=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1785=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1785=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1785=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1785=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libecpg6-13.3-5.10.1 libecpg6-debuginfo-13.3-5.10.1 postgresql13-contrib-13.3-5.10.1 postgresql13-contrib-debuginfo-13.3-5.10.1 postgresql13-debuginfo-13.3-5.10.1 postgresql13-debugsource-13.3-5.10.1 postgresql13-devel-13.3-5.10.1 postgresql13-devel-debuginfo-13.3-5.10.1 postgresql13-plperl-13.3-5.10.1 postgresql13-plperl-debuginfo-13.3-5.10.1 postgresql13-plpython-13.3-5.10.1 postgresql13-plpython-debuginfo-13.3-5.10.1 postgresql13-pltcl-13.3-5.10.1 postgresql13-pltcl-debuginfo-13.3-5.10.1 postgresql13-server-13.3-5.10.1 postgresql13-server-debuginfo-13.3-5.10.1 postgresql13-server-devel-13.3-5.10.1 postgresql13-server-devel-debuginfo-13.3-5.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): postgresql13-docs-13.3-5.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libecpg6-13.3-5.10.1 libecpg6-debuginfo-13.3-5.10.1 postgresql13-contrib-13.3-5.10.1 postgresql13-contrib-debuginfo-13.3-5.10.1 postgresql13-debuginfo-13.3-5.10.1 postgresql13-debugsource-13.3-5.10.1 postgresql13-devel-13.3-5.10.1 postgresql13-devel-debuginfo-13.3-5.10.1 postgresql13-plperl-13.3-5.10.1 postgresql13-plperl-debuginfo-13.3-5.10.1 postgresql13-plpython-13.3-5.10.1 postgresql13-plpython-debuginfo-13.3-5.10.1 postgresql13-pltcl-13.3-5.10.1 postgresql13-pltcl-debuginfo-13.3-5.10.1 postgresql13-server-13.3-5.10.1 postgresql13-server-debuginfo-13.3-5.10.1 postgresql13-server-devel-13.3-5.10.1 postgresql13-server-devel-debuginfo-13.3-5.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql13-docs-13.3-5.10.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql13-test-13.3-5.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpq5-13.3-5.10.1 libpq5-debuginfo-13.3-5.10.1 postgresql13-13.3-5.10.1 postgresql13-debuginfo-13.3-5.10.1 postgresql13-debugsource-13.3-5.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpq5-13.3-5.10.1 libpq5-debuginfo-13.3-5.10.1 postgresql13-13.3-5.10.1 postgresql13-debuginfo-13.3-5.10.1 postgresql13-debugsource-13.3-5.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libpq5-32bit-13.3-5.10.1 libpq5-32bit-debuginfo-13.3-5.10.1 References: https://www.suse.com/security/cve/CVE-2021-32027.html https://www.suse.com/security/cve/CVE-2021-32028.html https://www.suse.com/security/cve/CVE-2021-32029.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1183118 https://bugzilla.suse.com/1183168 https://bugzilla.suse.com/1185924 https://bugzilla.suse.com/1185925 https://bugzilla.suse.com/1185926 From sle-updates at lists.suse.com Thu May 27 19:25:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:25:11 +0200 (CEST) Subject: SUSE-SU-2021:1783-1: moderate: Security update for postgresql12 Message-ID: <20210527192511.A3FB4FD07@maintenance.suse.de> SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1783-1 Rating: moderate References: #1179945 #1182040 #1183118 #1183168 #1185924 #1185925 #1185926 Cross-References: CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 CVE-2021-3393 CVSS scores: CVE-2021-32027 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-32028 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-32029 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3393 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3393 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for postgresql12 fixes the following issues: - Upgrade to version 12.7: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING "pg_psql_temporary_savepoint" does not exist (bsc#1185926). - CVE-2021-3393: Fixed information leakage in constraint-violation error messages (bsc#1182040). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1783=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1783=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-debugsource-12.7-3.15.3 postgresql12-devel-12.7-3.15.3 postgresql12-devel-debuginfo-12.7-3.15.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql12-server-devel-12.7-3.15.3 postgresql12-server-devel-debuginfo-12.7-3.15.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-12.7-3.15.3 postgresql12-contrib-12.7-3.15.3 postgresql12-contrib-debuginfo-12.7-3.15.3 postgresql12-debuginfo-12.7-3.15.3 postgresql12-debugsource-12.7-3.15.3 postgresql12-plperl-12.7-3.15.3 postgresql12-plperl-debuginfo-12.7-3.15.3 postgresql12-plpython-12.7-3.15.3 postgresql12-plpython-debuginfo-12.7-3.15.3 postgresql12-pltcl-12.7-3.15.3 postgresql12-pltcl-debuginfo-12.7-3.15.3 postgresql12-server-12.7-3.15.3 postgresql12-server-debuginfo-12.7-3.15.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql12-docs-12.7-3.15.3 References: https://www.suse.com/security/cve/CVE-2021-32027.html https://www.suse.com/security/cve/CVE-2021-32028.html https://www.suse.com/security/cve/CVE-2021-32029.html https://www.suse.com/security/cve/CVE-2021-3393.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1182040 https://bugzilla.suse.com/1183118 https://bugzilla.suse.com/1183168 https://bugzilla.suse.com/1185924 https://bugzilla.suse.com/1185925 https://bugzilla.suse.com/1185926 From sle-updates at lists.suse.com Thu May 27 19:26:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:26:46 +0200 (CEST) Subject: SUSE-SU-2021:1790-1: important: Security update for slurm_20_11 Message-ID: <20210527192646.BCBBDFD07@maintenance.suse.de> SUSE Security Update: Security update for slurm_20_11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1790-1 Rating: important References: #1186024 Cross-References: CVE-2021-31215 CVSS scores: CVE-2021-31215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31215 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm_20_11 fixes the following issues: - Udpate to 20.02.7: - CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling (bsc#1186024) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1790=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1790=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libnss_slurm2_20_02-20.02.7-3.19.1 libnss_slurm2_20_02-debuginfo-20.02.7-3.19.1 libpmi0_20_02-20.02.7-3.19.1 libpmi0_20_02-debuginfo-20.02.7-3.19.1 libslurm35-20.02.7-3.19.1 libslurm35-debuginfo-20.02.7-3.19.1 perl-slurm_20_02-20.02.7-3.19.1 perl-slurm_20_02-debuginfo-20.02.7-3.19.1 slurm_20_02-20.02.7-3.19.1 slurm_20_02-auth-none-20.02.7-3.19.1 slurm_20_02-auth-none-debuginfo-20.02.7-3.19.1 slurm_20_02-config-20.02.7-3.19.1 slurm_20_02-config-man-20.02.7-3.19.1 slurm_20_02-debuginfo-20.02.7-3.19.1 slurm_20_02-debugsource-20.02.7-3.19.1 slurm_20_02-devel-20.02.7-3.19.1 slurm_20_02-doc-20.02.7-3.19.1 slurm_20_02-lua-20.02.7-3.19.1 slurm_20_02-lua-debuginfo-20.02.7-3.19.1 slurm_20_02-munge-20.02.7-3.19.1 slurm_20_02-munge-debuginfo-20.02.7-3.19.1 slurm_20_02-node-20.02.7-3.19.1 slurm_20_02-node-debuginfo-20.02.7-3.19.1 slurm_20_02-pam_slurm-20.02.7-3.19.1 slurm_20_02-pam_slurm-debuginfo-20.02.7-3.19.1 slurm_20_02-plugins-20.02.7-3.19.1 slurm_20_02-plugins-debuginfo-20.02.7-3.19.1 slurm_20_02-slurmdbd-20.02.7-3.19.1 slurm_20_02-slurmdbd-debuginfo-20.02.7-3.19.1 slurm_20_02-sql-20.02.7-3.19.1 slurm_20_02-sql-debuginfo-20.02.7-3.19.1 slurm_20_02-sview-20.02.7-3.19.1 slurm_20_02-sview-debuginfo-20.02.7-3.19.1 slurm_20_02-torque-20.02.7-3.19.1 slurm_20_02-torque-debuginfo-20.02.7-3.19.1 slurm_20_02-webdoc-20.02.7-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libnss_slurm2_20_02-20.02.7-3.19.1 libnss_slurm2_20_02-debuginfo-20.02.7-3.19.1 libpmi0_20_02-20.02.7-3.19.1 libpmi0_20_02-debuginfo-20.02.7-3.19.1 libslurm35-20.02.7-3.19.1 libslurm35-debuginfo-20.02.7-3.19.1 perl-slurm_20_02-20.02.7-3.19.1 perl-slurm_20_02-debuginfo-20.02.7-3.19.1 slurm_20_02-20.02.7-3.19.1 slurm_20_02-auth-none-20.02.7-3.19.1 slurm_20_02-auth-none-debuginfo-20.02.7-3.19.1 slurm_20_02-config-20.02.7-3.19.1 slurm_20_02-config-man-20.02.7-3.19.1 slurm_20_02-debuginfo-20.02.7-3.19.1 slurm_20_02-debugsource-20.02.7-3.19.1 slurm_20_02-devel-20.02.7-3.19.1 slurm_20_02-doc-20.02.7-3.19.1 slurm_20_02-lua-20.02.7-3.19.1 slurm_20_02-lua-debuginfo-20.02.7-3.19.1 slurm_20_02-munge-20.02.7-3.19.1 slurm_20_02-munge-debuginfo-20.02.7-3.19.1 slurm_20_02-node-20.02.7-3.19.1 slurm_20_02-node-debuginfo-20.02.7-3.19.1 slurm_20_02-pam_slurm-20.02.7-3.19.1 slurm_20_02-pam_slurm-debuginfo-20.02.7-3.19.1 slurm_20_02-plugins-20.02.7-3.19.1 slurm_20_02-plugins-debuginfo-20.02.7-3.19.1 slurm_20_02-slurmdbd-20.02.7-3.19.1 slurm_20_02-slurmdbd-debuginfo-20.02.7-3.19.1 slurm_20_02-sql-20.02.7-3.19.1 slurm_20_02-sql-debuginfo-20.02.7-3.19.1 slurm_20_02-sview-20.02.7-3.19.1 slurm_20_02-sview-debuginfo-20.02.7-3.19.1 slurm_20_02-torque-20.02.7-3.19.1 slurm_20_02-torque-debuginfo-20.02.7-3.19.1 slurm_20_02-webdoc-20.02.7-3.19.1 References: https://www.suse.com/security/cve/CVE-2021-31215.html https://bugzilla.suse.com/1186024 From sle-updates at lists.suse.com Thu May 27 19:27:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:27:50 +0200 (CEST) Subject: SUSE-SU-2021:1792-1: important: Security update for nginx Message-ID: <20210527192750.DCFDDFD07@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1792-1 Rating: important References: #1186126 Cross-References: CVE-2021-23017 CVSS scores: CVE-2021-23017 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write (bsc#1186126) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1792=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1792=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1792=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1792=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nginx-1.16.1-3.15.1 nginx-debuginfo-1.16.1-3.15.1 nginx-debugsource-1.16.1-3.