From sle-updates at lists.suse.com  Mon Nov  1 23:17:52 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  2 Nov 2021 00:17:52 +0100 (CET)
Subject: SUSE-RU-2021:3588-1: Recommended update for sle-we-release
Message-ID: <20211101231752.29FFCFBBB@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for sle-we-release
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3588-1
Rating:             low
References:         
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15-SP2
______________________________________________________________________________

   An update that has 0 recommended fixes can now be installed.

Description:

   This update for sle-we-release provides the following fix:

   - Adjust the EOL date to 2021-12-31.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15-SP2:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3588=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):

      sle-we-release-15.2-5.3.3


References:



From sle-updates at lists.suse.com  Mon Nov  1 23:19:04 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  2 Nov 2021 00:19:04 +0100 (CET)
Subject: SUSE-RU-2021:3589-1: moderate: Recommended update for apparmor
Message-ID: <20211101231904.5FB8AFBBB@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for apparmor
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3589-1
Rating:             moderate
References:         #1191690 
Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Module for Server Applications 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for apparmor fixes the following issues:

   - Fixed an issue when apparmor provides python2 and python3 libraries with
     the same name. (bsc#1191690)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3589=1

   - SUSE Linux Enterprise Module for Server Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3589=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3589=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      apparmor-debugsource-2.13.6-3.3.1
      apparmor-parser-2.13.6-3.3.1
      apparmor-parser-debuginfo-2.13.6-3.3.1
      libapparmor-debugsource-2.13.6-3.3.1
      libapparmor1-2.13.6-3.3.1
      libapparmor1-debuginfo-2.13.6-3.3.1
      pam_apparmor-2.13.6-3.3.1
      pam_apparmor-debuginfo-2.13.6-3.3.1

   - SUSE MicroOS 5.1 (noarch):

      apparmor-abstractions-2.13.6-3.3.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      apache2-mod_apparmor-2.13.6-3.3.1
      apache2-mod_apparmor-debuginfo-2.13.6-3.3.1
      apparmor-debugsource-2.13.6-3.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      apparmor-debugsource-2.13.6-3.3.1
      apparmor-parser-2.13.6-3.3.1
      apparmor-parser-debuginfo-2.13.6-3.3.1
      libapparmor-debugsource-2.13.6-3.3.1
      libapparmor-devel-2.13.6-3.3.1
      libapparmor1-2.13.6-3.3.1
      libapparmor1-debuginfo-2.13.6-3.3.1
      pam_apparmor-2.13.6-3.3.1
      pam_apparmor-debuginfo-2.13.6-3.3.1
      perl-apparmor-2.13.6-3.3.1
      perl-apparmor-debuginfo-2.13.6-3.3.1
      python3-apparmor-2.13.6-3.3.1
      python3-apparmor-debuginfo-2.13.6-3.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      apparmor-abstractions-2.13.6-3.3.1
      apparmor-docs-2.13.6-3.3.1
      apparmor-parser-lang-2.13.6-3.3.1
      apparmor-profiles-2.13.6-3.3.1
      apparmor-utils-2.13.6-3.3.1
      apparmor-utils-lang-2.13.6-3.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):

      libapparmor1-32bit-2.13.6-3.3.1
      libapparmor1-32bit-debuginfo-2.13.6-3.3.1
      pam_apparmor-32bit-2.13.6-3.3.1
      pam_apparmor-32bit-debuginfo-2.13.6-3.3.1


References:

   https://bugzilla.suse.com/1191690


From sle-updates at lists.suse.com  Tue Nov  2 11:20:46 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  2 Nov 2021 12:20:46 +0100 (CET)
Subject: SUSE-RU-2021:3591-1: moderate: Recommended update for man-pages
Message-ID: <20211102112046.AFF4EFDAB@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for man-pages
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3591-1
Rating:             moderate
References:         #1185534 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for man-pages fixes the following issues:

   - Added missing manual entry for kernel_lockdown in section 7 (bsc#1185534)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3591=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      man-pages-4.16-13.3.1


References:

   https://bugzilla.suse.com/1185534


From sle-updates at lists.suse.com  Tue Nov  2 11:22:06 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  2 Nov 2021 12:22:06 +0100 (CET)
Subject: SUSE-RU-2021:3590-1: moderate: Recommended update for libyui
Message-ID: <20211102112206.AD365FDAB@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for libyui
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3590-1
Rating:             moderate
References:         #1191130 
Affected Products:
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for libyui fixes the following issues:

   - Fixed crash in NCurses online update when retracted packages are present
     (bsc#1191130)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3590=1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3590=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3590=1



Package List:

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      libyui-ncurses-rest-api-debugsource-4.1.5-3.6.1
      libyui-ncurses-rest-api-devel-4.1.5-3.6.1
      libyui-ncurses-rest-api15-4.1.5-3.6.1
      libyui-ncurses-rest-api15-debuginfo-4.1.5-3.6.1
      libyui-qt-rest-api-debugsource-4.1.5-3.6.1
      libyui-qt-rest-api-devel-4.1.5-3.6.1
      libyui-qt-rest-api15-4.1.5-3.6.1
      libyui-qt-rest-api15-debuginfo-4.1.5-3.6.1
      libyui-rest-api-debugsource-4.1.5-3.6.1
      libyui-rest-api-devel-4.1.5-3.6.1
      libyui-rest-api15-4.1.5-3.6.1
      libyui-rest-api15-debuginfo-4.1.5-3.6.1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      libyui-qt-pkg-debugsource-4.1.5-3.6.1
      libyui-qt-pkg-devel-4.1.5-3.6.1
      libyui-qt-pkg15-4.1.5-3.6.1
      libyui-qt-pkg15-debuginfo-4.1.5-3.6.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      libyui-debugsource-4.1.5-3.6.1
      libyui-devel-4.1.5-3.6.1
      libyui-ncurses-debugsource-4.1.5-3.6.1
      libyui-ncurses-devel-4.1.5-3.6.1
      libyui-ncurses-pkg-debugsource-4.1.5-3.6.1
      libyui-ncurses-pkg-devel-4.1.5-3.6.1
      libyui-ncurses-pkg15-4.1.5-3.6.1
      libyui-ncurses-pkg15-debuginfo-4.1.5-3.6.1
      libyui-ncurses-tools-4.1.5-3.6.1
      libyui-ncurses15-4.1.5-3.6.1
      libyui-ncurses15-debuginfo-4.1.5-3.6.1
      libyui-qt-debugsource-4.1.5-3.6.1
      libyui-qt-devel-4.1.5-3.6.1
      libyui-qt-graph-debugsource-4.1.5-3.6.1
      libyui-qt-graph-devel-4.1.5-3.6.1
      libyui-qt-graph15-4.1.5-3.6.1
      libyui-qt-graph15-debuginfo-4.1.5-3.6.1
      libyui-qt15-4.1.5-3.6.1
      libyui-qt15-debuginfo-4.1.5-3.6.1
      libyui15-4.1.5-3.6.1
      libyui15-debuginfo-4.1.5-3.6.1


References:

   https://bugzilla.suse.com/1191130


From sle-updates at lists.suse.com  Tue Nov  2 14:17:51 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  2 Nov 2021 15:17:51 +0100 (CET)
Subject: SUSE-RU-2021:3594-1: moderate: Recommended update for python
Message-ID: <20211102141751.A3533FDAB@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for python
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3594-1
Rating:             moderate
References:         #1175619 
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for python provides the following fix:

   - Set correct value of %python2_package_prefix to python (as expected on
     SLE-12). (bsc#1175619)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3594=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3594=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      python-base-debuginfo-2.7.18-28.77.1
      python-base-debugsource-2.7.18-28.77.1
      python-devel-2.7.18-28.77.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      libpython2_7-1_0-2.7.18-28.77.1
      libpython2_7-1_0-debuginfo-2.7.18-28.77.1
      python-2.7.18-28.77.1
      python-base-2.7.18-28.77.1
      python-base-debuginfo-2.7.18-28.77.1
      python-base-debugsource-2.7.18-28.77.1
      python-curses-2.7.18-28.77.1
      python-curses-debuginfo-2.7.18-28.77.1
      python-debuginfo-2.7.18-28.77.1
      python-debugsource-2.7.18-28.77.1
      python-demo-2.7.18-28.77.1
      python-devel-2.7.18-28.77.1
      python-gdbm-2.7.18-28.77.1
      python-gdbm-debuginfo-2.7.18-28.77.1
      python-idle-2.7.18-28.77.1
      python-tk-2.7.18-28.77.1
      python-tk-debuginfo-2.7.18-28.77.1
      python-xml-2.7.18-28.77.1
      python-xml-debuginfo-2.7.18-28.77.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):

      libpython2_7-1_0-32bit-2.7.18-28.77.1
      libpython2_7-1_0-debuginfo-32bit-2.7.18-28.77.1
      python-32bit-2.7.18-28.77.1
      python-base-32bit-2.7.18-28.77.1
      python-base-debuginfo-32bit-2.7.18-28.77.1
      python-debuginfo-32bit-2.7.18-28.77.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      python-doc-2.7.18-28.77.1
      python-doc-pdf-2.7.18-28.77.1


References:

   https://bugzilla.suse.com/1175619


From sle-updates at lists.suse.com  Tue Nov  2 14:20:36 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  2 Nov 2021 15:20:36 +0100 (CET)
Subject: SUSE-SU-2021:14836-1: important: Security update for transfig
Message-ID: <20211102142036.DC032FDAB@maintenance.suse.de>


   SUSE Security Update: Security update for transfig
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:14836-1
Rating:             important
References:         #1190607 #1190611 #1190612 #1190615 #1190616 
                    #1190617 #1190618 #1192019 
Cross-References:   CVE-2020-21529 CVE-2020-21530 CVE-2020-21531
                    CVE-2020-21532 CVE-2020-21533 CVE-2020-21534
                    CVE-2020-21535 CVE-2021-32280
CVSS scores:
                    CVE-2020-21529 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-21530 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-21531 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-21532 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-21533 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-21534 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-21535 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-32280 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Server 11-SP4-LTSS
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:

   This update for transfig fixes the following issues:

   Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)

   - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline
     function in genepic.c.
   - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects
     function in read.c.
   - bsc#1190617, CVE-2020-21531: global buffer overflow in the
     conv_pattern_index function in gencgm.c.
   - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont
     function in genepic.c.
   - bsc#1190612, CVE-2020-21533: stack buffer overflow in the
     read_textobject function in read.c.
   - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line
     function in read.c.
   - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start
     function in gencgm.c.
   - bsc#1192019, CVE-2021-32280: NULL pointer dereference in
     compute_closed_spline() in trans_spline.c


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4-LTSS:

      zypper in -t patch slessp4-transfig-14836=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-transfig-14836=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-transfig-14836=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-transfig-14836=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):

      transfig-3.2.8b-160.16.2

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      transfig-3.2.8b-160.16.2

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):

      transfig-debuginfo-3.2.8b-160.16.2
      transfig-debugsource-3.2.8b-160.16.2

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      transfig-debuginfo-3.2.8b-160.16.2
      transfig-debugsource-3.2.8b-160.16.2


References:

   https://www.suse.com/security/cve/CVE-2020-21529.html
   https://www.suse.com/security/cve/CVE-2020-21530.html
   https://www.suse.com/security/cve/CVE-2020-21531.html
   https://www.suse.com/security/cve/CVE-2020-21532.html
   https://www.suse.com/security/cve/CVE-2020-21533.html
   https://www.suse.com/security/cve/CVE-2020-21534.html
   https://www.suse.com/security/cve/CVE-2020-21535.html
   https://www.suse.com/security/cve/CVE-2021-32280.html
   https://bugzilla.suse.com/1190607
   https://bugzilla.suse.com/1190611
   https://bugzilla.suse.com/1190612
   https://bugzilla.suse.com/1190615
   https://bugzilla.suse.com/1190616
   https://bugzilla.suse.com/1190617
   https://bugzilla.suse.com/1190618
   https://bugzilla.suse.com/1192019


From sle-updates at lists.suse.com  Tue Nov  2 14:25:44 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  2 Nov 2021 15:25:44 +0100 (CET)
Subject: SUSE-SU-2021:3593-1: moderate: Security update for binutils
Message-ID: <20211102142544.ED8DAFDAB@maintenance.suse.de>


   SUSE Security Update: Security update for binutils
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3593-1
Rating:             moderate
References:         #1126826 #1126829 #1126831 #1140126 #1142649 
                    #1143609 #1153768 #1153770 #1157755 #1160254 
                    #1160590 #1163333 #1163744 #1179036 #1179341 
                    #1179898 #1179899 #1179900 #1179901 #1179902 
                    #1179903 #1180451 #1180454 #1180461 #1181452 
                    #1182252 #1183511 #1184620 #1184794 ECO-2373 
                    PM-2767 SLE-18637 SLE-19618 SLE-21561 SLE-7464 
                    SLE-7903 
Cross-References:   CVE-2019-12972 CVE-2019-14250 CVE-2019-14444
                    CVE-2019-17450 CVE-2019-17451 CVE-2019-9074
                    CVE-2019-9075 CVE-2019-9077 CVE-2020-16590
                    CVE-2020-16591 CVE-2020-16592 CVE-2020-16593
                    CVE-2020-16598 CVE-2020-16599 CVE-2020-35448
                    CVE-2020-35493 CVE-2020-35496 CVE-2020-35507
                    CVE-2021-20197 CVE-2021-20284 CVE-2021-3487
                   
CVSS scores:
                    CVE-2019-12972 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-14250 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
                    CVE-2019-14250 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
                    CVE-2019-14444 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-14444 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2019-17450 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-17450 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2019-17451 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-17451 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2019-9074 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-9074 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2019-9075 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-9075 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-9077 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-9077 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
                    CVE-2020-16590 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16590 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2020-16591 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16591 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16592 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16592 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16593 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16593 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16598 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16598 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16599 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16599 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2020-35448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2020-35448 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2020-35493 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35493 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35496 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35507 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35507 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-20197 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-20197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-20284 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-20284 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-3487 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-3487 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that solves 21 vulnerabilities, contains 7
   features and has 8 fixes is now available.

