SUSE-SU-2021:1623-1: important: Security update for the Linux Kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue May 18 13:15:51 UTC 2021


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:1623-1
Rating:             important
References:         #1120163 #1152974 #1152975 #1155179 #1155184 
                    #1155186 #1159483 #1165629 #1165823 #1172247 
                    #1173485 #1176720 #1177411 #1177855 #1177856 
                    #1178181 #1178634 #1179575 #1182047 #1182261 
                    #1182715 #1182716 #1182717 #1183022 #1183069 
                    #1183593 #1184120 #1184167 #1184168 #1184194 
                    #1184198 #1184208 #1184211 #1184391 #1184393 
                    #1184397 #1184509 #1184583 #1184611 #1185248 
                    #1185555 #1185556 #1185557 
Cross-References:   CVE-2020-0433 CVE-2020-1749 CVE-2020-25670
                    CVE-2020-25671 CVE-2020-25672 CVE-2020-25673
                    CVE-2020-27673 CVE-2020-36312 CVE-2020-36322
                    CVE-2021-20219 CVE-2021-27363 CVE-2021-27364
                    CVE-2021-27365 CVE-2021-28038 CVE-2021-28660
                    CVE-2021-28950 CVE-2021-28972 CVE-2021-29154
                    CVE-2021-29264 CVE-2021-29265 CVE-2021-29650
                    CVE-2021-30002 CVE-2021-3483
CVSS scores:
                    CVE-2020-0433 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-0433 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-1749 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
                    CVE-2020-27673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-27673 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-36312 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
                    CVE-2021-20219 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
                    CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
                    CVE-2021-28038 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
                    CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-30002 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise High Availability 12-SP3
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that solves 23 vulnerabilities and has 20 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a
     kvm_io_bus_unregister_dev memory leak upon a kmalloc failure
     (bnc#1184509).
   - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that
     allowed attackers to cause a denial of service (panic) because
     net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a
     full memory barrier upon the assignment of a new table value
     (bnc#1184208).
   - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have
     caused a denial of service (host OS hang) via a high rate of events to
     dom0 (bnc#1177411, bnc#1184583).
   - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute
     arbitrary code within the kernel context (bnc#1184391).
   - CVE-2020-25673: Fixed NFC endless loops caused by repeated
     llcp_sock_connect() (bsc#1178181).
   - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()
     (bsc#1178181).
   - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()
     (bsc#1178181).
   - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()
     (bsc#1178181).
   - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a "stall on
     CPU" could have occured because a retry loop continually finds the same
     bad inode (bnc#1184194, bnc#1184211).
   - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation
     where fuse_do_getattr() calls make_bad_inode() in inappropriate
     situations, could have caused a system crash. NOTE: the original fix for
     this vulnerability was incomplete, and its incompleteness is tracked as
     CVE-2021-28950 (bnc#1184211).
   - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists
     (bnc#1184120).
   - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).
   - CVE-2021-20219: Fixed a denial of service vulnerability in
     drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker
     with a normal user privilege could have delayed the loop and cause a
     threat to the system availability (bnc#1184397).
   - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in
     drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of
     service (GPF) because the stub-up sequence has race conditions during an
     update of the local and shared status (bnc#1184167).
   - CVE-2021-29264: Fixed an issue in
     drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar
     Ethernet driver that allowed attackers to cause a system crash because a
     negative fragment size is calculated in situations involving an rx queue
     overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).
   - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c
     where the RPA PCI Hotplug driver had a user-tolerable buffer overflow
     when writing a new device name to the driver from userspace, allowing
     userspace to write data to the kernel stack frame directly. This occurs
     because add_slot_store and remove_slot_store mishandle drc_name '\0'
     termination (bnc#1184198).
   - CVE-2021-28660: Fixed rtw_wx_set_scan in
     drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing
     beyond the end of the ssid array (bnc#1183593).
   - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a
     possible use after free due to improper locking could have happened.
     This could have led to local escalation of privilege with no additional
     execution privileges needed. User interaction is not needed for
     exploitation (bnc#1176720).
   - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the
     netback driver lacks necessary treatment of errors such as failed memory
     allocations (as a result of changes to the handling of grant mapping
     errors). A host OS denial of service may occur during misbehavior of a
     networking frontend driver. NOTE: this issue exists because of an
     incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).
   - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that
     does not have appropriate length constraints or checks, and can exceed
     the PAGE_SIZE value. An unprivileged user can send a Netlink message
     that is associated with iSCSI, and has a length up to the maximum length
     of a Netlink message (bnc#1182715).
   - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could
     have been used to determine the address of the iscsi_transport
     structure. When an iSCSI transport is registered with the iSCSI
     subsystem, the transport's handle is available to unprivileged users via
     the sysfs file system, at
     /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the
     show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c)
     is called, which leaks the handle. This handle is actually the pointer
     to an iscsi_transport struct in the kernel module's global variables
     (bnc#1182716).
   - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c
     where an unprivileged user can craft Netlink messages (bnc#1182717).
   - CVE-2020-1749: Fixed a flaw inside of some networking protocols in
     IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted
     tunnel is created between two hosts, the kernel isn't correctly routing
     tunneled data over the encrypted link; rather sending the data
     unencrypted. This would allow anyone in between the two endpoints to
     read the traffic unencrypted. The main threat from this vulnerability is
     to data confidentiality (bnc#1165629).