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nginx-1.16.1-3.15.1 nginx-debuginfo-1.16.1-3.15.1 nginx-debugsource-1.16.1-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nginx-1.16.1-3.15.1 nginx-debuginfo-1.16.1-3.15.1 nginx-debugsource-1.16.1-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nginx-1.16.1-3.15.1 nginx-debuginfo-1.16.1-3.15.1 nginx-debugsource-1.16.1-3.15.1 References: https://www.suse.com/security/cve/CVE-2021-23017.html https://bugzilla.suse.com/1186126 From sle-updates at lists.suse.com Thu May 27 19:28:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:28:56 +0200 (CEST) Subject: SUSE-SU-2021:1786-1: moderate: Security update for curl Message-ID: <20210527192856.A6B4EFD07@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1786-1 Rating: moderate References: #1175109 #1177976 #1179398 #1179399 #1179593 #1183933 #1186114 Cross-References: CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22898 CVSS scores: CVE-2020-8231 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-8231 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-8284 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-8284 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2020-8285 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-8285 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-8286 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-8286 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-22876 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-22876 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-22898 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for curl fixes the following issues: - CVE-2021-22898: TELNET stack contents disclosure (bsc#1186114) - CVE-2021-22876: The automatic referer leaks credentials (bsc#1183933) - CVE-2020-8286: Inferior OCSP verification (bsc#1179593) - CVE-2020-8285: FTP wildcard stack overflow (bsc#1179399) - CVE-2020-8284: Trusting FTP PASV responses (bsc#1179398) - CVE-2020-8231: libcurl will pick and use the wrong connection with multiple requests with libcurl's multi API and the 'CURLOPT_CONNECT_ONLY' option (bsc#1175109) - Fix: SFTP uploads result in empty uploaded files (bsc#1177976) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1786=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1786=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1786=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1786=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): curl-7.60.0-4.20.1 curl-debuginfo-7.60.0-4.20.1 curl-debugsource-7.60.0-4.20.1 libcurl4-32bit-7.60.0-4.20.1 libcurl4-7.60.0-4.20.1 libcurl4-debuginfo-32bit-7.60.0-4.20.1 libcurl4-debuginfo-7.60.0-4.20.1 - SUSE OpenStack Cloud 9 (x86_64): curl-7.60.0-4.20.1 curl-debuginfo-7.60.0-4.20.1 curl-debugsource-7.60.0-4.20.1 libcurl4-32bit-7.60.0-4.20.1 libcurl4-7.60.0-4.20.1 libcurl4-debuginfo-32bit-7.60.0-4.20.1 libcurl4-debuginfo-7.60.0-4.20.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): curl-7.60.0-4.20.1 curl-debuginfo-7.60.0-4.20.1 curl-debugsource-7.60.0-4.20.1 libcurl4-7.60.0-4.20.1 libcurl4-debuginfo-7.60.0-4.20.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libcurl4-32bit-7.60.0-4.20.1 libcurl4-debuginfo-32bit-7.60.0-4.20.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): curl-7.60.0-4.20.1 curl-debuginfo-7.60.0-4.20.1 curl-debugsource-7.60.0-4.20.1 libcurl4-7.60.0-4.20.1 libcurl4-debuginfo-7.60.0-4.20.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libcurl4-32bit-7.60.0-4.20.1 libcurl4-debuginfo-32bit-7.60.0-4.20.1 References: https://www.suse.com/security/cve/CVE-2020-8231.html https://www.suse.com/security/cve/CVE-2020-8284.html https://www.suse.com/security/cve/CVE-2020-8285.html https://www.suse.com/security/cve/CVE-2020-8286.html https://www.suse.com/security/cve/CVE-2021-22876.html https://www.suse.com/security/cve/CVE-2021-22898.html https://bugzilla.suse.com/1175109 https://bugzilla.suse.com/1177976 https://bugzilla.suse.com/1179398 https://bugzilla.suse.com/1179399 https://bugzilla.suse.com/1179593 https://bugzilla.suse.com/1183933 https://bugzilla.suse.com/1186114 From sle-updates at lists.suse.com Thu May 27 19:30:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 May 2021 21:30:31 +0200 (CEST) Subject: SUSE-SU-2021:1788-1: important: Security update for slurm_18_08 Message-ID: <20210527193031.5D7DFFD07@maintenance.suse.de> SUSE Security Update: Security update for slurm_18_08 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1788-1 Rating: important References: #1186024 Cross-References: CVE-2021-31215 CVSS scores: CVE-2021-31215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31215 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm_18_08 fixes the following issues: - CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling (bsc#1186024) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2021-1788=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpmi0_18_08-18.08.9-3.14.1 libpmi0_18_08-debuginfo-18.08.9-3.14.1 libslurm33-18.08.9-3.14.1 libslurm33-debuginfo-18.08.9-3.14.1 perl-slurm_18_08-18.08.9-3.14.1 perl-slurm_18_08-debuginfo-18.08.9-3.14.1 slurm_18_08-18.08.9-3.14.1 slurm_18_08-auth-none-18.08.9-3.14.1 slurm_18_08-auth-none-debuginfo-18.08.9-3.14.1 slurm_18_08-config-18.08.9-3.14.1 slurm_18_08-debuginfo-18.08.9-3.14.1 slurm_18_08-debugsource-18.08.9-3.14.1 slurm_18_08-devel-18.08.9-3.14.1 slurm_18_08-doc-18.08.9-3.14.1 slurm_18_08-lua-18.08.9-3.14.1 slurm_18_08-lua-debuginfo-18.08.9-3.14.1 slurm_18_08-munge-18.08.9-3.14.1 slurm_18_08-munge-debuginfo-18.08.9-3.14.1 slurm_18_08-node-18.08.9-3.14.1 slurm_18_08-node-debuginfo-18.08.9-3.14.1 slurm_18_08-pam_slurm-18.08.9-3.14.1 slurm_18_08-pam_slurm-debuginfo-18.08.9-3.14.1 slurm_18_08-plugins-18.08.9-3.14.1 slurm_18_08-plugins-debuginfo-18.08.9-3.14.1 slurm_18_08-slurmdbd-18.08.9-3.14.1 slurm_18_08-slurmdbd-debuginfo-18.08.9-3.14.1 slurm_18_08-sql-18.08.9-3.14.1 slurm_18_08-sql-debuginfo-18.08.9-3.14.1 slurm_18_08-torque-18.08.9-3.14.1 slurm_18_08-torque-debuginfo-18.08.9-3.14.1 References: https://www.suse.com/security/cve/CVE-2021-31215.html https://bugzilla.suse.com/1186024 From sle-updates at lists.suse.com Thu May 27 22:17:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 00:17:05 +0200 (CEST) Subject: SUSE-RU-2021:1795-1: moderate: Recommended update for yast2-migration Message-ID: <20210527221705.0FE97FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-migration ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1795-1 Rating: moderate References: #1185808 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-migration fixes the following issues: - Show the new base product license in online migration. (bsc#1185808) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1795=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1795=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-migration-4.2.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-migration-4.2.5-3.3.1 References: https://bugzilla.suse.com/1185808 From sle-updates at lists.suse.com Thu May 27 22:18:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 00:18:11 +0200 (CEST) Subject: SUSE-RU-2021:1794-1: moderate: Recommended update for radvd Message-ID: <20210527221811.EDE00FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for radvd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1794-1 Rating: moderate References: #1185066 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for radvd fixes the following issues: - replace '/var/run' with '/run' in '/usr/lib/tmpfiles.d/radvd.conf' (bsc#1185066) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1794=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1794=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1794=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): radvd-2.17-5.5.1 radvd-debuginfo-2.17-5.5.1 radvd-debugsource-2.17-5.