Description:

   This update for binutils fixes the following issues:

   Update to binutils 2.37:

   * The GNU Binutils sources now requires a C99 compiler and library to
     build.
   * Support for the arm-symbianelf format has been removed.
   * Support for Realm Management Extension (RME) for AArch64 has been added.
   * A new linker option '-z report-relative-reloc' for x86 ELF targets has
     been added to report dynamic relative relocations.
   * A new linker option '-z start-stop-gc' has been added to disable special
     treatment of __start_*/__stop_* references when
     --gc-sections.
   * A new linker options '-Bno-symbolic' has been added which will cancel
     the '-Bsymbolic' and '-Bsymbolic-functions' options.
   * The readelf tool has a new command line option which can be used to
     specify how the numeric values of symbols are reported.
     --sym-base=0|8|10|16 tells readelf to display the values in base 8, base
      10 or base 16.  A sym base of 0 represents the default action
     of displaying values under 10000 in base 10 and values above that in
      base 16.
   * A new format has been added to the nm program.  Specifying
     '--format=just-symbols' (or just using -j) will tell the program to
     only display symbol names and nothing else.
   * A new command line option '--keep-section-symbols' has been added to
     objcopy and strip.  This stops the removal of unused section symbols
      when the file is copied.  Removing these symbols saves space, but
      sometimes they are needed by other tools.
   * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
     supported by objcopy now make undefined symbols weak on targets that
     support weak symbols.
   * Readelf and objdump can now display and use the contents of .debug_sup
     sections.
   * Readelf and objdump will now follow links to separate debug info files
     by default.  This behaviour can be stopped via the use of the new '-wN'
     or '--debug-dump=no-follow-links' options for readelf and the '-WN' or
     '--dwarf=no-follow-links' options for objdump.  Also the old behaviour
     can be restored by the use of the '--enable-follow-debug-links=no'
     configure time option.

     The semantics of the =follow-links option have also been slightly
   changed.  When enabled, the option allows for the loading of symbol tables
   and string tables from the separate files which can be used to enhance the
   information displayed when dumping other sections, but it does not
   automatically imply that information from the separate files should be
   displayed.

     If other debug section display options are also enabled (eg
   '--debug-dump=info') then the contents of matching sections in both the
   main file and the separate debuginfo file *will* be displayed. This is
   because in most cases the debug section will only be present in one of the
   files.

     If however non-debug section display options are enabled (eg
   '--sections') then the contents of matching parts of the separate
   debuginfo file will *not* be displayed.  This is because in most cases the
   user probably only wanted to load the symbol information from the separate
   debuginfo file.  In order to change this behaviour a new command line
   option --process-links can be used.  This will allow di0pslay options to
   applied to both the main file and any separate debuginfo files.
   * Nm has a new command line option: '--quiet'.  This suppresses "no
     symbols" diagnostic.

   Update to binutils 2.36:

    New features in the Assembler:

     General:

      * When setting the link order attribute of ELF sections, it is now
        possible to use a numeric section index instead of symbol name.
      * Added a .nop directive to generate a single no-op instruction in a
        target neutral manner.  This instruction does have an effect on DWARF
        line number generation, if that is active.
      * Removed --reduce-memory-overheads and --hash-size as gas now uses
        hash tables that can be expand and shrink automatically.

      X86/x86_64:

        * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker
   instructions.
        * Support non-absolute segment values for lcall and ljmp.
        * Add {disp16} pseudo prefix to x86 assembler.
        * Configure with --enable-x86-used-note by default for Linux/x86.

      ARM/AArch64:

        * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82,
   Neoverse V1, and Neoverse N2 cores.
        * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
   Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder
   Extension) and BRBE (Branch Record Buffer Extension) system registers.
        * Add support for Armv8-R and Armv8.7-A ISA extensions.
        * Add support for DSB memory nXS barrier, WFET and WFIT instruction
   for Armv8.7.
        * Add support for +csre feature for -march. Add CSR PDEC instruction
   for CSRE feature in AArch64.
        * Add support for +flagm feature for -march in Armv8.4 AArch64.
        * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add
   atomic 64-byte load/store instructions for this feature.
        * Add support for +pauth (Pointer Authentication) feature for
          -march in AArch64.

     New features in the Linker:

       * Add --error-handling-script=<NAME> command line option to allow a
         helper script to be invoked when an undefined symbol or a missing
         library is encountered.  This option can be suppressed via the
         configure time switch: --enable-error-handling-script=no.
       * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
         x86-64-{baseline|v[234]} ISA level as needed.
       * Add -z unique-symbol to avoid duplicated local symbol names.
       * The creation of PE format DLLs now defaults to using a more secure
         set of DLL characteristics.
       * The linker now deduplicates the types in .ctf sections.  The new
         command-line option --ctf-share-types describes how to do this: its
         default value, share-unconflicted, produces the most compact
          output.
       * The linker now omits the "variable section" from .ctf sections by
         default, saving space.  This is almost certainly what you want
         unless you are working on a project that has its own analogue of
         symbol tables that are not reflected in the ELF symtabs.

   New features in other binary tools:

       * The ar tool's previously unused l modifier is now used for
         specifying dependencies of a static library. The arguments of this
         option (or --record-libdeps long form option) will be stored
         verbatim in the __.LIBDEP member of the archive, which the linker
         may read at link time.
       * Readelf can now display the contents of LTO symbol table sections
         when asked to do so via the --lto-syms command line
         option.
       * Readelf now accepts the -C command line option to enable the
         demangling of symbol names.  In addition the --demangle=<style>,
         --no-demangle, --recurse-limit and --no-recurse-limit options are
   also now availale.

   Update to binutils 2.35.1:

   * This is a point release over the previous 2.35 version, containing bug
     fixes, and as an exception to the usual rule, one new feature.  The new
     feature is the support for a new directive in the assembler: ".nop".
     This directive creates a single no-op instruction in whatever encoding
     is correct for the target architecture.  Unlike the .space or .fill this
     is a real instruction, and it does affect the generation of DWARF line
     number tables, should they be enabled.

   Update to binutils 2.35:

   * The assembler can now produce DWARF-5 format line number tables.
   * Readelf now has a "lint" mode to enable extra checks of the files it is
     processing.
   * Readelf will now display "[...]" when it has to truncate a symbol name.
     The old behaviour - of displaying as many characters as possible, up to
     the 80 column limit - can be restored by the use of the
     --silent-truncation
     option.
   * The linker can now produce a dependency file listing the inputs that it
     has processed, much like the -M -MP option supported by the compiler.

   Update to binutils 2.34:

   * The disassembler (objdump --disassemble) now has an option to generate
     ascii art thats show the arcs between that start and end points of
     control flow instructions.
   * The binutils tools now have support for debuginfod.  Debuginfod is a
     HTTP service for distributing ELF/DWARF debugging information as well as
     source code.  The tools can now connect to debuginfod servers in order
     to download debug information about the files that they are processing.
   * The assembler and linker now support the generation of ELF format files
     for the Z80 architecture.

   Update to binutils 2.33.1:

   * Adds support for the Arm Scalable Vector Extension version 2 (SVE2)
     instructions, the Arm Transactional Memory Extension (TME) instructions
     and the Armv8.1-M Mainline and M-profile Vector Extension (MVE)
     instructions.
   * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
     processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
     Cortex-A76AE, and Cortex-A77 processors.
   * Adds a .float16 directive for both Arm and AArch64 to allow encoding of
     16-bit floating point literals.
   * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3
     LLSC Errata.  Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure
     time option to set the default behavior. Set the default if the
     configure option is not used to "no".
   * The Cortex-A53 Erratum 843419 workaround now supports a choice of which
     workaround to use.  The option --fix-cortex-a53-843419 now takes an
     optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be
     used to force a particular workaround to be used. See --help for AArch64
     for more details.
   * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
     GNU_PROPERTY_AARCH64_FEATURE_1_PAC  in ELF GNU program properties in the
     AArch64 ELF linker.
   * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
     on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
     on inputs and use PLTs protected with BTI.
   * Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
   * Add --source-comment[=<txt>] option to objdump which if present,
     provides a prefix to source code lines displayed in a disassembly.
   * Add --set-section-alignment <section-name>=<power-of-2-align>
     option to objcopy to allow the changing of section alignments.
   * Add --verilog-data-width option to objcopy for verilog targets to
     control width of data elements in verilog hex format.
   * The separate debug info file options of readelf (--debug-dump=links and
     --debug-dump=follow) and objdump (--dwarf=links and
     --dwarf=follow-links) will now display and/or follow multiple links if
      more than one are present in a file.  (This usually happens when gcc's
      -gsplit-dwarf option is used). In addition objdump's
      --dwarf=follow-links now also affects its
     other display options, so that for example, when combined with
     --syms it will cause the symbol tables in any linked debug info files to
      also be displayed.  In addition when combined with
     --disassemble the --dwarf= follow-links option will ensure that any
      symbol tables in the linked files are read and used when disassembling
      code in the main file.
   * Add support for dumping types encoded in the Compact Type Format to
     objdump and readelf.