   The following non-security bugs were fixed:

   - bluetooth: eliminate the potential race condition when removing the HCI
     controller (bsc#1184611).
   - Btrfs: add missing extents release on file extent cluster relocation
     error (bsc#1159483).
   - btrfs: change timing for qgroup reserved space for ordered extents to
     fix reserved space leak (bsc#1172247).
   - btrfs: Cleanup try_flush_qgroup (bsc#1182047).
   - btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata
     (bsc#1182047).
   - btrfs: drop unused parameter qgroup_reserved (bsc#1182261).
   - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1182261).
   - btrfs: fix qgroup_free wrong num_bytes in
     btrfs_subvolume_reserve_metadata (bsc#1182261).
   - btrfs: Free correct amount of space in
     btrfs_delayed_inode_reserve_metadata (bsc#1182047).
   - btrfs: inode: move qgroup reserved space release to the callers of
     insert_reserved_file_extent() (bsc#1172247).
   - btrfs: inode: refactor the parameters of insert_reserved_file_extent()
     (bsc#1172247).
   - btrfs: make btrfs_ordered_extent naming consistent with
     btrfs_file_extent_item (bsc#1172247).
   - btrfs: qgroup: allow to unreserve range without releasing other ranges
     (bsc#1120163).
   - btrfs: qgroup: Always free PREALLOC META reserve in
     btrfs_delalloc_release_extents() (bsc#1155179).
   - btrfs: qgroup: do not commit transaction when we already hold the handle
     (bsc#1178634).
   - btrfs: qgroup: Do not hold qgroup_ioctl_lock in btrfs_qgroup_inherit()
     (bsc#1165823).
   - btrfs: qgroup: do not try to wait flushing if we're already holding a
     transaction (bsc#1179575).
   - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after
     disable (bsc#1172247).
   - btrfs: qgroup: fix data leak caused by race between writeback and
     truncate (bsc#1172247).
   - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations
     (bsc#1177856).
   - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve
     calls (bsc#1152975).
   - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data
     space (bsc#1152974).
   - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode
     (bsc#1177855).
   - btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a
     new qgroup (bsc#1165823).
   - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve
     retry-after-EDQUOT (bsc#1120163).
   - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT
     (bsc#1120163).
   - btrfs: remove unused parameter from btrfs_subvolume_release_metadata
     (bsc#1182261).
   - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186).
   - btrfs: tracepoints: Fix wrong parameter order for qgroup events
     (bsc#1155184).
   - ext4: check journal inode extents more carefully (bsc#1173485).
   - ext4: do not allow overlapping system zones (bsc#1173485).
   - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485).
   - hv_netvsc: remove ndo_poll_controller (bsc#1185248).
   - KVM: Add proper lockdep assertion in I/O bus unregister (bsc#1185555).
   - KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU
     (bsc#1185556).
   - KVM: Stop looking for coalesced MMIO zones if the bus is destroyed
     (bsc#1185557).
   - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022
     XSA-367).
   - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022
     XSA-367).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1623=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1623=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1623=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1623=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1623=1

   - SUSE Linux Enterprise High Availability 12-SP3:

      zypper in -t patch SUSE-SLE-HA-12-SP3-2021-1623=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-1623=1