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): radvd-2.17-5.5.1 radvd-debuginfo-2.17-5.5.1 radvd-debugsource-2.17-5.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): radvd-2.17-5.5.1 radvd-debuginfo-2.17-5.5.1 radvd-debugsource-2.17-5.5.1 References: https://bugzilla.suse.com/1185066 From sle-updates at lists.suse.com Fri May 28 06:12:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 08:12:42 +0200 (CEST) Subject: SUSE-CU-2021:219-1: Security update of suse/sles12sp4 Message-ID: <20210528061242.AA70EB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:219-1 Container Tags : suse/sles12sp4:26.298 , suse/sles12sp4:latest Container Release : 26.298 Severity : moderate Type : security References : 1175109 1177976 1179398 1179399 1179593 1183933 1186114 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22898 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1786-1 Released: Thu May 27 16:45:41 2021 Summary: Security update for curl Type: security Severity: moderate References: 1175109,1177976,1179398,1179399,1179593,1183933,1186114,CVE-2020-8231,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286,CVE-2021-22876,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: TELNET stack contents disclosure (bsc#1186114) - CVE-2021-22876: The automatic referer leaks credentials (bsc#1183933) - CVE-2020-8286: Inferior OCSP verification (bsc#1179593) - CVE-2020-8285: FTP wildcard stack overflow (bsc#1179399) - CVE-2020-8284: Trusting FTP PASV responses (bsc#1179398) - CVE-2020-8231: libcurl will pick and use the wrong connection with multiple requests with libcurl's multi API and the 'CURLOPT_CONNECT_ONLY' option (bsc#1175109) - Fix: SFTP uploads result in empty uploaded files (bsc#1177976) From sle-updates at lists.suse.com Fri May 28 06:15:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 08:15:39 +0200 (CEST) Subject: SUSE-CU-2021:218-1: Security update of caasp/v4.5/velero Message-ID: <20210528061539.8681CB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/velero ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:218-1 Container Tags : caasp/v4.5/velero:1.4.2 , caasp/v4.5/velero:1.4.2-rev3 , caasp/v4.5/velero:1.4.2-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/velero was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Fri May 28 06:16:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 08:16:05 +0200 (CEST) Subject: SUSE-CU-2021:220-1: Security update of caasp/v4.5/velero-plugin-for-aws Message-ID: <20210528061605.9B83FB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/velero-plugin-for-aws ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:220-1 Container Tags : caasp/v4.5/velero-plugin-for-aws:1.1.0 , caasp/v4.5/velero-plugin-for-aws:1.1.0-rev3 , caasp/v4.5/velero-plugin-for-aws:1.1.0-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/velero-plugin-for-aws was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Fri May 28 06:16:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 08:16:30 +0200 (CEST) Subject: SUSE-CU-2021:221-1: Security update of caasp/v4.5/velero-plugin-for-gcp Message-ID: <20210528061630.A801BB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/velero-plugin-for-gcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:221-1 Container Tags : caasp/v4.5/velero-plugin-for-gcp:1.1.0 , caasp/v4.5/velero-plugin-for-gcp:1.1.0-rev3 , caasp/v4.5/velero-plugin-for-gcp:1.1.0-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/velero-plugin-for-gcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Fri May 28 06:16:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 08:16:56 +0200 (CEST) Subject: SUSE-CU-2021:222-1: Security update of caasp/v4.5/velero-plugin-for-microsoft-azure Message-ID: <20210528061656.7BA1EB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/velero-plugin-for-microsoft-azure ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:222-1 Container Tags : caasp/v4.5/velero-plugin-for-microsoft-azure:1.1.0 , caasp/v4.5/velero-plugin-for-microsoft-azure:1.1.0-rev3 , caasp/v4.5/velero-plugin-for-microsoft-azure:1.1.0-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/velero-plugin-for-microsoft-azure was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Fri May 28 06:17:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 08:17:21 +0200 (CEST) Subject: SUSE-CU-2021:223-1: Security update of caasp/v4.5/velero-restic-restore-helper Message-ID: <20210528061721.75BDBB46DB5@westernhagen.suse.de> SUSE Container Update Advisory: caasp/v4.5/velero-restic-restore-helper ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:223-1 Container Tags : caasp/v4.5/velero-restic-restore-helper:1.4.2 , caasp/v4.5/velero-restic-restore-helper:1.4.2-rev3 , caasp/v4.5/velero-restic-restore-helper:1.4.2-rev3-build5.8.1 Container Release : 5.8.1 Severity : important Type : security References : 1050625 1078466 1084671 1141597 1146705 1161276 1169006 1171883 1172695 1173582 1174016 1174436 1174942 1175458 1175514 1175519 1175623 1176201 1177238 1177275 1177427 1177490 1177583 1178219 1178346 1178386 1178554 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179415 1179503 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180596 1180603 1180603 1180663 1180721 1180836 1180851 1180885 1181011 1181328 1181443 1181505 1181622 1181831 1181874 1181976 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1182791 1182899 1182936 1182959 1183064 1183094 1183370 1183371 1183456 1183457 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184358 1184401 1184435 1184614 1184690 1184997 1185163 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 CVE-2017-9271 CVE-2019-25013 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 ----------------------------------------------------------------- The container caasp/v4.5/velero-restic-restore-helper was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). From sle-updates at lists.suse.com Fri May 28 13:16:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 15:16:18 +0200 (CEST) Subject: SUSE-RU-2021:1796-1: moderate: Recommended update for gcc10 Message-ID: <20210528131618.E7955FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc10 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1796-1 Rating: moderate References: #1029961 #1106014 #1178577 #1178624 #1178675 #1182016 #1185337 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Module for Toolchain 12 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) - Fixed build failure in SLE-12 due to bogus 'rpmlint'. (bsc#1185337) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1796=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1796=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1796=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1796=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1796=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1796=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1796=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1796=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1796=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1796=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1796=1 - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2021-1796=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1796=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 - SUSE OpenStack Cloud 9 (x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 - SUSE OpenStack Cloud 8 (x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP5 (ppc64le x86_64): libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP5 (s390x): libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le x86_64): liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le x86_64): libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le x86_64): liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Module for Toolchain 12 (aarch64 ppc64le s390x x86_64): cpp10-10.3.0+git1587-1.6.2 cpp10-debuginfo-10.3.0+git1587-1.6.2 gcc10-10.3.0+git1587-1.6.2 gcc10-c++-10.3.0+git1587-1.6.2 gcc10-c++-debuginfo-10.3.0+git1587-1.6.2 gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 gcc10-fortran-10.3.0+git1587-1.6.2 gcc10-fortran-debuginfo-10.3.0+git1587-1.6.2 gcc10-go-10.3.0+git1587-1.6.2 gcc10-go-debuginfo-10.3.0+git1587-1.6.2 