   The following security fixes are addressed by the update:

   - CVE-2021-20197: Fixed a race condition which allows users to own
     arbitrary files (bsc#1181452).
   - CVE-2021-20284: Fixed a heap-based buffer overflow in
     _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
   - CVE-2021-3487: Fixed a denial of service via excessive debug section
     size causing excessive memory consumption in bfd's dwarf2.c
     read_section() (bsc#1184620).
   - CVE-2020-35448: Fixed a heap-based buffer over-read in
     bfd_getl_signed_32() in libbfd.c (bsc#1184794).
   - CVE-2020-16590: Fixed a double free vulnerability in
     process_symbol_table() (bsc#1179898).
   - CVE-2020-16591: Fixed an invalid read in process_symbol_table()
     (bsc#1179899).
   - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup()
     (bsc#1179900).
   - CVE-2020-16593: Fixed a null pointer dereference in
     scan_unit_for_symbols() (bsc#1179901).
   - CVE-2020-16598: Fixed a null pointer dereference in
     debug_get_real_type() (bsc#1179902).
   - CVE-2020-16599: Fixed a null pointer dereference in
     _bfd_elf_get_symbol_version_string() (bsc#1179903)
   - CVE-2020-35493: Fixed heap-based buffer overflow in
     bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file
     (bsc#1180451).
   - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module
     due to not checking return value of bfd_malloc (bsc#1180454).
   - CVE-2020-35507: Fixed a null pointer dereference in
     bfd_pef_parse_function_stubs() (bsc#1180461).
   - CVE-2019-17451: Fixed an integer overflow leading to a SEGV in
     _bfd_dwarf2_find_nearest_line() in dwarf2.c (bsc#1153768).
   - CVE-2019-17450: Fixed a potential denial of service in
     find_abstract_instance() in dwarf2.c (bsc#1153770).
   - CVE-2019-9077: Fixed a heap-based buffer overflow in
     process_mips_specific() in readelf.c via a malformed MIPS option section
     (bsc#1126826).
   - CVE-2019-9075: Fixed a heap-based buffer overflow in
     _bfd_archive_64_bit_slurp_armap() in archive64.c (bsc#1126829).
   - CVE-2019-9074: Fixed a out-of-bounds read leading to a SEGV in
     bfd_getl32() in libbfd.c (bsc#1126831).
   - CVE-2019-12972: Fixed a heap-based buffer over-read in _bfd_doprnt() in
     bfd.c (bsc#1140126).
   - CVE-2019-14444: Fixed an integer overflow apply_relocations() in
     readelf.c (bsc#1143609).
   - CVE-2019-14250: Fixed an integer overflow in simple_object_elf_match()
     in simple-object-elf.c (bsc#1142649).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3593=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3593=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3593=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3593=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3593=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3593=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3593=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3593=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3593=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3593=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3593=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3593=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3593=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1

   - SUSE OpenStack Cloud 9 (x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1

   - SUSE OpenStack Cloud 8 (x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      binutils-gold-2.37-9.39.1
      binutils-gold-debuginfo-2.37-9.39.1
      cross-ppc-binutils-2.37-9.39.1
      cross-ppc-binutils-debuginfo-2.37-9.39.1
      cross-ppc-binutils-debugsource-2.37-9.39.1
      cross-spu-binutils-2.37-9.39.1
      cross-spu-binutils-debuginfo-2.37-9.39.1
      cross-spu-binutils-debugsource-2.37-9.39.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1

   - HPE Helion Openstack 8 (x86_64):

      binutils-2.37-9.39.1
      binutils-debuginfo-2.37-9.39.1
      binutils-debugsource-2.37-9.39.1
      binutils-devel-2.37-9.39.1
      libctf-nobfd0-2.37-9.39.1
      libctf-nobfd0-debuginfo-2.37-9.39.1
      libctf0-2.37-9.39.1
      libctf0-debuginfo-2.37-9.39.1


References:

   https://www.suse.com/security/cve/CVE-2019-12972.html
   https://www.suse.com/security/cve/CVE-2019-14250.html
   https://www.suse.com/security/cve/CVE-2019-14444.html
   https://www.suse.com/security/cve/CVE-2019-17450.html
   https://www.suse.com/security/cve/CVE-2019-17451.html
   https://www.suse.com/security/cve/CVE-2019-9074.html
   https://www.suse.com/security/cve/CVE-2019-9075.html
   https://www.suse.com/security/cve/CVE-2019-9077.html
   https://www.suse.com/security/cve/CVE-2020-16590.html
   https://www.suse.com/security/cve/CVE-2020-16591.html
   https://www.suse.com/security/cve/CVE-2020-16592.html
   https://www.suse.com/security/cve/CVE-2020-16593.html
   https://www.suse.com/security/cve/CVE-2020-16598.html
   https://www.suse.com/security/cve/CVE-2020-16599.html
   https://www.suse.com/security/cve/CVE-2020-35448.html
   https://www.suse.com/security/cve/CVE-2020-35493.html
   https://www.suse.com/security/cve/CVE-2020-35496.html
   https://www.suse.com/security/cve/CVE-2020-35507.html
   https://www.suse.com/security/cve/CVE-2021-20197.html
   https://www.suse.com/security/cve/CVE-2021-20284.html
   https://www.suse.com/security/cve/CVE-2021-3487.html
   https://bugzilla.suse.com/1126826
   https://bugzilla.suse.com/1126829
   https://bugzilla.suse.com/1126831
   https://bugzilla.suse.com/1140126
   https://bugzilla.suse.com/1142649
   https://bugzilla.suse.com/1143609
   https://bugzilla.suse.com/1153768
   https://bugzilla.suse.com/1153770
   https://bugzilla.suse.com/1157755
   https://bugzilla.suse.com/1160254
   https://bugzilla.suse.com/1160590
   https://bugzilla.suse.com/1163333
   https://bugzilla.suse.com/1163744
   https://bugzilla.suse.com/1179036
   https://bugzilla.suse.com/1179341
   https://bugzilla.suse.com/1179898
   https://bugzilla.suse.com/1179899
   https://bugzilla.suse.com/1179900
   https://bugzilla.suse.com/1179901
   https://bugzilla.suse.com/1179902
   https://bugzilla.suse.com/1179903
   https://bugzilla.suse.com/1180451
   https://bugzilla.suse.com/1180454
   https://bugzilla.suse.com/1180461
   https://bugzilla.suse.com/1181452
   https://bugzilla.suse.com/1182252
   https://bugzilla.suse.com/1183511
   https://bugzilla.suse.com/1184620
   https://bugzilla.suse.com/1184794


From sle-updates at lists.suse.com  Wed Nov  3 11:15:03 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 12:15:03 +0100 (CET)
Subject: SUSE-IU-2021:748-1: Security update of
 suse-sles-15-sp3-chost-byos-v20211101-gen2
Message-ID: <20211103111503.50CF8FE06@maintenance.suse.de>

SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20211101-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2021:748-1
Image Tags        : suse-sles-15-sp3-chost-byos-v20211101-gen2:20211101
Image Release     : 
Severity          : important
Type              : security
References        : 1065729 1102408 1134353 1148868 1152489 1154353 1159886 1160242
                        1167773 1170774 1171688 1172670 1172973 1172974 1173746 1174003
                        1176447 1176940 1177028 1178134 1178236 1183070 1183659 1184439
                        1184616 1184804 1184970 1184994 1185016 1185299 1185302 1185405
                        1185524 1185550 1185677 1185726 1185762 1186037 1186260 1186489
                        1186503 1186602 1186910 1187115 1187211 1187224 1187270 1187425
                        1187466 1187470 1187512 1187670 1187704 1187738 1187760 1187774
                        1187911 1188067 1188156 1188282 1188291 1188344 1188418 1188435
                        1188548 1188588 1188651 1188713 1188768 1188921 1188986 1189031
                        1189257 1189297 1189441 1189446 1189454 1189480 1189841 1189841
                        1189884 1189929 1190023 1190052 1190059 1190062 1190115 1190138
                        1190159 1190199 1190358 1190373 1190374 1190406 1190432 1190465
                        1190467 1190523 1190534 1190543 1190544 1190552 1190561 1190576
                        1190595 1190596 1190598 1190598 1190620 1190626 1190645 1190679
                        1190705 1190712 1190717 1190739 1190746 1190758 1190784 1190785
                        1190793 1190815 1190826 1190845 1190850 1190915 1190933 1191015
                        1191019 1191121 1191172 1191193 1191200 1191260 1191292 1191334
                        1191355 1191434 1191480 1191690 1191804 1191922 1191987 CVE-2019-20838
                        CVE-2020-14155 CVE-2020-3702 CVE-2021-22946 CVE-2021-22947 CVE-2021-30465
                        CVE-2021-32760 CVE-2021-33574 CVE-2021-35942 CVE-2021-3669 CVE-2021-3744
                        CVE-2021-3752 CVE-2021-3759 CVE-2021-37600 CVE-2021-3764 CVE-2021-37750
                        CVE-2021-39537 CVE-2021-40490 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092
                        CVE-2021-41103 
-----------------------------------------------------------------

The container suse-sles-15-sp3-chost-byos-v20211101-gen2 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3026-1
Released:    Fri Oct 23 15:35:51 2020
Summary:     Optional update for the Public Cloud Module
Type:        optional
Severity:    moderate
References:  

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:

- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:294-1
Released:    Wed Feb  3 12:54:28 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate
References:  

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3291-1
Released:    Wed Oct  6 16:45:36 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:

- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3298-1
Released:    Wed Oct  6 16:54:52 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1190373,1190374,CVE-2021-22946,CVE-2021-22947
This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3304-1
Released:    Wed Oct  6 18:11:33 2021
Summary:     Recommended update for kdump
Type:        recommended
Severity:    moderate
References:  1172670,1183070,1184616,1186037
This update for kdump fixes the following issues:

- Do not iterate past end of string (bsc#1186037).
- Fix incorrect exit code checking after 'local' with assignment (bsc#1184616).
- Avoid an endless loop when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- Install /etc/resolv.conf using its resolved path (bsc#1183070).
- Make sure that initrd.target.wants directory exists (bsc#1172670).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3310-1
Released:    Wed Oct  6 18:12:41 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1134353,1184994,1188291,1188588,1188713,1189446,1189480
This update for systemd fixes the following issues:

- Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353).
- Multipath: Rules weren't applied to dm devices (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994).
- Remove kernel unsupported single-queue block I/O.
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when updating active udev on sockets restart (bsc#1188291).

- Merge of v246.16, for a complete list of changes, visit:
   https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d

- Drop 1007-tmpfiles-follow-SUSE-policies.patch:
   Since most of the tmpfiles config files shipped by upstream are
   ignored (see previous commit 'Drop most of the tmpfiles that deal
   with generic paths'), this patch is no more relevant.

Additional fixes:
- core: make sure cgroup_oom_queue is flushed on manager exit.
- cgroup: do 'catchup' for unit cgroup inotify watch files.
- journalctl: never fail at flushing when the flushed flag is set (bsc#1188588).
- manager: reexecute on SIGRTMIN+25, user instances only.
- manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446).
- pid1: watchdog modernizations.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3311-1
Released:    Wed Oct  6 18:12:56 2021
Summary:     Recommended update for perl-Bootloader
Type:        recommended
Severity:    moderate
References:  1188768
This update for perl-Bootloader fixes the following issues:

- Report error if config file could not be updated (bsc#1188768).
- Fix typo in update-bootloader.

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:3327-1
Released:    Mon Oct 11 11:44:50 2021
Summary:     Optional update for coreutils
Type:        optional
Severity:    low
References:  1189454
This optional update for coreutils fixes the following issue:

- Provide coreutils documentation, 'coreutils-doc', with 'L2' support level. (bsc#1189454)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3382-1
Released:    Tue Oct 12 14:30:17 2021
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  
This update for ca-certificates-mozilla fixes the following issues:

- A new sub-package for minimal base containers (jsc#SLE-22162)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3387-1
Released:    Tue Oct 12 17:09:16 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1148868,1152489,1154353,1159886,1167773,1170774,1171688,1173746,1174003,1176447,1176940,1177028,1178134,1184439,1184804,1185302,1185550,1185677,1185726,1185762,1187211,1188067,1188418,1188651,1188986,1189257,1189297,1189841,1189884,1190023,1190062,1190115,1190138,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3759,CVE-2021-3764,CVE-2021-40490

The SUSE Linux Enterprise 15 SP3 kernel was updated.

The following security bugs were fixed:

- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).