Package List:

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      kernel-default-4.4.180-94.144.1
      kernel-default-base-4.4.180-94.144.1
      kernel-default-base-debuginfo-4.4.180-94.144.1
      kernel-default-debuginfo-4.4.180-94.144.1
      kernel-default-debugsource-4.4.180-94.144.1
      kernel-default-devel-4.4.180-94.144.1
      kernel-default-kgraft-4.4.180-94.144.1
      kernel-syms-4.4.180-94.144.1
      kgraft-patch-4_4_180-94_144-default-1-4.3.1
      kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      kernel-devel-4.4.180-94.144.1
      kernel-macros-4.4.180-94.144.1
      kernel-source-4.4.180-94.144.1

   - SUSE OpenStack Cloud 8 (noarch):

      kernel-devel-4.4.180-94.144.1
      kernel-macros-4.4.180-94.144.1
      kernel-source-4.4.180-94.144.1

   - SUSE OpenStack Cloud 8 (x86_64):

      kernel-default-4.4.180-94.144.1
      kernel-default-base-4.4.180-94.144.1
      kernel-default-base-debuginfo-4.4.180-94.144.1
      kernel-default-debuginfo-4.4.180-94.144.1
      kernel-default-debugsource-4.4.180-94.144.1
      kernel-default-devel-4.4.180-94.144.1
      kernel-default-kgraft-4.4.180-94.144.1
      kernel-syms-4.4.180-94.144.1
      kgraft-patch-4_4_180-94_144-default-1-4.3.1
      kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      kernel-default-4.4.180-94.144.1
      kernel-default-base-4.4.180-94.144.1
      kernel-default-base-debuginfo-4.4.180-94.144.1
      kernel-default-debuginfo-4.4.180-94.144.1
      kernel-default-debugsource-4.4.180-94.144.1
      kernel-default-devel-4.4.180-94.144.1
      kernel-default-kgraft-4.4.180-94.144.1
      kernel-syms-4.4.180-94.144.1
      kgraft-patch-4_4_180-94_144-default-1-4.3.1
      kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):

      kernel-devel-4.4.180-94.144.1
      kernel-macros-4.4.180-94.144.1
      kernel-source-4.4.180-94.144.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      kernel-default-4.4.180-94.144.1
      kernel-default-base-4.4.180-94.144.1
      kernel-default-base-debuginfo-4.4.180-94.144.1
      kernel-default-debuginfo-4.4.180-94.144.1
      kernel-default-debugsource-4.4.180-94.144.1
      kernel-default-devel-4.4.180-94.144.1
      kernel-syms-4.4.180-94.144.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64):

      kernel-default-kgraft-4.4.180-94.144.1
      kgraft-patch-4_4_180-94_144-default-1-4.3.1
      kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):

      kernel-devel-4.4.180-94.144.1
      kernel-macros-4.4.180-94.144.1
      kernel-source-4.4.180-94.144.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x):

      kernel-default-man-4.4.180-94.144.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      kernel-default-4.4.180-94.144.1
      kernel-default-base-4.4.180-94.144.1
      kernel-default-base-debuginfo-4.4.180-94.144.1
      kernel-default-debuginfo-4.4.180-94.144.1
      kernel-default-debugsource-4.4.180-94.144.1
      kernel-default-devel-4.4.180-94.144.1
      kernel-syms-4.4.180-94.144.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (noarch):

      kernel-devel-4.4.180-94.144.1
      kernel-macros-4.4.180-94.144.1
      kernel-source-4.4.180-94.144.1

   - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.4.180-94.144.1
      cluster-md-kmp-default-debuginfo-4.4.180-94.144.1
      dlm-kmp-default-4.4.180-94.144.1
      dlm-kmp-default-debuginfo-4.4.180-94.144.1
      gfs2-kmp-default-4.4.180-94.144.1
      gfs2-kmp-default-debuginfo-4.4.180-94.144.1
      kernel-default-debuginfo-4.4.180-94.144.1
      kernel-default-debugsource-4.4.180-94.144.1
      ocfs2-kmp-default-4.4.180-94.144.1
      ocfs2-kmp-default-debuginfo-4.4.180-94.144.1