gcc10-locale-10.3.0+git1587-1.6.2 gcc10-obj-c++-10.3.0+git1587-1.6.2 gcc10-obj-c++-debuginfo-10.3.0+git1587-1.6.2 gcc10-objc-10.3.0+git1587-1.6.2 gcc10-objc-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-devel-gcc10-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Module for Toolchain 12 (s390x x86_64): gcc10-32bit-10.3.0+git1587-1.6.2 gcc10-c++-32bit-10.3.0+git1587-1.6.2 gcc10-fortran-32bit-10.3.0+git1587-1.6.2 gcc10-go-32bit-10.3.0+git1587-1.6.2 gcc10-obj-c++-32bit-10.3.0+git1587-1.6.2 gcc10-objc-32bit-10.3.0+git1587-1.6.2 libstdc++6-devel-gcc10-32bit-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 - SUSE Linux Enterprise Module for Toolchain 12 (x86_64): cross-nvptx-gcc10-10.3.0+git1587-1.6.1 cross-nvptx-newlib10-devel-10.3.0+git1587-1.6.1 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): gcc10-info-10.3.0+git1587-1.6.2 - HPE Helion Openstack 8 (x86_64): gcc10-debuginfo-10.3.0+git1587-1.6.2 gcc10-debugsource-10.3.0+git1587-1.6.2 libasan6-10.3.0+git1587-1.6.2 libasan6-32bit-10.3.0+git1587-1.6.2 libasan6-32bit-debuginfo-10.3.0+git1587-1.6.2 libasan6-debuginfo-10.3.0+git1587-1.6.2 libatomic1-10.3.0+git1587-1.6.2 libatomic1-32bit-10.3.0+git1587-1.6.2 libatomic1-32bit-debuginfo-10.3.0+git1587-1.6.2 libatomic1-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-10.3.0+git1587-1.6.2 libgcc_s1-32bit-10.3.0+git1587-1.6.2 libgcc_s1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgcc_s1-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-10.3.0+git1587-1.6.2 libgfortran5-32bit-10.3.0+git1587-1.6.2 libgfortran5-32bit-debuginfo-10.3.0+git1587-1.6.2 libgfortran5-debuginfo-10.3.0+git1587-1.6.2 libgo16-10.3.0+git1587-1.6.2 libgo16-32bit-10.3.0+git1587-1.6.2 libgo16-32bit-debuginfo-10.3.0+git1587-1.6.2 libgo16-debuginfo-10.3.0+git1587-1.6.2 libgomp1-10.3.0+git1587-1.6.2 libgomp1-32bit-10.3.0+git1587-1.6.2 libgomp1-32bit-debuginfo-10.3.0+git1587-1.6.2 libgomp1-debuginfo-10.3.0+git1587-1.6.2 libitm1-10.3.0+git1587-1.6.2 libitm1-32bit-10.3.0+git1587-1.6.2 libitm1-32bit-debuginfo-10.3.0+git1587-1.6.2 libitm1-debuginfo-10.3.0+git1587-1.6.2 liblsan0-10.3.0+git1587-1.6.2 liblsan0-debuginfo-10.3.0+git1587-1.6.2 libobjc4-10.3.0+git1587-1.6.2 libobjc4-32bit-10.3.0+git1587-1.6.2 libobjc4-32bit-debuginfo-10.3.0+git1587-1.6.2 libobjc4-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-10.3.0+git1587-1.6.2 libquadmath0-32bit-10.3.0+git1587-1.6.2 libquadmath0-32bit-debuginfo-10.3.0+git1587-1.6.2 libquadmath0-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-10.3.0+git1587-1.6.2 libstdc++6-32bit-10.3.0+git1587-1.6.2 libstdc++6-32bit-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-debuginfo-10.3.0+git1587-1.6.2 libstdc++6-locale-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-10.3.0+git1587-1.6.2 libstdc++6-pp-gcc10-32bit-10.3.0+git1587-1.6.2 libtsan0-10.3.0+git1587-1.6.2 libtsan0-debuginfo-10.3.0+git1587-1.6.2 libubsan1-10.3.0+git1587-1.6.2 libubsan1-32bit-10.3.0+git1587-1.6.2 libubsan1-32bit-debuginfo-10.3.0+git1587-1.6.2 libubsan1-debuginfo-10.3.0+git1587-1.6.2 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1106014 https://bugzilla.suse.com/1178577 https://bugzilla.suse.com/1178624 https://bugzilla.suse.com/1178675 https://bugzilla.suse.com/1182016 https://bugzilla.suse.com/1185337 From sle-updates at lists.suse.com Fri May 28 16:15:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 18:15:58 +0200 (CEST) Subject: SUSE-RU-2021:1797-1: moderate: Recommended update for python-aliyun-img-utils, python-click-man, python-crcmod, python-oss2 Message-ID: <20210528161558.3E04CFD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-aliyun-img-utils, python-click-man, python-crcmod, python-oss2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1797-1 Rating: moderate References: #1181995 ECO-3329 PM-2475 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for python-aliyun-img-utils, python-click-man, python-crcmod, python-oss2 fixes the following issues: - Include in SLE-15 (bsc#1181995, jsc#ECO-3329, jsc#PM-2475) - Cleanup spec file - Use fdupes - Do not bundle html doc - singlespec auto-conversion - Include in SLE 12 (FATE #316168) - No need to use upstream tarball, download PyPI tarball instead - Switch to github archive as the tests are not present on pypi version. - Initial build Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-1797=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1797=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): python3-aliyun-img-utils-1.1.0-5.4.2 python3-crcmod-1.7-5.3.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python3-click-man-0.4.1-5.3.2 python3-oss2-2.14.0-5.3.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): python3-aliyun-img-utils-1.1.0-5.4.2 python3-crcmod-1.7-5.3.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-click-man-0.4.1-5.3.2 python3-oss2-2.14.0-5.3.2 References: https://bugzilla.suse.com/1181995 From sle-updates at lists.suse.com Fri May 28 19:17:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 21:17:33 +0200 (CEST) Subject: SUSE-RU-2021:1799-1: moderate: Recommended update for branding-SLE Message-ID: <20210528191733.AF847FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1799-1 Rating: moderate References: #1183594 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for branding-SLE fixes the following issue: - Replace the `initrd` update with generic macros to fix an issue after kernel updates. (bsc#1183594) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1799=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1799=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): gdm-branding-SLE-15-33.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): branding-SLE-15-33.3.1 grub2-branding-SLE-15-33.3.1 plymouth-branding-SLE-15-33.3.1 wallpaper-branding-SLE-15-33.3.1 References: https://bugzilla.suse.com/1183594 From sle-updates at lists.suse.com Fri May 28 19:18:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 21:18:42 +0200 (CEST) Subject: SUSE-RU-2021:1798-1: moderate: Recommended update for ipmitool Message-ID: <20210528191842.49382FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmitool ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1798-1 Rating: moderate References: #1179133 #1185162 #1185684 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ipmitool fixes the following issues: - Deprecated the use of /var/run. Moved to /run now (bsc#1185162) - Fixed a delay when trying to identify the appropriate cipher suite (bsc#1179133) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1798=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1798=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1798=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1798=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): ipmitool-bmc-snmp-proxy-1.8.18+git20200204.7ccea28-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): ipmitool-bmc-snmp-proxy-1.8.18+git20200204.7ccea28-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ipmitool-1.8.18+git20200204.7ccea28-3.3.1 ipmitool-debuginfo-1.8.18+git20200204.7ccea28-3.3.1 ipmitool-debugsource-1.8.18+git20200204.7ccea28-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ipmitool-1.8.18+git20200204.7ccea28-3.3.1 ipmitool-debuginfo-1.8.18+git20200204.7ccea28-3.3.1 ipmitool-debugsource-1.8.18+git20200204.7ccea28-3.3.1 References: https://bugzilla.suse.com/1179133 https://bugzilla.suse.com/1185162 https://bugzilla.suse.com/1185684 From sle-updates at lists.suse.com Fri May 28 19:21:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 May 2021 21:21:12 +0200 (CEST) Subject: SUSE-RU-2021:1800-1: moderate: Recommended update for mdadm Message-ID: <20210528192112.7C899FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1800-1 Rating: moderate References: #1175758 #1181619 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - Fixed an issue when md device broke while adding another disk (bsc#1181619) - imsm: Addded nvme multipath support (bsc#1175758) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1800=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): mdadm-4.1-24.3.1 mdadm-debuginfo-4.1-24.3.1 mdadm-debugsource-4.1-24.3.1 References: https://bugzilla.suse.com/1175758 https://bugzilla.suse.com/1181619 From sle-updates at lists.suse.com Sat May 29 06:10:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 May 2021 08:10:59 +0200 (CEST) Subject: SUSE-CU-2021:224-1: Recommended update of suse/sles12sp3 Message-ID: <20210529061059.E8CB8B460D3@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:224-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.261 , suse/sles12sp3:latest Container Release : 24.261 Severity : moderate Type : recommended References : 1029961 1106014 1178577 1178624 1178675 1182016 1185337 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1796-1 Released: Fri May 28 09:40:02 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016,1185337 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) - Fixed build failure in SLE-12 due to bogus 'rpmlint'. (bsc#1185337) From sle-updates at lists.suse.com Sat May 29 06:22:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 May 2021 08:22:54 +0200 (CEST) Subject: SUSE-CU-2021:225-1: Recommended update of suse/sles12sp4 Message-ID: <20210529062254.4D419B460D3@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:225-1 Container Tags : suse/sles12sp4:26.299 , suse/sles12sp4:latest Container Release : 26.299 Severity : moderate Type : recommended References : 1029961 1106014 1178577 1178624 1178675 1182016 1185337 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1796-1 Released: Fri May 28 09:40:02 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016,1185337 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) - Fixed build failure in SLE-12 due to bogus 'rpmlint'. (bsc#1185337) From sle-updates at lists.suse.com Sat May 29 06:31:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 May 2021 08:31:51 +0200 (CEST) Subject: SUSE-CU-2021:226-1: Recommended update of suse/sles12sp5 Message-ID: <20210529063151.0A630B460D3@westernhagen.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:226-1 Container Tags : suse/sles12sp5:6.5.184 , suse/sles12sp5:latest Container Release : 6.5.184 Severity : moderate Type : recommended References : 1029961 1106014 1178577 1178624 1178675 1182016 1185337 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1796-1 Released: Fri May 28 09:40:02 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016,1185337 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) - Fixed build failure in SLE-12 due to bogus 'rpmlint'. (bsc#1185337) From sle-updates at lists.suse.com Mon May 31 10:16:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 12:16:12 +0200 (CEST) Subject: SUSE-RU-2021:1801-1: moderate: Recommended update for openssh Message-ID: <20210531101612.6B669FD14@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1801-1 Rating: moderate References: #1115550 #1174162 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openssh fixes the following issues: - Fixed a race condition leading to a sshd termination of multichannel sessions with non-root users (bsc#1115550, bsc#1174162). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1801=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1801=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1801=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1801=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): openssh-8.1p1-5.15.1 openssh-debuginfo-8.1p1-5.15.1 openssh-debugsource-8.1p1-5.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-8.1p1-5.15.1 openssh-debugsource-8.1p1-5.15.1 openssh-fips-8.1p1-5.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-8.1p1-5.15.1 openssh-askpass-gnome-debuginfo-8.1p1-5.15.1 openssh-askpass-gnome-debugsource-8.1p1-5.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): openssh-8.1p1-5.15.1 openssh-debuginfo-8.1p1-5.15.1 openssh-debugsource-8.1p1-5.15.1 openssh-helpers-8.1p1-5.15.1 openssh-helpers-debuginfo-8.1p1-5.15.1 References: https://bugzilla.suse.com/1115550 https://bugzilla.suse.com/1174162 From sle-updates at lists.suse.com Mon May 31 13:16:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 15:16:15 +0200 (CEST) Subject: SUSE-RU-2021:1803-1: important: Recommended update for pacemaker Message-ID: <20210531131615.1C8EFFD14@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1803-1 Rating: important References: #1173668 #1174696 #1177212 #1178865 #1180618 #1181265 #1181744 #1182607 #1184557 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - controller: re-joined node gets the host names of non-DC nodes (bsc#1180618) - iso8601: prevent sec overrun before adding up as long long - fencer: optimize merging of fencing history by removing unneeded entries on creation of history diff (bsc#1181744) - fencing: new function stonith_op_state_pending() for checking if a fencing operation is in pending state (bsc#1181744) - fencer: update outdated pending operations according to returned ones from remote peer history (bsc#1181744) - fencer: broadcast returned fencing operations to update outdated pending ones in remote peer history (bsc#1181744) - execd: Skips merging of canceled fencing monitors. - fencing: remove any devices that are not installed - liblrmd: Limit node name addition to proxied attrd update commands - attrd: prevent leftover attributes of shutdown node in cib (bsc#1173668) - Pacemaker Explained: improve the documentation of `stonith-watchdog-timeout` cluster option (bsc#1174696, bsc#1184557) - scheduler: improve the documentation of `have-watchdog` cluster option (bsc#1174696, bsc#1184557) - libpe_status: downgrade the message about the meaning of `have-watchdog=true` to info (bsc#1174696, bsc#1184557) - crmadmin: printing DC quietly if needed (bsc#1178865, bsc#1181265) - scheduler: update migrate-fail-9 test for migration code change (bsc#1177212, bsc#1182607) - scheduler: don't schedule a dangling migration stop if one already occurred (bsc#1177212, bsc#1182607) - fenced: Remove relayed stonith operation. (bsc#1181744) - scheduler: properly detect dangling migrations (bsc#1177212) - scheduler: only successful ops count for migration comparisons (bsc#1177212) - libpe_status: check for stops correctly when unpacking migration (bsc#1177212) - st_client: cleanup token whenever setting api to disconnected (bsc#1181744) - fence-history: resync fence-history after stonithd crash (bsc#1181744) - crmd: add notice-log for successful fencer-connect (bsc#1181744) - crmd: remove-stonith-notifications upon connection-destroy (bsc#1181744) - fence-history: add notification upon history-synced (bsc#1181744) - st_client: make safe to remove notifications from notifications (bsc#1181744) - fence-history: fail leftover pending-actions after stonithd-restart (bsc#1181744) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1803=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpacemaker3-1.1.19+20181105.ccd6b5b10-3.25.1 libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.25.1 pacemaker-1.1.19+20181105.ccd6b5b10-3.25.1 pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.25.1 pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.25.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.25.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.25.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.25.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.25.1 pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.25.1 pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.25.1 References: https://bugzilla.suse.com/1173668 https://bugzilla.suse.com/1174696 https://bugzilla.suse.com/1177212 https://bugzilla.suse.com/1178865 https://bugzilla.suse.com/1180618 https://bugzilla.suse.com/1181265 https://bugzilla.suse.com/1181744 https://bugzilla.suse.com/1182607 https://bugzilla.suse.com/1184557 From sle-updates at lists.suse.com Mon May 31 19:16:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:16:12 +0200 (CEST) Subject: SUSE-SU-2021:1809-1: moderate: Security update for curl Message-ID: <20210531191612.3B84BFD07@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1809-1 Rating: moderate References: #1177976 #1183933 #1186114 SLE-13843 Cross-References: CVE-2021-22876 CVE-2021-22898 CVSS scores: CVE-2021-22876 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-22876 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-22898 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities, contains one feature and has one errata is now available. Description: This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933). - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Fix for SFTP uploads when it results in empty uploaded files (bsc#1177976). - Allow partial chain verification (jsc#SLE-17956). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1809=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1809=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1809=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1809=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1809=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1809=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1809=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1809=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1809=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1809=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1809=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1809=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1809=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Manager Server 4.0 (x86_64): libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Manager Proxy 4.0 (x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 - SUSE Enterprise Storage 6 (x86_64): libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 - SUSE CaaS Platform 4.0 (x86_64): curl-7.60.0-3.42.1 curl-debuginfo-7.60.0-3.42.1 curl-debugsource-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl4-32bit-7.60.0-3.42.1 libcurl4-32bit-debuginfo-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 libcurl4-debuginfo-7.60.0-3.42.1 References: https://www.suse.com/security/cve/CVE-2021-22876.html https://www.suse.com/security/cve/CVE-2021-22898.html https://bugzilla.suse.com/1177976 https://bugzilla.suse.com/1183933 https://bugzilla.suse.com/1186114 From sle-updates at lists.suse.com Mon May 31 19:17:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:17:34 +0200 (CEST) Subject: SUSE-SU-2021:1813-1: important: Security update for djvulibre Message-ID: <20210531191734.02B55FD07@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1813-1 Rating: important References: #1186253 Cross-References: CVE-2021-3500 CVSS scores: CVE-2021-3500 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1813=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1813=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1813=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1813=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1813=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1813=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1813=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1813=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1813=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1813=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1813=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1813=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1813=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 - SUSE OpenStack Cloud 9 (x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 - SUSE OpenStack Cloud 8 (x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre-devel-3.5.25.3-5.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 - HPE Helion Openstack 8 (x86_64): djvulibre-debuginfo-3.5.25.3-5.12.1 djvulibre-debugsource-3.5.25.3-5.12.1 libdjvulibre21-3.5.25.3-5.12.1 libdjvulibre21-debuginfo-3.5.25.3-5.12.1 References: https://www.suse.com/security/cve/CVE-2021-3500.html https://bugzilla.suse.com/1186253 From sle-updates at lists.suse.com Mon May 31 19:19:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:19:44 +0200 (CEST) Subject: SUSE-SU-2021:1815-1: important: Security update for nginx Message-ID: <20210531191944.AF9C4FD07@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1815-1 Rating: important References: #1186126 Cross-References: CVE-2021-23017 CVSS scores: CVE-2021-23017 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write (bsc#1186126) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1815=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): nginx-1.19.8-3.3.1 nginx-debuginfo-1.19.8-3.3.1 nginx-debugsource-1.19.8-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): nginx-source-1.19.8-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-23017.html https://bugzilla.suse.com/1186126 From sle-updates at lists.suse.com Mon May 31 19:20:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:20:48 +0200 (CEST) Subject: SUSE-SU-2021:14738-1: important: Security update for djvulibre Message-ID: <20210531192048.31497FD07@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14738-1 Rating: important References: #1186253 Cross-References: CVE-2021-3500 CVSS scores: CVE-2021-3500 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-djvulibre-14738=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-djvulibre-14738=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-djvulibre-14738=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-djvulibre-14738=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libdjvulibre21-3.5.21-3.12.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libdjvulibre21-3.5.21-3.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): djvulibre-debuginfo-3.5.21-3.12.1 djvulibre-debugsource-3.5.21-3.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): djvulibre-debuginfo-3.5.21-3.12.1 djvulibre-debugsource-3.5.21-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-3500.html https://bugzilla.suse.com/1186253 From sle-updates at lists.suse.com Mon May 31 19:21:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:21:51 +0200 (CEST) Subject: SUSE-SU-2021:1811-1: important: Security update for slurm Message-ID: <20210531192151.B88E8FD07@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1811-1 Rating: important References: #1186024 Cross-References: CVE-2021-31215 CVSS scores: CVE-2021-31215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31215 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm fixes the following issues: - CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling (bsc#1186024) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1811=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1811=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpmi0-18.08.9-3.19.1 libpmi0-debuginfo-18.08.9-3.19.1 libslurm33-18.08.9-3.19.1 libslurm33-debuginfo-18.08.9-3.19.1 perl-slurm-18.08.9-3.19.1 perl-slurm-debuginfo-18.08.9-3.19.1 slurm-18.08.9-3.19.1 slurm-auth-none-18.08.9-3.19.1 slurm-auth-none-debuginfo-18.08.9-3.19.1 slurm-config-18.08.9-3.19.1 slurm-config-man-18.08.9-3.19.1 slurm-debuginfo-18.08.9-3.19.1 slurm-debugsource-18.08.9-3.19.1 slurm-devel-18.08.9-3.19.1 slurm-doc-18.08.9-3.19.1 slurm-lua-18.08.9-3.19.1 slurm-lua-debuginfo-18.08.9-3.19.1 slurm-munge-18.08.9-3.19.1 slurm-munge-debuginfo-18.08.9-3.19.1 slurm-node-18.08.9-3.19.1 slurm-node-debuginfo-18.08.9-3.19.1 slurm-pam_slurm-18.08.9-3.19.1 slurm-pam_slurm-debuginfo-18.08.9-3.19.1 slurm-plugins-18.08.9-3.19.1 slurm-plugins-debuginfo-18.08.9-3.19.1 slurm-slurmdbd-18.08.9-3.19.1 slurm-slurmdbd-debuginfo-18.08.9-3.19.1 slurm-sql-18.08.9-3.19.1 slurm-sql-debuginfo-18.08.9-3.19.1 slurm-sview-18.08.9-3.19.1 slurm-sview-debuginfo-18.08.9-3.19.1 slurm-torque-18.08.9-3.19.1 slurm-torque-debuginfo-18.08.9-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpmi0-18.08.9-3.19.1 libpmi0-debuginfo-18.08.9-3.19.1 libslurm33-18.08.9-3.19.1 libslurm33-debuginfo-18.08.9-3.19.1 perl-slurm-18.08.9-3.19.1 perl-slurm-debuginfo-18.08.9-3.19.1 slurm-18.08.9-3.19.1 slurm-auth-none-18.08.9-3.19.1 slurm-auth-none-debuginfo-18.08.9-3.19.1 slurm-config-18.08.9-3.19.1 slurm-config-man-18.08.9-3.19.1 slurm-debuginfo-18.08.9-3.19.1 slurm-debugsource-18.08.9-3.19.1 slurm-devel-18.08.9-3.19.1 slurm-doc-18.08.9-3.19.1 slurm-lua-18.08.9-3.19.1 slurm-lua-debuginfo-18.08.9-3.19.1 slurm-munge-18.08.9-3.19.1 slurm-munge-debuginfo-18.08.9-3.19.1 slurm-node-18.08.9-3.19.1 slurm-node-debuginfo-18.08.9-3.19.1 slurm-pam_slurm-18.08.9-3.19.1 slurm-pam_slurm-debuginfo-18.08.9-3.19.1 slurm-plugins-18.08.9-3.19.1 slurm-plugins-debuginfo-18.08.9-3.19.1 slurm-slurmdbd-18.08.9-3.19.1 slurm-slurmdbd-debuginfo-18.08.9-3.19.1 slurm-sql-18.08.9-3.19.1 slurm-sql-debuginfo-18.08.9-3.19.1 slurm-sview-18.08.9-3.19.1 slurm-sview-debuginfo-18.08.9-3.19.1 slurm-torque-18.08.9-3.19.1 slurm-torque-debuginfo-18.08.9-3.19.1 References: https://www.suse.com/security/cve/CVE-2021-31215.html https://bugzilla.suse.com/1186024 From sle-updates at lists.suse.com Mon May 31 19:22:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:22:56 +0200 (CEST) Subject: SUSE-SU-2021:1814-1: important: Security update for nginx Message-ID: <20210531192256.2E8E3FD07@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1814-1 Rating: important References: #1186126 Cross-References: CVE-2021-23017 CVSS scores: CVE-2021-23017 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write (bsc#1186126) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1814=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): nginx-1.16.1-3.3.1 nginx-debuginfo-1.16.1-3.3.1 nginx-debugsource-1.16.1-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): nginx-source-1.16.