The following non-security bugs were fixed:

- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: Intel: Fix platform ID matching (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: rt5682: Implement remove callback (git-fixes).
- ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes).
- ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
- bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649).
- bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes).
- bpf: Fix ringbuf helper function compatibility (git-fixes).
- bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- devlink: Clear whole devlink_flash_notify struct (bsc#1176447).
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/ast: Fix missing conversions to managed API (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/i915: Allow the sysadmin to override security mitigations (git-fixes).
- drm/i915/rkl: Remove require_force_probe protection (bsc#1189257).
- drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).
- drm/mgag200: Select clock in PLL update functions (git-fixes).
- drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes).
- drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- enetc: Fix uninitialized struct dim_sample field usage (git-fixes).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: improve locking of mac_filter_hash (jsc#SLE-13701).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878).
- ice: do not remove netdev->dev_addr from uc sync list (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ionic: drop useless check of PCI driver data validity (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes).
- libbpf: Fix the possible memory leak on error (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).
- misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes).
- net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme-multipath: revalidate paths during rescan (bsc#1187211).
- nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
- optee: Fix memory leak when failing to register shm pages (git-fixes).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777).
- RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175).
- RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).
- RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576).
- selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes).
- selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes).
- selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes).
- selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3411-1
Released:    Wed Oct 13 10:42:25 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1191019
This update for lvm2 fixes the following issues:

- Do not crash vgextend when extending VG with missing PV. (bsc#1191019)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3413-1
Released:    Wed Oct 13 10:50:45 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1189441,1189841,1190598
This update for suse-module-tools fixes the following issues:

- Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598)
- Fixed an issue where initrd was not always rebuilding after installing
  any kernel-*-extra package (bsc#1189441)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3445-1
Released:    Fri Oct 15 09:03:39 2021
Summary:     Security update for rpm
Type:        security
Severity:    important
References:  1183659,1185299,1187670,1188548
This update for rpm fixes the following issues:

Security issues fixed:

- PGP hardening changes (bsc#1185299)

Maintaince issues fixed:

- Fixed zstd detection (bsc#1187670)
- Added ndb rofs support (bsc#1188548)
- Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3454-1
Released:    Mon Oct 18 09:29:26 2021
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1189929,CVE-2021-37750
This update for krb5 fixes the following issues:

- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3474-1
Released:    Wed Oct 20 08:41:31 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3479-1
Released:    Wed Oct 20 11:23:45 2021
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1184970,1186260,1187115,1187470,1187774,1190845
This update for dracut fixes the following issues:

- Fix usage information for -f parameter. (bsc#1187470)
- Fix obsolete reference to 96insmodpost in manpage. (bsc#1187774)
- Remove references to INITRD_MODULES. (bsc#1187115)
- Multipath FCoE configurations may not boot when using only one path. (bsc#1186260)
- Adjust path for SUSE: /var/lib/nfs/statd/sm to /var/lib/nfs/sm. (bsc#1184970)
- Systemd coredump unit files are missing in initrd. (1190845)
- Use $kernel rather than $(uname -r).
- Exclude modules that are built-in.
- Restore INITRD_MODULES in mkinitrd script.
- Call dracut_instmods with hostonly.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:10 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3501-1
Released:    Fri Oct 22 10:42:46 2021
Summary:     Recommended update for libzypp, zypper, libsolv, protobuf
Type:        recommended
Severity:    moderate
References:  1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3506-1
Released:    Mon Oct 25 10:20:22 2021
Summary:     Security update for containerd, docker, runc
Type:        security
Severity:    important
References:  1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434,CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103
This update for containerd, docker, runc fixes the following issues:

Docker was updated to 20.10.9-ce. (bsc#1191355)

See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. 

  CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103

container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355

- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)

- Install systemd service file as well (bsc#1190826)

Update to runc v1.0.2. Upstream changelog is available from

  https://github.com/opencontainers/runc/releases/tag/v1.0.2

* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the 'adding seccomp filter
  rule for syscall ...' error, caused by redundant seccomp rules (i.e. those
  that has action equal to the default one). Such redundant rules are now
  skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
  harmful 'failed to decode ...' errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
  frozen before Set, and add a setting to skip such freeze unconditionally.
  The previous fix for that issue, done in runc 1.0.1, was not working.

Update to runc v1.0.1. Upstream changelog is available from

https://github.com/opencontainers/runc/releases/tag/v1.0.1

* Fixed occasional runc exec/run failure ('interrupted system call') on an
  Azure volume.
* Fixed 'unable to find groups ... token too long' error with /etc/group
  containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
  frozen. This is a regression in 1.0.0, not affecting runc itself but some
  of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
  permission error when handling replacement of existing bpf cgroup
  programs. This fixes a regression in 1.0.0, where some SELinux
  policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704

Update to runc v1.0.0. Upstream changelog is available from

https://github.com/opencontainers/runc/releases/tag/v1.0.0

! The usage of relative paths for mountpoints will now produce a warning
  (such configurations are outside of the spec, and in future runc will
  produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
  results with cgroupv1, and always clobber any existing eBPF
  program(s) to fix runc update and avoid leaking eBPF programs
  (resulting in errors when managing containers).
* cgroupv2: correctly convert 'number of IOs' statistics in a
  cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
  code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94
* cgroups/systemd: fixed returning 'unit already exists' error from a systemd
  cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make 'runc --version' output sane even when built with go get or
  otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
  cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.

Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95

This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). (bsc#1185405)

Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94

Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
  been effectively deprecated by the kernel. Users should make use of regular
  memory cgroup controls.

Regression Fixes:

* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix 'chdir to cwd: permission denied' for some setups

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3509-1
Released:    Tue Oct 26 09:47:40 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1191200,1191260,1191480,1191804,1191922
This update for suse-module-tools fixes the following issues:

Update to version 15.3.13:

- Fix bad exit status in openQA. (bsc#1191922)
- Ignore kernel keyring for kernel certificates. (bsc#1191480)
- Deal with existing certificates that should be de-enrolled. (bsc#1191804)
- Don't pass existing files to weak-modules2. (bsc#1191200)
- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3538-1
Released:    Wed Oct 27 10:40:32 2021
Summary:     Recommended update for iproute2
Type:        recommended
Severity:    moderate
References:  1160242
This update for iproute2 fixes the following issues:

- Follow-up fixes backported from upstream. (bsc#1160242)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3545-1
Released:    Wed Oct 27 14:46:39 2021
Summary:     Recommended update for less
Type:        recommended
Severity:    low
References:  1190552
This update for less fixes the following issues:

- Add missing runtime dependency on package 'which', that is used by
  lessopen.sh (bsc#1190552)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3564-1
Released:    Wed Oct 27 16:12:08 2021
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    moderate
References:  1190850
This update for rpm-config-SUSE fixes the following issues:

- Support ZSTD compressed kernel modules. (bsc#1190850)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3581-1
Released:    Fri Oct 29 16:09:23 2021
Summary:     Recommended update for SUSEConnect
Type:        recommended
Severity:    important
References:  
This update for SUSEConnect contains the following fix:

- Update to 0.3.32:
  - Allow --regcode and --instance-data attributes at the same time. (jsc#PCT-164)
  - Document that 'debug' can also get set in the config file
  - --status will also print the subscription name

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3589-1
Released:    Mon Nov  1 19:27:52 2021
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1191690
This update for apparmor fixes the following issues:

- Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)


The following package changes have been done:

- SUSEConnect-0.3.32-16.1 updated
- apparmor-parser-2.13.6-3.3.1 updated
- ca-certificates-mozilla-2.44-21.1 updated
- containerd-ctr-1.4.11-56.1 updated
- containerd-1.4.11-56.1 updated
- coreutils-8.32-3.2.1 updated
- curl-7.66.0-4.27.1 updated
- docker-20.10.9_ce-156.1 updated
- dracut-049.1+suse.209.gebcf4f33-3.40.1 updated
- glibc-locale-base-2.31-9.3.2 updated
- glibc-locale-2.31-9.3.2 updated
- glibc-2.31-9.3.2 updated
- iproute2-5.3-5.5.1 updated
- kdump-0.9.0-18.3.1 updated
- kernel-default-5.3.18-59.27.1 updated
- krb5-1.16.3-3.24.1 updated
- less-530-3.3.2 updated
- libapparmor1-2.13.6-3.3.1 updated
- libaugeas0-1.10.1-3.3.1 updated
- libblkid1-2.36.2-4.5.1 updated
- libcurl4-7.66.0-4.27.1 updated
- libdevmapper1_03-1.02.163-8.36.1 updated
- libfdisk1-2.36.2-4.5.1 updated
- libmount1-2.36.2-4.5.1 updated
- libncurses6-6.1-5.9.1 updated
- libpcre1-8.45-20.10.1 updated
- libprotobuf-lite20-3.9.2-4.9.1 added
- libsmartcols1-2.36.2-4.5.1 updated
- libsolv-tools-0.7.20-9.2 updated
- libsystemd0-246.16-7.14.1 updated
- libudev1-246.16-7.14.1 updated
- libuuid1-2.36.2-4.5.1 updated
- libzypp-17.28.5-15.2 updated
- ncurses-utils-6.1-5.9.1 updated
- pam-1.3.0-6.50.1 updated
- perl-Bootloader-0.936-3.3.1 updated
- rpm-config-SUSE-1-5.3.1 updated
- rpm-ndb-4.14.3-40.1 updated
- runc-1.0.2-23.1 updated
- suse-module-tools-15.3.13-3.11.1 updated
- systemd-sysvinit-246.16-7.14.1 updated
- systemd-246.16-7.14.1 updated
- terminfo-base-6.1-5.9.1 updated
- terminfo-6.1-5.9.1 updated
- udev-246.16-7.14.1 updated
- util-linux-systemd-2.36.2-4.5.1 updated
- util-linux-2.36.2-4.5.1 updated
- zypper-1.14.49-16.1 updated

From sle-updates at lists.suse.com  Wed Nov  3 11:15:53 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 12:15:53 +0100 (CET)
Subject: SUSE-IU-2021:749-1: Security update of
 suse-sles-15-sp3-chost-byos-v20211101-hvm-ssd-x86_64
Message-ID: <20211103111553.6B59AFDA4@maintenance.suse.de>

SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20211101-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2021:749-1
Image Tags        : suse-sles-15-sp3-chost-byos-v20211101-hvm-ssd-x86_64:20211101
Image Release     : 
Severity          : important
Type              : security
References        : 1065729 1102408 1134353 1148868 1152489 1154353 1159886 1160242
                        1167773 1170774 1171688 1172670 1172973 1172974 1173746 1174003
                        1176447 1176940 1177028 1178134 1178236 1183070 1183659 1184439
                        1184616 1184804 1184970 1184994 1185016 1185299 1185302 1185405
                        1185524 1185550 1185677 1185726 1185762 1186037 1186260 1186489
                        1186503 1186602 1186910 1187115 1187211 1187224 1187270 1187425
                        1187466 1187470 1187512 1187670 1187704 1187738 1187760 1187774
                        1187911 1188067 1188156 1188282 1188291 1188344 1188418 1188435
                        1188548 1188588 1188651 1188713 1188768 1188921 1188986 1189031
                        1189257 1189297 1189441 1189446 1189454 1189480 1189841 1189841
                        1189884 1189929 1190023 1190052 1190059 1190062 1190115 1190138
                        1190159 1190199 1190358 1190373 1190374 1190406 1190432 1190465
                        1190467 1190523 1190534 1190543 1190544 1190552 1190561 1190576
                        1190595 1190596 1190598 1190598 1190620 1190626 1190645 1190679
                        1190705 1190712 1190717 1190739 1190746 1190758 1190784 1190785
                        1190793 1190815 1190826 1190845 1190850 1190915 1190933 1191015
                        1191019 1191121 1191172 1191193 1191200 1191260 1191292 1191334
                        1191355 1191434 1191480 1191690 1191804 1191922 1191987 CVE-2019-20838
                        CVE-2020-14155 CVE-2020-3702 CVE-2021-22946 CVE-2021-22947 CVE-2021-30465
                        CVE-2021-32760 CVE-2021-33574 CVE-2021-35942 CVE-2021-3669 CVE-2021-3744
                        CVE-2021-3752 CVE-2021-3759 CVE-2021-37600 CVE-2021-3764 CVE-2021-37750
                        CVE-2021-39537 CVE-2021-40490 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092
                        CVE-2021-41103 
-----------------------------------------------------------------

The container suse-sles-15-sp3-chost-byos-v20211101-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3026-1
Released:    Fri Oct 23 15:35:51 2020
Summary:     Optional update for the Public Cloud Module
Type:        optional
Severity:    moderate
References:  

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:

- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:294-1
Released:    Wed Feb  3 12:54:28 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate
References:  

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3291-1
Released:    Wed Oct  6 16:45:36 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:

- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3298-1
Released:    Wed Oct  6 16:54:52 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1190373,1190374,CVE-2021-22946,CVE-2021-22947
This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3304-1
Released:    Wed Oct  6 18:11:33 2021
Summary:     Recommended update for kdump
Type:        recommended
Severity:    moderate
References:  1172670,1183070,1184616,1186037
This update for kdump fixes the following issues:

- Do not iterate past end of string (bsc#1186037).
- Fix incorrect exit code checking after 'local' with assignment (bsc#1184616).
- Avoid an endless loop when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- Install /etc/resolv.conf using its resolved path (bsc#1183070).
- Make sure that initrd.target.wants directory exists (bsc#1172670).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3310-1
Released:    Wed Oct  6 18:12:41 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1134353,1184994,1188291,1188588,1188713,1189446,1189480
This update for systemd fixes the following issues:

- Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353).
- Multipath: Rules weren't applied to dm devices (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994).
- Remove kernel unsupported single-queue block I/O.
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when updating active udev on sockets restart (bsc#1188291).

- Merge of v246.16, for a complete list of changes, visit:
   https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d

- Drop 1007-tmpfiles-follow-SUSE-policies.patch:
   Since most of the tmpfiles config files shipped by upstream are
   ignored (see previous commit 'Drop most of the tmpfiles that deal
   with generic paths'), this patch is no more relevant.