   - HPE Helion Openstack 8 (noarch):

      kernel-devel-4.4.180-94.144.1
      kernel-macros-4.4.180-94.144.1
      kernel-source-4.4.180-94.144.1

   - HPE Helion Openstack 8 (x86_64):

      kernel-default-4.4.180-94.144.1
      kernel-default-base-4.4.180-94.144.1
      kernel-default-base-debuginfo-4.4.180-94.144.1
      kernel-default-debuginfo-4.4.180-94.144.1
      kernel-default-debugsource-4.4.180-94.144.1
      kernel-default-devel-4.4.180-94.144.1
      kernel-default-kgraft-4.4.180-94.144.1
      kernel-syms-4.4.180-94.144.1
      kgraft-patch-4_4_180-94_144-default-1-4.3.1
      kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1


References:

   https://www.suse.com/security/cve/CVE-2020-0433.html
   https://www.suse.com/security/cve/CVE-2020-1749.html
   https://www.suse.com/security/cve/CVE-2020-25670.html
   https://www.suse.com/security/cve/CVE-2020-25671.html
   https://www.suse.com/security/cve/CVE-2020-25672.html
   https://www.suse.com/security/cve/CVE-2020-25673.html
   https://www.suse.com/security/cve/CVE-2020-27673.html
   https://www.suse.com/security/cve/CVE-2020-36312.html
   https://www.suse.com/security/cve/CVE-2020-36322.html
   https://www.suse.com/security/cve/CVE-2021-20219.html
   https://www.suse.com/security/cve/CVE-2021-27363.html
   https://www.suse.com/security/cve/CVE-2021-27364.html
   https://www.suse.com/security/cve/CVE-2021-27365.html
   https://www.suse.com/security/cve/CVE-2021-28038.html
   https://www.suse.com/security/cve/CVE-2021-28660.html
   https://www.suse.com/security/cve/CVE-2021-28950.html
   https://www.suse.com/security/cve/CVE-2021-28972.html
   https://www.suse.com/security/cve/CVE-2021-29154.html
   https://www.suse.com/security/cve/CVE-2021-29264.html
   https://www.suse.com/security/cve/CVE-2021-29265.html
   https://www.suse.com/security/cve/CVE-2021-29650.html
   https://www.suse.com/security/cve/CVE-2021-30002.html
   https://www.suse.com/security/cve/CVE-2021-3483.html
   https://bugzilla.suse.com/1120163
   https://bugzilla.suse.com/1152974
   https://bugzilla.suse.com/1152975
   https://bugzilla.suse.com/1155179
   https://bugzilla.suse.com/1155184
   https://bugzilla.suse.com/1155186
   https://bugzilla.suse.com/1159483
   https://bugzilla.suse.com/1165629
   https://bugzilla.suse.com/1165823
   https://bugzilla.suse.com/1172247
   https://bugzilla.suse.com/1173485
   https://bugzilla.suse.com/1176720
   https://bugzilla.suse.com/1177411
   https://bugzilla.suse.com/1177855
   https://bugzilla.suse.com/1177856
   https://bugzilla.suse.com/1178181
   https://bugzilla.suse.com/1178634
   https://bugzilla.suse.com/1179575
   https://bugzilla.suse.com/1182047
   https://bugzilla.suse.com/1182261
   https://bugzilla.suse.com/1182715
   https://bugzilla.suse.com/1182716
   https://bugzilla.suse.com/1182717
   https://bugzilla.suse.com/1183022
   https://bugzilla.suse.com/1183069
   https://bugzilla.suse.com/1183593
   https://bugzilla.suse.com/1184120
   https://bugzilla.suse.com/1184167
   https://bugzilla.suse.com/1184168
   https://bugzilla.suse.com/1184194
   https://bugzilla.suse.com/1184198
   https://bugzilla.suse.com/1184208
   https://bugzilla.suse.com/1184211
   https://bugzilla.suse.com/1184391
   https://bugzilla.suse.com/1184393
   https://bugzilla.suse.com/1184397
   https://bugzilla.suse.com/1184509
   https://bugzilla.suse.com/1184583
   https://bugzilla.suse.com/1184611
   https://bugzilla.suse.com/1185248
   https://bugzilla.suse.com/1185555
   https://bugzilla.suse.com/1185556
   https://bugzilla.suse.com/1185557



More information about the sle-updates mailing list