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-23017.html https://bugzilla.suse.com/1186126 From sle-updates at lists.suse.com Mon May 31 19:23:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:23:59 +0200 (CEST) Subject: SUSE-RU-2021:1805-1: moderate: Recommended update for amazon-ssm-agent and amazon-ecs-init Message-ID: <20210531192359.CF455FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ssm-agent and amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1805-1 Rating: moderate References: #1186239 #1186262 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for amazon-ssm-agent and amazon-ecs-init fixes the following issues: - Added support for Amazon ECS Anywhere (bsc#1186239, bsc#1186262) The amazon-ssm-agent package provides a RELEASENOTES.md file with a more detailed list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-1805=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-1805=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-1805=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): amazon-ssm-agent-3.0.1209.0-5.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): amazon-ecs-init-1.52.1-4.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): amazon-ssm-agent-3.0.1209.0-5.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): amazon-ecs-init-1.52.1-4.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): amazon-ssm-agent-3.0.1209.0-5.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): amazon-ecs-init-1.52.1-4.8.1 References: https://bugzilla.suse.com/1186239 https://bugzilla.suse.com/1186262 From sle-updates at lists.suse.com Mon May 31 19:26:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:26:08 +0200 (CEST) Subject: SUSE-SU-2021:1810-1: important: Security update for slurm Message-ID: <20210531192608.52EEBFD07@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1810-1 Rating: important References: #1186024 Cross-References: CVE-2021-31215 CVSS scores: CVE-2021-31215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31215 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Module for HPC 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm fixes the following issues: - CVE-2021-31215: Fixed a environment mishandling that allowed remote code execution as SlurmUser (bsc#1186024). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2021-1810=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64): libnss_slurm2-20.02.7-3.6.1 libnss_slurm2-debuginfo-20.02.7-3.6.1 libpmi0-20.02.7-3.6.1 libpmi0-debuginfo-20.02.7-3.6.1 libslurm35-20.02.7-3.6.1 libslurm35-debuginfo-20.02.7-3.6.1 perl-slurm-20.02.7-3.6.1 perl-slurm-debuginfo-20.02.7-3.6.1 slurm-20.02.7-3.6.1 slurm-auth-none-20.02.7-3.6.1 slurm-auth-none-debuginfo-20.02.7-3.6.1 slurm-config-20.02.7-3.6.1 slurm-config-man-20.02.7-3.6.1 slurm-debuginfo-20.02.7-3.6.1 slurm-debugsource-20.02.7-3.6.1 slurm-devel-20.02.7-3.6.1 slurm-doc-20.02.7-3.6.1 slurm-lua-20.02.7-3.6.1 slurm-lua-debuginfo-20.02.7-3.6.1 slurm-munge-20.02.7-3.6.1 slurm-munge-debuginfo-20.02.7-3.6.1 slurm-node-20.02.7-3.6.1 slurm-node-debuginfo-20.02.7-3.6.1 slurm-pam_slurm-20.02.7-3.6.1 slurm-pam_slurm-debuginfo-20.02.7-3.6.1 slurm-plugins-20.02.7-3.6.1 slurm-plugins-debuginfo-20.02.7-3.6.1 slurm-slurmdbd-20.02.7-3.6.1 slurm-slurmdbd-debuginfo-20.02.7-3.6.1 slurm-sql-20.02.7-3.6.1 slurm-sql-debuginfo-20.02.7-3.6.1 slurm-sview-20.02.7-3.6.1 slurm-sview-debuginfo-20.02.7-3.6.1 slurm-torque-20.02.7-3.6.1 slurm-torque-debuginfo-20.02.7-3.6.1 slurm-webdoc-20.02.7-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-31215.html https://bugzilla.suse.com/1186024 From sle-updates at lists.suse.com Mon May 31 19:27:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:27:12 +0200 (CEST) Subject: SUSE-SU-2021:1807-1: moderate: Security update for python-httplib2 Message-ID: <20210531192712.2AD50FD07@maintenance.suse.de> SUSE Security Update: Security update for python-httplib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1807-1 Rating: moderate References: #1171998 #1182053 Cross-References: CVE-2020-11078 CVE-2021-21240 CVSS scores: CVE-2020-11078 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2020-11078 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2021-21240 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21240 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header (bsc#1182053). - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body (bsc#1171998). Non-security fixes included in this update: - Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240) - update to 0.19.0: * auth: parse headers using pyparsing instead of regexp * auth: WSSE token needs to be string not bytes - update to 0.18.1: (bsc#1171998, CVE-2020-11078) * explicit build-backend workaround for pip build isolation bug * IMPORTANT security vulnerability CWE-93 CRLF injection Force %xx quote of space, CR, LF characters in uri. * Ship test suite in source dist - update to 0.17.3: * bugfixes - Update to 0.17.1 * python3: no_proxy was not checked with https * feature: Http().redirect_codes set, works after follow(_all)_redirects check This allows one line workaround for old gcloud library that uses 308 response without redirect semantics. * IMPORTANT cache invalidation change, fix 307 keep method, add 308 Redirects * proxy: username/password as str compatible with pysocks * python2: regression in connect() error handling * add support for password protected certificate files * feature: Http.close() to clean persistent connections and sensitive data - Update to 0.14.0: * Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError - version update to 0.13.1 0.13.1 * Python3: Use no_proxy https://github.com/httplib2/httplib2/pull/140 0.13.0 * Allow setting TLS max/min versions https://github.com/httplib2/httplib2/pull/138 0.12.3 * No changes to library. Distribute py3 wheels. 0.12.1 * Catch socket timeouts and clear dead connection https://github.com/httplib2/httplib2/issues/18 https://github.com/httplib2/httplib2/pull/111 * Officially support Python 3.7 (package metadata) https://github.com/httplib2/httplib2/issues/123 0.12.0 * Drop support for Python 3.3 * ca_certs from environment HTTPLIB2_CA_CERTS or certifi https://github.com/httplib2/httplib2/pull/117 * PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required https://github.com/httplib2/httplib2/pull/115 * Revert http:443->https workaround https://github.com/httplib2/httplib2/issues/112 * eliminate connection pool read race https://github.com/httplib2/httplib2/pull/110 * cache: stronger safename https://github.com/httplib2/httplib2/pull/101 0.11.3 * No changes, just reupload of 0.11.2 after fixing automatic release conditions in Travis. 0.11.2 * proxy: py3 NameError basestring https://github.com/httplib2/httplib2/pull/100 0.11.1 * Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info https://github.com/httplib2/httplib2/pull/97 0.11.0 * Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5 https://github.com/httplib2/httplib2/pull/91 * python3 proxy support https://github.com/httplib2/httplib2/pull/90 * If no_proxy environment value ends with comma then proxy is not used https://github.com/httplib2/httplib2/issues/11 * fix UnicodeDecodeError using socks5 proxy https://github.com/httplib2/httplib2/pull/64 * Respect NO_PROXY env var in proxy_info_from_url https://github.com/httplib2/httplib2/pull/58 * NO_PROXY=bar was matching foobar (suffix without dot delimiter) New behavior matches curl/wget: - no_proxy=foo.bar will only skip proxy for exact hostname match - no_proxy=.wild.card will skip proxy for any.subdomains.wild.card https://github.com/httplib2/httplib2/issues/94 * Bugfix for Content-Encoding: deflate https://stackoverflow.com/a/22311297 - deleted patches httplib2 started to use certifi and this is already bent to use system certificate bundle. - handle the case when validation is disabled correctly. The 'check_hostname' context attribute has to be set first, othewise a "ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is enabled." exception is raised. - handle the case with ssl_version being None correctly - Use ssl.create_default_context in the python2 case so that the system wide certificates are loaded as trusted again. - Source url must be https. - Spec file cleanups - Update to 0.10.3 * Fix certificate validation on Python<=2.7.8 without ssl.CertificateError - Update to 0.10.2 * Just a reupload of 0.10.1, which was broken for Python3 because wheel distribution doesn't play well with our 2/3 split code base. - Update to 0.10.1 * Remove VeriSign Class 3 CA from trusted certs * Add IdenTrust DST Root CA X3 * Support for specifying the SSL protocol version (Python v2) * On App Engine use urlfetch's default deadline if None is passed. * Fix TypeError on AppEngine ???