Additional fixes:
- core: make sure cgroup_oom_queue is flushed on manager exit.
- cgroup: do 'catchup' for unit cgroup inotify watch files.
- journalctl: never fail at flushing when the flushed flag is set (bsc#1188588).
- manager: reexecute on SIGRTMIN+25, user instances only.
- manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446).
- pid1: watchdog modernizations.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3311-1
Released:    Wed Oct  6 18:12:56 2021
Summary:     Recommended update for perl-Bootloader
Type:        recommended
Severity:    moderate
References:  1188768
This update for perl-Bootloader fixes the following issues:

- Report error if config file could not be updated (bsc#1188768).
- Fix typo in update-bootloader.

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:3327-1
Released:    Mon Oct 11 11:44:50 2021
Summary:     Optional update for coreutils
Type:        optional
Severity:    low
References:  1189454
This optional update for coreutils fixes the following issue:

- Provide coreutils documentation, 'coreutils-doc', with 'L2' support level. (bsc#1189454)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3382-1
Released:    Tue Oct 12 14:30:17 2021
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  
This update for ca-certificates-mozilla fixes the following issues:

- A new sub-package for minimal base containers (jsc#SLE-22162)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3387-1
Released:    Tue Oct 12 17:09:16 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1148868,1152489,1154353,1159886,1167773,1170774,1171688,1173746,1174003,1176447,1176940,1177028,1178134,1184439,1184804,1185302,1185550,1185677,1185726,1185762,1187211,1188067,1188418,1188651,1188986,1189257,1189297,1189841,1189884,1190023,1190062,1190115,1190138,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3759,CVE-2021-3764,CVE-2021-40490

The SUSE Linux Enterprise 15 SP3 kernel was updated.

The following security bugs were fixed:

- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).

The following non-security bugs were fixed:

- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: Intel: Fix platform ID matching (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: rt5682: Implement remove callback (git-fixes).
- ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes).
- ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
- bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649).
- bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes).
- bpf: Fix ringbuf helper function compatibility (git-fixes).
- bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- devlink: Clear whole devlink_flash_notify struct (bsc#1176447).
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/ast: Fix missing conversions to managed API (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/i915: Allow the sysadmin to override security mitigations (git-fixes).
- drm/i915/rkl: Remove require_force_probe protection (bsc#1189257).
- drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).
- drm/mgag200: Select clock in PLL update functions (git-fixes).
- drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes).
- drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- enetc: Fix uninitialized struct dim_sample field usage (git-fixes).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: improve locking of mac_filter_hash (jsc#SLE-13701).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878).
- ice: do not remove netdev->dev_addr from uc sync list (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ionic: drop useless check of PCI driver data validity (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes).
- libbpf: Fix the possible memory leak on error (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).
- misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes).
- net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme-multipath: revalidate paths during rescan (bsc#1187211).
- nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
- optee: Fix memory leak when failing to register shm pages (git-fixes).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777).
- RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175).
- RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).
- RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576).
- selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes).
- selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes).
- selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes).
- selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3411-1
Released:    Wed Oct 13 10:42:25 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1191019
This update for lvm2 fixes the following issues:

- Do not crash vgextend when extending VG with missing PV. (bsc#1191019)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3413-1
Released:    Wed Oct 13 10:50:45 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1189441,1189841,1190598
This update for suse-module-tools fixes the following issues:

- Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598)
- Fixed an issue where initrd was not always rebuilding after installing
  any kernel-*-extra package (bsc#1189441)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3445-1
Released:    Fri Oct 15 09:03:39 2021
Summary:     Security update for rpm
Type:        security
Severity:    important
References:  1183659,1185299,1187670,1188548
This update for rpm fixes the following issues:

Security issues fixed:

- PGP hardening changes (bsc#1185299)

Maintaince issues fixed:

- Fixed zstd detection (bsc#1187670)
- Added ndb rofs support (bsc#1188548)
- Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3454-1
Released:    Mon Oct 18 09:29:26 2021
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1189929,CVE-2021-37750
This update for krb5 fixes the following issues:

- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3474-1
Released:    Wed Oct 20 08:41:31 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3479-1
Released:    Wed Oct 20 11:23:45 2021
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1184970,1186260,1187115,1187470,1187774,1190845
This update for dracut fixes the following issues:

- Fix usage information for -f parameter. (bsc#1187470)
- Fix obsolete reference to 96insmodpost in manpage. (bsc#1187774)
- Remove references to INITRD_MODULES. (bsc#1187115)
- Multipath FCoE configurations may not boot when using only one path. (bsc#1186260)
- Adjust path for SUSE: /var/lib/nfs/statd/sm to /var/lib/nfs/sm. (bsc#1184970)
- Systemd coredump unit files are missing in initrd. (1190845)
- Use $kernel rather than $(uname -r).
- Exclude modules that are built-in.
- Restore INITRD_MODULES in mkinitrd script.
- Call dracut_instmods with hostonly.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:10 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3501-1
Released:    Fri Oct 22 10:42:46 2021
Summary:     Recommended update for libzypp, zypper, libsolv, protobuf
Type:        recommended
Severity:    moderate
References:  1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3506-1
Released:    Mon Oct 25 10:20:22 2021
Summary:     Security update for containerd, docker, runc
Type:        security
Severity:    important
References:  1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434,CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103
This update for containerd, docker, runc fixes the following issues:

Docker was updated to 20.10.9-ce. (bsc#1191355)

See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. 

  CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103

container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355

- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)

- Install systemd service file as well (bsc#1190826)

Update to runc v1.0.2. Upstream changelog is available from

  https://github.com/opencontainers/runc/releases/tag/v1.0.2

* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the 'adding seccomp filter
  rule for syscall ...' error, caused by redundant seccomp rules (i.e. those
  that has action equal to the default one). Such redundant rules are now
  skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
  harmful 'failed to decode ...' errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
  frozen before Set, and add a setting to skip such freeze unconditionally.
  The previous fix for that issue, done in runc 1.0.1, was not working.

Update to runc v1.0.1. Upstream changelog is available from

https://github.com/opencontainers/runc/releases/tag/v1.0.1

* Fixed occasional runc exec/run failure ('interrupted system call') on an
  Azure volume.
* Fixed 'unable to find groups ... token too long' error with /etc/group
  containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
  frozen. This is a regression in 1.0.0, not affecting runc itself but some
  of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
  permission error when handling replacement of existing bpf cgroup
  programs. This fixes a regression in 1.0.0, where some SELinux
  policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704

Update to runc v1.0.0. Upstream changelog is available from

https://github.com/opencontainers/runc/releases/tag/v1.0.0

! The usage of relative paths for mountpoints will now produce a warning
  (such configurations are outside of the spec, and in future runc will
  produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
  results with cgroupv1, and always clobber any existing eBPF
  program(s) to fix runc update and avoid leaking eBPF programs
  (resulting in errors when managing containers).
* cgroupv2: correctly convert 'number of IOs' statistics in a
  cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
  code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94
* cgroups/systemd: fixed returning 'unit already exists' error from a systemd
  cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make 'runc --version' output sane even when built with go get or
  otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
  cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.

Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95

This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). (bsc#1185405)

Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94

Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
  been effectively deprecated by the kernel. Users should make use of regular
  memory cgroup controls.

Regression Fixes:

* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix 'chdir to cwd: permission denied' for some setups

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3509-1
Released:    Tue Oct 26 09:47:40 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1191200,1191260,1191480,1191804,1191922
This update for suse-module-tools fixes the following issues:

Update to version 15.3.13:

- Fix bad exit status in openQA. (bsc#1191922)
- Ignore kernel keyring for kernel certificates. (bsc#1191480)
- Deal with existing certificates that should be de-enrolled. (bsc#1191804)
- Don't pass existing files to weak-modules2. (bsc#1191200)
- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3538-1
Released:    Wed Oct 27 10:40:32 2021
Summary:     Recommended update for iproute2
Type:        recommended
Severity:    moderate
References:  1160242
This update for iproute2 fixes the following issues:

- Follow-up fixes backported from upstream. (bsc#1160242)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3545-1
Released:    Wed Oct 27 14:46:39 2021
Summary:     Recommended update for less
Type:        recommended
Severity:    low
References:  1190552
This update for less fixes the following issues:

- Add missing runtime dependency on package 'which', that is used by
  lessopen.sh (bsc#1190552)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3564-1
Released:    Wed Oct 27 16:12:08 2021
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    moderate
References:  1190850
This update for rpm-config-SUSE fixes the following issues:

- Support ZSTD compressed kernel modules. (bsc#1190850)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3581-1
Released:    Fri Oct 29 16:09:23 2021
Summary:     Recommended update for SUSEConnect
Type:        recommended
Severity:    important
References:  
This update for SUSEConnect contains the following fix:

- Update to 0.3.32:
  - Allow --regcode and --instance-data attributes at the same time. (jsc#PCT-164)
  - Document that 'debug' can also get set in the config file
  - --status will also print the subscription name

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3589-1
Released:    Mon Nov  1 19:27:52 2021
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1191690
This update for apparmor fixes the following issues:

- Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)


The following package changes have been done:

- SUSEConnect-0.3.32-16.1 updated
- apparmor-parser-2.13.6-3.3.1 updated
- ca-certificates-mozilla-2.44-21.1 updated
- containerd-ctr-1.4.11-56.1 updated
- containerd-1.4.11-56.1 updated
- coreutils-8.32-3.2.1 updated
- curl-7.66.0-4.27.1 updated
- docker-20.10.9_ce-156.1 updated
- dracut-049.1+suse.209.gebcf4f33-3.40.1 updated
- glibc-locale-base-2.31-9.3.2 updated
- glibc-locale-2.31-9.3.2 updated
- glibc-2.31-9.3.2 updated
- iproute2-5.3-5.5.1 updated
- kdump-0.9.0-18.3.1 updated
- kernel-default-5.3.18-59.27.1 updated
- krb5-1.16.3-3.24.1 updated
- less-530-3.3.2 updated
- libapparmor1-2.13.6-3.3.1 updated
- libaugeas0-1.10.1-3.3.1 updated
- libblkid1-2.36.2-4.5.1 updated
- libcurl4-7.66.0-4.27.1 updated
- libdevmapper1_03-1.02.163-8.36.1 updated
- libfdisk1-2.36.2-4.5.1 updated
- libmount1-2.36.2-4.5.1 updated
- libncurses6-6.1-5.9.1 updated
- libpcre1-8.45-20.10.1 updated
- libprotobuf-lite20-3.9.2-4.9.1 added
- libsmartcols1-2.36.2-4.5.1 updated
- libsolv-tools-0.7.20-9.2 updated
- libsystemd0-246.16-7.14.1 updated
- libudev1-246.16-7.14.1 updated
- libuuid1-2.36.2-4.5.1 updated
- libzypp-17.28.5-15.2 updated
- ncurses-utils-6.1-5.9.1 updated
- pam-1.3.0-6.50.1 updated
- perl-Bootloader-0.936-3.3.1 updated
- rpm-config-SUSE-1-5.3.1 updated
- rpm-ndb-4.14.3-40.1 updated
- runc-1.0.2-23.1 updated
- suse-module-tools-15.3.13-3.11.1 updated
- systemd-sysvinit-246.16-7.14.1 updated
- systemd-246.16-7.14.1 updated
- terminfo-base-6.1-5.9.1 updated
- terminfo-6.1-5.9.1 updated
- udev-246.16-7.14.1 updated
- util-linux-systemd-2.36.2-4.5.1 updated
- util-linux-2.36.2-4.5.1 updated
- zypper-1.14.49-16.1 updated

From sle-updates at lists.suse.com  Wed Nov  3 11:16:57 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 12:16:57 +0100 (CET)
Subject: SUSE-IU-2021:750-1: Security update of
 sles-15-sp3-chost-byos-v20211101
Message-ID: <20211103111657.83622FDA4@maintenance.suse.de>

SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20211101
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2021:750-1
Image Tags        : sles-15-sp3-chost-byos-v20211101:20211101
Image Release     : 
Severity          : important
Type              : security
References        : 1065729 1102408 1134353 1148868 1152489 1154353 1159886 1160242
                        1167773 1170774 1171688 1172670 1172973 1172974 1173746 1174003
                        1176447 1176940 1177028 1178134 1178236 1183070 1183659 1184439
                        1184616 1184804 1184970 1184994 1185016 1185299 1185302 1185405
                        1185524 1185550 1185677 1185726 1185762 1186037 1186260 1186489
                        1186503 1186602 1186910 1187115 1187211 1187224 1187270 1187425
                        1187466 1187470 1187512 1187670 1187704 1187738 1187760 1187774
                        1187911 1188067 1188156 1188282 1188291 1188344 1188418 1188435
                        1188548 1188588 1188651 1188713 1188768 1188921 1188986 1189031
                        1189257 1189297 1189441 1189446 1189454 1189480 1189841 1189841
                        1189884 1189929 1190023 1190052 1190059 1190062 1190115 1190138
                        1190159 1190199 1190358 1190373 1190374 1190406 1190432 1190465
                        1190467 1190523 1190534 1190543 1190544 1190552 1190561 1190576
                        1190595 1190596 1190598 1190598 1190620 1190626 1190645 1190679
                        1190705 1190712 1190717 1190739 1190746 1190758 1190784 1190785
                        1190793 1190815 1190826 1190845 1190850 1190915 1190933 1191015
                        1191019 1191121 1191172 1191193 1191200 1191260 1191292 1191334
                        1191355 1191434 1191480 1191690 1191804 1191922 1191987 CVE-2019-20838
                        CVE-2020-14155 CVE-2020-3702 CVE-2021-22946 CVE-2021-22947 CVE-2021-30465
                        CVE-2021-32760 CVE-2021-33574 CVE-2021-35942 CVE-2021-3669 CVE-2021-3744
                        CVE-2021-3752 CVE-2021-3759 CVE-2021-37600 CVE-2021-3764 CVE-2021-37750
                        CVE-2021-39537 CVE-2021-40490 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092
                        CVE-2021-41103 
-----------------------------------------------------------------

The container sles-15-sp3-chost-byos-v20211101 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3026-1
Released:    Fri Oct 23 15:35:51 2020
Summary:     Optional update for the Public Cloud Module
Type:        optional
Severity:    moderate
References:  

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:

- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:294-1
Released:    Wed Feb  3 12:54:28 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate
References:  

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3291-1
Released:    Wed Oct  6 16:45:36 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:

- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3298-1
Released:    Wed Oct  6 16:54:52 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1190373,1190374,CVE-2021-22946,CVE-2021-22947
This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3304-1
Released:    Wed Oct  6 18:11:33 2021
Summary:     Recommended update for kdump
Type:        recommended
Severity:    moderate
References:  1172670,1183070,1184616,1186037
This update for kdump fixes the following issues:

- Do not iterate past end of string (bsc#1186037).
- Fix incorrect exit code checking after 'local' with assignment (bsc#1184616).
- Avoid an endless loop when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- Install /etc/resolv.conf using its resolved path (bsc#1183070).
- Make sure that initrd.target.wants directory exists (bsc#1172670).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3310-1
Released:    Wed Oct  6 18:12:41 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1134353,1184994,1188291,1188588,1188713,1189446,1189480
This update for systemd fixes the following issues:

- Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353).
- Multipath: Rules weren't applied to dm devices (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994).
- Remove kernel unsupported single-queue block I/O.
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when updating active udev on sockets restart (bsc#1188291).

- Merge of v246.16, for a complete list of changes, visit:
   https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d

- Drop 1007-tmpfiles-follow-SUSE-policies.patch:
   Since most of the tmpfiles config files shipped by upstream are
   ignored (see previous commit 'Drop most of the tmpfiles that deal
   with generic paths'), this patch is no more relevant.

Additional fixes:
- core: make sure cgroup_oom_queue is flushed on manager exit.
- cgroup: do 'catchup' for unit cgroup inotify watch files.
- journalctl: never fail at flushing when the flushed flag is set (bsc#1188588).
- manager: reexecute on SIGRTMIN+25, user instances only.
- manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446).
- pid1: watchdog modernizations.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3311-1
Released:    Wed Oct  6 18:12:56 2021
Summary:     Recommended update for perl-Bootloader
Type:        recommended
Severity:    moderate
References:  1188768
This update for perl-Bootloader fixes the following issues:

- Report error if config file could not be updated (bsc#1188768).
- Fix typo in update-bootloader.

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:3327-1
Released:    Mon Oct 11 11:44:50 2021
Summary:     Optional update for coreutils
Type:        optional
Severity:    low
References:  1189454
This optional update for coreutils fixes the following issue:

- Provide coreutils documentation, 'coreutils-doc', with 'L2' support level. (bsc#1189454)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3382-1
Released:    Tue Oct 12 14:30:17 2021
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  
This update for ca-certificates-mozilla fixes the following issues:

- A new sub-package for minimal base containers (jsc#SLE-22162)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3387-1
Released:    Tue Oct 12 17:09:16 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1148868,1152489,1154353,1159886,1167773,1170774,1171688,1173746,1174003,1176447,1176940,1177028,1178134,1184439,1184804,1185302,1185550,1185677,1185726,1185762,1187211,1188067,1188418,1188651,1188986,1189257,1189297,1189841,1189884,1190023,1190062,1190115,1190138,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3759,CVE-2021-3764,CVE-2021-40490

The SUSE Linux Enterprise 15 SP3 kernel was updated.

The following security bugs were fixed:

- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).

The following non-security bugs were fixed:

- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: Intel: Fix platform ID matching (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: rt5682: Implement remove callback (git-fixes).
- ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes).
- ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
- bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649).
- bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes).
- bpf: Fix ringbuf helper function compatibility (git-fixes).
- bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- devlink: Clear whole devlink_flash_notify struct (bsc#1176447).
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/ast: Fix missing conversions to managed API (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/i915: Allow the sysadmin to override security mitigations (git-fixes).
- drm/i915/rkl: Remove require_force_probe protection (bsc#1189257).
- drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).
- drm/mgag200: Select clock in PLL update functions (git-fixes).
- drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes).
- drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- enetc: Fix uninitialized struct dim_sample field usage (git-fixes).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: improve locking of mac_filter_hash (jsc#SLE-13701).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878).
- ice: do not remove netdev->dev_addr from uc sync list (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ionic: drop useless check of PCI driver data validity (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes).
- libbpf: Fix the possible memory leak on error (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).
- misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes).
- net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme-multipath: revalidate paths during rescan (bsc#1187211).
- nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
- optee: Fix memory leak when failing to register shm pages (git-fixes).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777).
- RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175).
- RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).
- RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576).
- selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes).
- selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes).
- selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes).
- selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3411-1
Released:    Wed Oct 13 10:42:25 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1191019
This update for lvm2 fixes the following issues:

- Do not crash vgextend when extending VG with missing PV. (bsc#1191019)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3413-1
Released:    Wed Oct 13 10:50:45 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1189441,1189841,1190598
This update for suse-module-tools fixes the following issues:

- Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598)
- Fixed an issue where initrd was not always rebuilding after installing
  any kernel-*-extra package (bsc#1189441)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3445-1
Released:    Fri Oct 15 09:03:39 2021
Summary:     Security update for rpm
Type:        security
Severity:    important
References:  1183659,1185299,1187670,1188548
This update for rpm fixes the following issues:

Security issues fixed:

- PGP hardening changes (bsc#1185299)

Maintaince issues fixed:

- Fixed zstd detection (bsc#1187670)
- Added ndb rofs support (bsc#1188548)
- Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3454-1
Released:    Mon Oct 18 09:29:26 2021
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1189929,CVE-2021-37750
This update for krb5 fixes the following issues:

- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3474-1
Released:    Wed Oct 20 08:41:31 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3479-1
Released:    Wed Oct 20 11:23:45 2021
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1184970,1186260,1187115,1187470,1187774,1190845
This update for dracut fixes the following issues:

- Fix usage information for -f parameter. (bsc#1187470)
- Fix obsolete reference to 96insmodpost in manpage. (bsc#1187774)
- Remove references to INITRD_MODULES. (bsc#1187115)
- Multipath FCoE configurations may not boot when using only one path. (bsc#1186260)
- Adjust path for SUSE: /var/lib/nfs/statd/sm to /var/lib/nfs/sm. (bsc#1184970)
- Systemd coredump unit files are missing in initrd. (1190845)
- Use $kernel rather than $(uname -r).
- Exclude modules that are built-in.
- Restore INITRD_MODULES in mkinitrd script.
- Call dracut_instmods with hostonly.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:10 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3501-1
Released:    Fri Oct 22 10:42:46 2021
Summary:     Recommended update for libzypp, zypper, libsolv, protobuf
Type:        recommended
Severity:    moderate
References:  1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3506-1
Released:    Mon Oct 25 10:20:22 2021
Summary:     Security update for containerd, docker, runc
Type:        security
Severity:    important
References:  1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434,CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103
This update for containerd, docker, runc fixes the following issues:

Docker was updated to 20.10.9-ce. (bsc#1191355)

See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. 

  CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103

container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355

- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)

- Install systemd service file as well (bsc#1190826)

Update to runc v1.0.2. Upstream changelog is available from

  https://github.com/opencontainers/runc/releases/tag/v1.0.2

* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the 'adding seccomp filter
  rule for syscall ...' error, caused by redundant seccomp rules (i.e. those
  that has action equal to the default one). Such redundant rules are now
  skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
  harmful 'failed to decode ...' errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
  frozen before Set, and add a setting to skip such freeze unconditionally.
  The previous fix for that issue, done in runc 1.0.1, was not working.

Update to runc v1.0.1. Upstream changelog is available from

https://github.com/opencontainers/runc/releases/tag/v1.0.1

* Fixed occasional runc exec/run failure ('interrupted system call') on an
  Azure volume.
* Fixed 'unable to find groups ... token too long' error with /etc/group
  containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
  frozen. This is a regression in 1.0.0, not affecting runc itself but some
  of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
  permission error when handling replacement of existing bpf cgroup
  programs. This fixes a regression in 1.0.0, where some SELinux
  policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704

Update to runc v1.0.0. Upstream changelog is available from

https://github.com/opencontainers/runc/releases/tag/v1.0.0

! The usage of relative paths for mountpoints will now produce a warning
  (such configurations are outside of the spec, and in future runc will
  produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
  results with cgroupv1, and always clobber any existing eBPF
  program(s) to fix runc update and avoid leaking eBPF programs
  (resulting in errors when managing containers).
* cgroupv2: correctly convert 'number of IOs' statistics in a
  cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
  code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94
* cgroups/systemd: fixed returning 'unit already exists' error from a systemd
  cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make 'runc --version' output sane even when built with go get or
  otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
  cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.

Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95

This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). (bsc#1185405)

Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94

Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
  been effectively deprecated by the kernel. Users should make use of regular
  memory cgroup controls.