__init__() got an unexpected keyword argument 'ssl_version?????? * Send SNI data for SSL connections on Python 2.7.9+ * Verify the server hostname if certificate validation is enabled * Add proxy_headers argument to ProxyInfo constructor * Make disable_ssl_certificate_validation work with Python 3.5. * Fix socket error handling - Remove httplib2-bnc-818100.patch, merged upstream. - Project moved from code.google.com to GitHub, fix the url accordingly - attempt to build multi-python - update and cleanup of httplib2-use-system-certs.patch, so that the passthrough is clean for python2 and so that it does the right thing in python3 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-1807=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-1807=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-httplib2-0.19.0-7.7.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-httplib2-0.19.0-7.7.1 References: https://www.suse.com/security/cve/CVE-2020-11078.html https://www.suse.com/security/cve/CVE-2021-21240.html https://bugzilla.suse.com/1171998 https://bugzilla.suse.com/1182053 From sle-updates at lists.suse.com Mon May 31 19:29:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:29:25 +0200 (CEST) Subject: SUSE-SU-2021:1806-1: moderate: Security update for python-httplib2 Message-ID: <20210531192925.A57ECFD07@maintenance.suse.de> SUSE Security Update: Security update for python-httplib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1806-1 Rating: moderate References: #1171998 #1182053 Cross-References: CVE-2020-11078 CVE-2021-21240 CVSS scores: CVE-2020-11078 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2020-11078 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2021-21240 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21240 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-httplib2 fixes the following issues: - Update to version 0.19.0 (bsc#1182053). - CVE-2021-21240: Fixed regular expression denial of service via malicious header (bsc#1182053). - CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body (bsc#1182053). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1806=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1806=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1806=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1806=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-httplib2-0.19.0-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-httplib2-0.19.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-httplib2-0.19.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-httplib2-0.19.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-11078.html https://www.suse.com/security/cve/CVE-2021-21240.html https://bugzilla.suse.com/1171998 https://bugzilla.suse.com/1182053 From sle-updates at lists.suse.com Mon May 31 19:30:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:30:37 +0200 (CEST) Subject: SUSE-RU-2021:1804-1: moderate: Recommended update for amazon-ssm-agent and amazon-ecs-init Message-ID: <20210531193037.98747FD07@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ssm-agent and amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1804-1 Rating: moderate References: #1186239 #1186262 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for amazon-ssm-agent and amazon-ecs-init fixes the following issues: - Added support for Amazon ECS Anywhere (bsc#1186239, bsc#1186262) The amazon-ssm-agent package provides a RELEASENOTES.md file with a more detailed list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-1804=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2021-1804=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): amazon-ssm-agent-3.0.1209.0-4.24.1 - SUSE Linux Enterprise Module for Containers 12 (x86_64): amazon-ecs-init-1.52.1-16.8.1 References: https://bugzilla.suse.com/1186239 https://bugzilla.suse.com/1186262 From sle-updates at lists.suse.com Mon May 31 19:31:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 May 2021 21:31:44 +0200 (CEST) Subject: SUSE-SU-2021:1808-1: moderate: Security update for python-httplib2 Message-ID: <20210531193144.42BE9FD07@maintenance.suse.de> SUSE Security Update: Security update for python-httplib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1808-1 Rating: moderate References: #1171998 #1182053 Cross-References: CVE-2020-11078 CVE-2021-21240 CVSS scores: CVE-2020-11078 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2020-11078 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2021-21240 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21240 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header (bsc#1182053). - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body (bsc#1171998). Non security fixes included in this update: - Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240) - update to 0.19.0: * auth: parse headers using pyparsing instead of regexp * auth: WSSE token needs to be string not bytes - update to 0.18.1: (bsc#1171998, CVE-2020-11078) * explicit build-backend workaround for pip build isolation bug * IMPORTANT security vulnerability CWE-93 CRLF injection Force %xx quote of space, CR, LF characters in uri. * Ship test suite in source dist - update to 0.17.3: * bugfixes - Update to 0.17.1 * python3: no_proxy was not checked with https * feature: Http().redirect_codes set, works after follow(_all)_redirects check This allows one line workaround for old gcloud library that uses 308 response without redirect semantics. * IMPORTANT cache invalidation change, fix 307 keep method, add 308 Redirects * proxy: username/password as str compatible with pysocks * python2: regression in connect() error handling * add support for password protected certificate files * feature: Http.close() to clean persistent connections and sensitive data - Update to 0.14.0: * Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError - version update to 0.13.1 0.13.1 * Python3: Use no_proxy https://github.com/httplib2/httplib2/pull/140 0.13.0 * Allow setting TLS max/min versions https://github.com/httplib2/httplib2/pull/138 0.12.3 * No changes to library. Distribute py3 wheels. 0.12.1 * Catch socket timeouts and clear dead connection https://github.com/httplib2/httplib2/issues/18 https://github.com/httplib2/httplib2/pull/111 * Officially support Python 3.7 (package metadata) https://github.com/httplib2/httplib2/issues/123 0.12.0 * Drop support for Python 3.3 * ca_certs from environment HTTPLIB2_CA_CERTS or certifi https://github.com/httplib2/httplib2/pull/117 * PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required https://github.com/httplib2/httplib2/pull/115 * Revert http:443->https workaround https://github.com/httplib2/httplib2/issues/112 * eliminate connection pool read race https://github.com/httplib2/httplib2/pull/110 * cache: stronger safename https://github.com/httplib2/httplib2/pull/101 0.11.3 * No changes, just reupload of 0.11.2 after fixing automatic release conditions in Travis. 0.11.2 * proxy: py3 NameError basestring https://github.com/httplib2/httplib2/pull/100 0.11.1 * Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info https://github.com/httplib2/httplib2/pull/97 0.11.0 * Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5 https://github.com/httplib2/httplib2/pull/91 * python3 proxy support https://github.com/httplib2/httplib2/pull/90 * If no_proxy environment value ends with comma then proxy is not used https://github.com/httplib2/httplib2/issues/11 * fix UnicodeDecodeError using socks5 proxy https://github.com/httplib2/httplib2/pull/64 * Respect NO_PROXY env var in proxy_info_from_url https://github.com/httplib2/httplib2/pull/58 * NO_PROXY=bar was matching foobar (suffix without dot delimiter) New behavior matches curl/wget: - no_proxy=foo.bar will only skip proxy for exact hostname match - no_proxy=.wild.card will skip proxy for any.subdomains.wild.card https://github.com/httplib2/httplib2/issues/94 * Bugfix for Content-Encoding: deflate https://stackoverflow.com/a/22311297 - deleted patches - httplib2 started to use certifi and this is already bent to use system certificate bundle Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1808=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1808=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1808=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-httplib2-0.19.0-7.3.1 - SUSE OpenStack Cloud 8 (noarch): python-httplib2-0.19.0-7.3.1 - HPE Helion Openstack 8 (noarch): python-httplib2-0.19.0-7.3.1 References: https://www.suse.com/security/cve/CVE-2020-11078.html https://www.suse.com/security/cve/CVE-2021-21240.html https://bugzilla.suse.com/1171998 https://bugzilla.suse.com/1182053