Regression Fixes:

* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix 'chdir to cwd: permission denied' for some setups

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3509-1
Released:    Tue Oct 26 09:47:40 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1191200,1191260,1191480,1191804,1191922
This update for suse-module-tools fixes the following issues:

Update to version 15.3.13:

- Fix bad exit status in openQA. (bsc#1191922)
- Ignore kernel keyring for kernel certificates. (bsc#1191480)
- Deal with existing certificates that should be de-enrolled. (bsc#1191804)
- Don't pass existing files to weak-modules2. (bsc#1191200)
- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3538-1
Released:    Wed Oct 27 10:40:32 2021
Summary:     Recommended update for iproute2
Type:        recommended
Severity:    moderate
References:  1160242
This update for iproute2 fixes the following issues:

- Follow-up fixes backported from upstream. (bsc#1160242)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3545-1
Released:    Wed Oct 27 14:46:39 2021
Summary:     Recommended update for less
Type:        recommended
Severity:    low
References:  1190552
This update for less fixes the following issues:

- Add missing runtime dependency on package 'which', that is used by
  lessopen.sh (bsc#1190552)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3564-1
Released:    Wed Oct 27 16:12:08 2021
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    moderate
References:  1190850
This update for rpm-config-SUSE fixes the following issues:

- Support ZSTD compressed kernel modules. (bsc#1190850)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3581-1
Released:    Fri Oct 29 16:09:23 2021
Summary:     Recommended update for SUSEConnect
Type:        recommended
Severity:    important
References:  
This update for SUSEConnect contains the following fix:

- Update to 0.3.32:
  - Allow --regcode and --instance-data attributes at the same time. (jsc#PCT-164)
  - Document that 'debug' can also get set in the config file
  - --status will also print the subscription name

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3589-1
Released:    Mon Nov  1 19:27:52 2021
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1191690
This update for apparmor fixes the following issues:

- Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)


The following package changes have been done:

- SUSEConnect-0.3.32-16.1 updated
- apparmor-parser-2.13.6-3.3.1 updated
- ca-certificates-mozilla-2.44-21.1 updated
- containerd-ctr-1.4.11-56.1 updated
- containerd-1.4.11-56.1 updated
- coreutils-8.32-3.2.1 updated
- curl-7.66.0-4.27.1 updated
- docker-20.10.9_ce-156.1 updated
- dracut-049.1+suse.209.gebcf4f33-3.40.1 updated
- glibc-locale-base-2.31-9.3.2 updated
- glibc-locale-2.31-9.3.2 updated
- glibc-2.31-9.3.2 updated
- iproute2-5.3-5.5.1 updated
- kdump-0.9.0-18.3.1 updated
- kernel-default-5.3.18-59.27.1 updated
- krb5-1.16.3-3.24.1 updated
- less-530-3.3.2 updated
- libapparmor1-2.13.6-3.3.1 updated
- libaugeas0-1.10.1-3.3.1 updated
- libblkid1-2.36.2-4.5.1 updated
- libcurl4-7.66.0-4.27.1 updated
- libdevmapper1_03-1.02.163-8.36.1 updated
- libfdisk1-2.36.2-4.5.1 updated
- libmount1-2.36.2-4.5.1 updated
- libncurses6-6.1-5.9.1 updated
- libpcre1-8.45-20.10.1 updated
- libprotobuf-lite20-3.9.2-4.9.1 added
- libsmartcols1-2.36.2-4.5.1 updated
- libsolv-tools-0.7.20-9.2 updated
- libsystemd0-246.16-7.14.1 updated
- libudev1-246.16-7.14.1 updated
- libuuid1-2.36.2-4.5.1 updated
- libzypp-17.28.5-15.2 updated
- ncurses-utils-6.1-5.9.1 updated
- pam-1.3.0-6.50.1 updated
- perl-Bootloader-0.936-3.3.1 updated
- rpm-config-SUSE-1-5.3.1 updated
- rpm-ndb-4.14.3-40.1 updated
- runc-1.0.2-23.1 updated
- suse-module-tools-15.3.13-3.11.1 updated
- systemd-sysvinit-246.16-7.14.1 updated
- systemd-246.16-7.14.1 updated
- terminfo-base-6.1-5.9.1 updated
- terminfo-6.1-5.9.1 updated
- udev-246.16-7.14.1 updated
- util-linux-systemd-2.36.2-4.5.1 updated
- util-linux-2.36.2-4.5.1 updated
- zypper-1.14.49-16.1 updated

From sle-updates at lists.suse.com  Wed Nov  3 11:18:06 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 12:18:06 +0100 (CET)
Subject: SUSE-RU-2021:3595-1: important: Recommended update for
 installation-images
Message-ID: <20211103111806.A398FFDA4@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for installation-images
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3595-1
Rating:             important
References:         #1191498 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for installation-images fixes the following issues:

   - Ensure 'perl-XML-Simple' is available in installation system.
     (bsc#1191498)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3595=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      tftpboot-installation-SLE-15-SP3-aarch64-16.56.12-3.6.7
      tftpboot-installation-SLE-15-SP3-ppc64le-16.56.12-3.6.7
      tftpboot-installation-SLE-15-SP3-s390x-16.56.12-3.6.7
      tftpboot-installation-SLE-15-SP3-x86_64-16.56.12-3.6.7


References:

   https://bugzilla.suse.com/1191498


From sle-updates at lists.suse.com  Wed Nov  3 11:20:39 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 12:20:39 +0100 (CET)
Subject: SUSE-RU-2021:3596-1: moderate: Recommended update for
 libyui-ncurses-pkg
Message-ID: <20211103112039.A4552FDA4@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for libyui-ncurses-pkg
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3596-1
Rating:             moderate
References:         #1191130 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for libyui-ncurses-pkg fixes the following issues:

   - Fixed crash in NCurses online update when retracted packages are present
     (bsc#1191130)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3596=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3596=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      libyui-ncurses-pkg-doc-2.50.8-3.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      libyui-ncurses-pkg-debugsource-2.50.8-3.3.1
      libyui-ncurses-pkg-devel-2.50.8-3.3.1
      libyui-ncurses-pkg11-2.50.8-3.3.1
      libyui-ncurses-pkg11-debuginfo-2.50.8-3.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):

      libyui-ncurses-pkg-doc-2.50.8-3.3.1


References:

   https://bugzilla.suse.com/1191130


From sle-updates at lists.suse.com  Wed Nov  3 14:18:50 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 15:18:50 +0100 (CET)
Subject: SUSE-RU-2021:3598-1: moderate: Recommended update to apache2
Message-ID: <20211103141850.89476FDA4@maintenance.suse.de>


   SUSE Recommended Update: Recommended update to apache2
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3598-1
Rating:             moderate
References:         SLE-18664 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that has 0 recommended fixes and contains one
   feature can now be installed.

Description:


   Apache2 was updated to the current stable version 2.4.51 (jsc#SLE-18664)

   It fixes all CVEs and selected bugs represented by patches found between
   2.4.23 and 2.4.51.

   See https://downloads.apache.org/httpd/CHANGES_2.4 for a complete change
   log.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3598=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3598=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      apache2-debuginfo-2.4.51-35.4.1
      apache2-debugsource-2.4.51-35.4.1
      apache2-devel-2.4.51-35.4.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      apache2-2.4.51-35.4.1
      apache2-debuginfo-2.4.51-35.4.1
      apache2-debugsource-2.4.51-35.4.1
      apache2-example-pages-2.4.51-35.4.1
      apache2-prefork-2.4.51-35.4.1
      apache2-prefork-debuginfo-2.4.51-35.4.1
      apache2-utils-2.4.51-35.4.1
      apache2-utils-debuginfo-2.4.51-35.4.1
      apache2-worker-2.4.51-35.4.1
      apache2-worker-debuginfo-2.4.51-35.4.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      apache2-doc-2.4.51-35.4.1


References:



From sle-updates at lists.suse.com  Wed Nov  3 14:20:02 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 15:20:02 +0100 (CET)
Subject: SUSE-RU-2021:3599-1: moderate: Recommended update for postgresql,
 postgresql13, postgresql14
Message-ID: <20211103142002.CC38DFDA4@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for postgresql, postgresql13, postgresql14
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3599-1
Rating:             moderate
References:         SLE-20675 SLE-20676 
Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15-SP3
                    SUSE Linux Enterprise Module for Server Applications 15-SP2
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that has 0 recommended fixes and contains two
   features can now be installed.

Description:

   This update for postgresql, postgresql13, postgresql14 fixes the following
   issues:

   This update ships postgresql14. (jsc#SLE-20675 jsc#SLE-20676)

   Feature changes in postgresql14:

   - https://www.postgresql.org/about/news/postgresql-14-released-2318/
   - https://www.postgresql.org/docs/14/release-14.html

   Changes in postgresql13:

   - Stop building the mini and lib packages as they are now coming from
     postgresql14.

   Changes in postgresql:

   - Bump version to 14, leave default at 12.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3599=1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3599=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3599=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3599=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3599=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3599=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      libecpg6-14.0-5.3.1
      libecpg6-debuginfo-14.0-5.3.1
      postgresql13-contrib-13.4-5.19.1
      postgresql13-contrib-debuginfo-13.4-5.19.1
      postgresql13-debuginfo-13.4-5.19.1
      postgresql13-debugsource-13.4-5.19.1
      postgresql13-devel-13.4-5.19.1
      postgresql13-devel-debuginfo-13.4-5.19.1
      postgresql13-plperl-13.4-5.19.1
      postgresql13-plperl-debuginfo-13.4-5.19.1
      postgresql13-plpython-13.4-5.19.1
      postgresql13-plpython-debuginfo-13.4-5.19.1
      postgresql13-pltcl-13.4-5.19.1
      postgresql13-pltcl-debuginfo-13.4-5.19.1
      postgresql13-server-13.4-5.19.1
      postgresql13-server-debuginfo-13.4-5.19.1
      postgresql13-server-devel-13.4-5.19.1
      postgresql13-server-devel-debuginfo-13.4-5.19.1
      postgresql14-contrib-14.0-5.3.1
      postgresql14-contrib-debuginfo-14.0-5.3.1
      postgresql14-debuginfo-14.0-5.3.1
      postgresql14-debugsource-14.0-5.3.1
      postgresql14-devel-14.0-5.3.1
      postgresql14-devel-debuginfo-14.0-5.3.1
      postgresql14-plperl-14.0-5.3.1
      postgresql14-plperl-debuginfo-14.0-5.3.1
      postgresql14-plpython-14.0-5.3.1
      postgresql14-plpython-debuginfo-14.0-5.3.1
      postgresql14-pltcl-14.0-5.3.1
      postgresql14-pltcl-debuginfo-14.0-5.3.1
      postgresql14-server-14.0-5.3.1
      postgresql14-server-debuginfo-14.0-5.3.1
      postgresql14-server-devel-14.0-5.3.1
      postgresql14-server-devel-debuginfo-14.0-5.3.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):

      postgresql13-docs-13.4-5.19.1
      postgresql14-docs-14.0-5.3.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64):

      libecpg6-14.0-5.3.1
      libecpg6-debuginfo-14.0-5.3.1
      postgresql13-contrib-13.4-5.19.1
      postgresql13-contrib-debuginfo-13.4-5.19.1
      postgresql13-debuginfo-13.4-5.19.1
      postgresql13-debugsource-13.4-5.19.1
      postgresql13-devel-13.4-5.19.1
      postgresql13-devel-debuginfo-13.4-5.19.1
      postgresql13-plperl-13.4-5.19.1
      postgresql13-plperl-debuginfo-13.4-5.19.1
      postgresql13-plpython-13.4-5.19.1
      postgresql13-plpython-debuginfo-13.4-5.19.1
      postgresql13-pltcl-13.4-5.19.1
      postgresql13-pltcl-debuginfo-13.4-5.19.1
      postgresql13-server-13.4-5.19.1
      postgresql13-server-debuginfo-13.4-5.19.1
      postgresql13-server-devel-13.4-5.19.1
      postgresql13-server-devel-debuginfo-13.4-5.19.1
      postgresql14-contrib-14.0-5.3.1
      postgresql14-contrib-debuginfo-14.0-5.3.1
      postgresql14-debuginfo-14.0-5.3.1
      postgresql14-debugsource-14.0-5.3.1
      postgresql14-devel-14.0-5.3.1
      postgresql14-devel-debuginfo-14.0-5.3.1
      postgresql14-plperl-14.0-5.3.1
      postgresql14-plperl-debuginfo-14.0-5.3.1
      postgresql14-plpython-14.0-5.3.1
      postgresql14-plpython-debuginfo-14.0-5.3.1
      postgresql14-pltcl-14.0-5.3.1
      postgresql14-pltcl-debuginfo-14.0-5.3.1
      postgresql14-server-14.0-5.3.1
      postgresql14-server-debuginfo-14.0-5.3.1
      postgresql14-server-devel-14.0-5.3.1
      postgresql14-server-devel-debuginfo-14.0-5.3.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch):

      postgresql-contrib-14-4.12.2
      postgresql-devel-14-4.12.2
      postgresql-docs-14-4.12.2
      postgresql-plperl-14-4.12.2
      postgresql-plpython-14-4.12.2
      postgresql-pltcl-14-4.12.2
      postgresql-server-14-4.12.2
      postgresql-server-devel-14-4.12.2
      postgresql13-docs-13.4-5.19.1
      postgresql14-docs-14.0-5.3.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):

      postgresql13-llvmjit-13.4-5.19.1
      postgresql13-llvmjit-debuginfo-13.4-5.19.1
      postgresql13-test-13.4-5.19.1
      postgresql14-llvmjit-14.0-5.3.1
      postgresql14-llvmjit-debuginfo-14.0-5.3.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):

      postgresql14-test-14.0-5.3.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64):

      postgresql13-llvmjit-13.4-5.19.1
      postgresql13-llvmjit-debuginfo-13.4-5.19.1
      postgresql13-test-13.4-5.19.1
      postgresql14-llvmjit-14.0-5.3.1
      postgresql14-llvmjit-debuginfo-14.0-5.3.1
      postgresql14-test-14.0-5.3.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch):

      postgresql-llvmjit-14-4.12.2
      postgresql-test-14-4.12.2

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      libpq5-14.0-5.3.1
      libpq5-debuginfo-14.0-5.3.1
      postgresql13-13.4-5.19.1
      postgresql13-debuginfo-13.4-5.19.1
      postgresql13-debugsource-13.4-5.19.1
      postgresql14-14.0-5.3.1
      postgresql14-debuginfo-14.0-5.3.1
      postgresql14-debugsource-14.0-5.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      libpq5-14.0-5.3.1
      libpq5-debuginfo-14.0-5.3.1
      postgresql13-13.4-5.19.1
      postgresql13-debuginfo-13.4-5.19.1
      postgresql13-debugsource-13.4-5.19.1
      postgresql14-14.0-5.3.1
      postgresql14-debuginfo-14.0-5.3.1
      postgresql14-debugsource-14.0-5.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):

      postgresql-14-4.12.2

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64):

      libpq5-32bit-14.0-5.3.1
      libpq5-32bit-debuginfo-14.0-5.3.1


References:



From sle-updates at lists.suse.com  Wed Nov  3 14:21:17 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 15:21:17 +0100 (CET)
Subject: SUSE-RU-2021:3600-1: moderate: Recommended update for postgresql
Message-ID: <20211103142117.56B78FDA4@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for postgresql
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3600-1
Rating:             moderate
References:         SLE-20676 
Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15-SP3
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has 0 recommended fixes and contains one
   feature can now be installed.

Description:

   This update for postgresql fixes the following issues:

   - Bump version to 14, leave default at 13.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3600=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3600=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3600=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):

      postgresql-contrib-14-10.6.2
      postgresql-devel-14-10.6.2
      postgresql-docs-14-10.6.2
      postgresql-plperl-14-10.6.2
      postgresql-plpython-14-10.6.2
      postgresql-pltcl-14-10.6.2
      postgresql-server-14-10.6.2
      postgresql-server-devel-14-10.6.2
      postgresql-test-14-10.6.2

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):

      postgresql-14-10.6.2
      postgresql-contrib-14-10.6.2
      postgresql-devel-14-10.6.2
      postgresql-docs-14-10.6.2
      postgresql-llvmjit-14-10.6.2
      postgresql-plperl-14-10.6.2
      postgresql-plpython-14-10.6.2
      postgresql-pltcl-14-10.6.2
      postgresql-server-14-10.6.2
      postgresql-server-devel-14-10.6.2
      postgresql-test-14-10.6.2

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      postgresql-14-10.6.2


References:



From sle-updates at lists.suse.com  Wed Nov  3 17:17:24 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 18:17:24 +0100 (CET)
Subject: SUSE-RU-2021:3601-1: Recommended update for sle-module-legacy-release
Message-ID: <20211103171724.53C31FDA4@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for sle-module-legacy-release
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3601-1
Rating:             low
References:         #1191459 
Affected Products:
                    SUSE Linux Enterprise Module for Legacy Software 15-SP2
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for sle-module-legacy-release provides the following fix:

   - Adjust the EOL date from 2021-07-31 to 2021-12-31. (bsc#1191459)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-3601=1



Package List:

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64):

      sle-module-legacy-release-15.2-119.4.3


References:

   https://bugzilla.suse.com/1191459


From sle-updates at lists.suse.com  Wed Nov  3 17:22:06 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 18:22:06 +0100 (CET)
Subject: SUSE-RU-2021:3606-1: moderate: Recommended update for
 release-notes-sles
Message-ID: <20211103172206.97A9AFCC9@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for release-notes-sles
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3606-1
Rating:             moderate
References:         #1183906 #1186099 #1188302 #1189989 #1190394 
                    #933411 
Affected Products:
                    SUSE Linux Enterprise Server 15-SP3
                    SUSE Linux Enterprise Installer 15-SP3
______________________________________________________________________________

   An update that has 6 recommended fixes can now be installed.

Description:

   This update for release-notes-sles fixes the following issues:

   - 15.3.20211025 (tracked in bsc#933411)
   - Added note about NVMe-oF TCP support (bsc#1190394)
   - Added note about manual pages (bsc#1188302)
   - Added keepalived to support exceptions (bsc#1183906)
   - Updated note about support information (bsc#1189989)
   - Updated SELinux note to include warning (bsc#1186099)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 15-SP3:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-2021-3606=1

   - SUSE Linux Enterprise Installer 15-SP3:

      zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-3606=1



Package List:

   - SUSE Linux Enterprise Server 15-SP3 (noarch):

      release-notes-sles-15.3.20211025-3.12.2

   - SUSE Linux Enterprise Installer 15-SP3 (noarch):

      release-notes-sles-15.3.20211025-3.12.2


References:

   https://bugzilla.suse.com/1183906
   https://bugzilla.suse.com/1186099
   https://bugzilla.suse.com/1188302
   https://bugzilla.suse.com/1189989
   https://bugzilla.suse.com/1190394
   https://bugzilla.suse.com/933411


From sle-updates at lists.suse.com  Wed Nov  3 17:24:03 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 18:24:03 +0100 (CET)
Subject: SUSE-SU-2021:3603-1: important: Security update for webkit2gtk3
Message-ID: <20211103172403.34C4DFCC9@maintenance.suse.de>


   SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3603-1
Rating:             important
References:         #1191937 
Cross-References:   CVE-2021-42762
CVSS scores:
                    CVE-2021-42762 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP3
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for webkit2gtk3 fixes the following issues:

   - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak
     (bsc#1191937).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3603=1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3603=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3603=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3603=1



Package List:

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      typelib-1_0-JavaScriptCore-4_0-2.32.4-15.1
      typelib-1_0-WebKit2-4_0-2.32.4-15.1
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-15.1
      webkit2gtk3-debugsource-2.32.4-15.1
      webkit2gtk3-devel-2.32.4-15.1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64):

      typelib-1_0-JavaScriptCore-4_0-2.32.4-15.1
      typelib-1_0-WebKit2-4_0-2.32.4-15.1
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-15.1
      webkit2gtk3-debugsource-2.32.4-15.1
      webkit2gtk3-devel-2.32.4-15.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-15.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-15.1
      libwebkit2gtk-4_0-37-2.32.4-15.1
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-15.1
      webkit2gtk-4_0-injected-bundles-2.32.4-15.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-15.1
      webkit2gtk3-debugsource-2.32.4-15.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      libwebkit2gtk3-lang-2.32.4-15.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-15.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-15.1
      libwebkit2gtk-4_0-37-2.32.4-15.1
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-15.1
      webkit2gtk-4_0-injected-bundles-2.32.4-15.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-15.1
      webkit2gtk3-debugsource-2.32.4-15.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):

      libwebkit2gtk3-lang-2.32.4-15.1


References:

   https://www.suse.com/security/cve/CVE-2021-42762.html
   https://bugzilla.suse.com/1191937


From sle-updates at lists.suse.com  Wed Nov  3 17:28:07 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 18:28:07 +0100 (CET)
Subject: SUSE-SU-2021:3602-1: important: Security update for tomcat
Message-ID: <20211103172807.86867FCC9@maintenance.suse.de>


   SUSE Security Update: Security update for tomcat
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3602-1
Rating:             important
References:         #1185476 #1188278 #1188279 #1190558 
Cross-References:   CVE-2021-30640 CVE-2021-33037 CVE-2021-41079
                   
CVSS scores:
                    CVE-2021-30640 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
                    CVE-2021-33037 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-41079 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud 9
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4-LTSS
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:

   This update for tomcat, javapackages-tools fixes the following issue:

   Security issue fixed:

   - CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
   - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1.
     clients (bsc#1188278).
   - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS
     packet (bsc#1190558).

   Non-security issues fixed:

   - Add requires and conflicts to avoid the usage of the incompatible 'Java
     11' with 'Tomcat'. (bsc#1185476)
   - Rebuild javapackages-tools to fix a missing package on s390.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3602=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3602=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3602=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3602=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3602=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      tomcat-9.0.36-3.71.1
      tomcat-admin-webapps-9.0.36-3.71.1
      tomcat-docs-webapp-9.0.36-3.71.1
      tomcat-el-3_0-api-9.0.36-3.71.1
      tomcat-javadoc-9.0.36-3.71.1
      tomcat-jsp-2_3-api-9.0.36-3.71.1
      tomcat-lib-9.0.36-3.71.1
      tomcat-servlet-4_0-api-9.0.36-3.71.1
      tomcat-webapps-9.0.36-3.71.1

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      javapackages-tools-2.0.1-13.1

   - SUSE OpenStack Cloud 9 (x86_64):

      javapackages-tools-2.0.1-13.1

   - SUSE OpenStack Cloud 9 (noarch):

      tomcat-9.0.36-3.71.1
      tomcat-admin-webapps-9.0.36-3.71.1
      tomcat-docs-webapp-9.0.36-3.71.1
      tomcat-el-3_0-api-9.0.36-3.71.1
      tomcat-javadoc-9.0.36-3.71.1
      tomcat-jsp-2_3-api-9.0.36-3.71.1
      tomcat-lib-9.0.36-3.71.1
      tomcat-servlet-4_0-api-9.0.36-3.71.1
      tomcat-webapps-9.0.36-3.71.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      javapackages-tools-2.0.1-13.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):

      tomcat-9.0.36-3.71.1
      tomcat-admin-webapps-9.0.36-3.71.1
      tomcat-docs-webapp-9.0.36-3.71.1
      tomcat-el-3_0-api-9.0.36-3.71.1
      tomcat-javadoc-9.0.36-3.71.1
      tomcat-jsp-2_3-api-9.0.36-3.71.1
      tomcat-lib-9.0.36-3.71.1
      tomcat-servlet-4_0-api-9.0.36-3.71.1
      tomcat-webapps-9.0.36-3.71.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      javapackages-tools-2.0.1-13.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      tomcat-9.0.36-3.71.1
      tomcat-admin-webapps-9.0.36-3.71.1
      tomcat-docs-webapp-9.0.36-3.71.1
      tomcat-el-3_0-api-9.0.36-3.71.1
      tomcat-javadoc-9.0.36-3.71.1
      tomcat-jsp-2_3-api-9.0.36-3.71.1
      tomcat-lib-9.0.36-3.71.1
      tomcat-servlet-4_0-api-9.0.36-3.71.1
      tomcat-webapps-9.0.36-3.71.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      javapackages-tools-2.0.1-13.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):

      tomcat-9.0.36-3.71.1
      tomcat-admin-webapps-9.0.36-3.71.1
      tomcat-docs-webapp-9.0.36-3.71.1
      tomcat-el-3_0-api-9.0.36-3.71.1
      tomcat-javadoc-9.0.36-3.71.1
      tomcat-jsp-2_3-api-9.0.36-3.71.1
      tomcat-lib-9.0.36-3.71.1
      tomcat-servlet-4_0-api-9.0.36-3.71.1
      tomcat-webapps-9.0.36-3.71.1


References:

   https://www.suse.com/security/cve/CVE-2021-30640.html
   https://www.suse.com/security/cve/CVE-2021-33037.html
   https://www.suse.com/security/cve/CVE-2021-41079.html
   https://bugzilla.suse.com/1185476
   https://bugzilla.suse.com/1188278
   https://bugzilla.suse.com/1188279
   https://bugzilla.suse.com/1190558


From sle-updates at lists.suse.com  Wed Nov  3 17:29:46 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 18:29:46 +0100 (CET)
Subject: SUSE-SU-2021:3605-1: important: Security update for qemu
Message-ID: <20211103172946.1DCF4FCC9@maintenance.suse.de>


   SUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3605-1
Rating:             important
References:         #1189234 #1189702 #1189938 #1190425 
Cross-References:   CVE-2021-3713 CVE-2021-3748
CVSS scores:
                    CVE-2021-3713 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-3748 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Module for Server Applications 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that solves two vulnerabilities and has two fixes
   is now available.

Description:

   This update for qemu fixes the following issues:

   Security issues fixed:

   - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device
     emulation (bsc#1189702)
   - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu
     (bsc#1189938)

   Non-security issues fixed:

   - Add transfer length item in block limits page of scsi vpd (bsc#1190425)
   - Fix qemu crash while deleting xen-block (bsc#1189234)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3605=1

   - SUSE Linux Enterprise Module for Server Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3605=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3605=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      qemu-5.2.0-106.4
      qemu-debuginfo-5.2.0-106.4
      qemu-debugsource-5.2.0-106.4
      qemu-tools-5.2.0-106.4
      qemu-tools-debuginfo-5.2.0-106.4

   - SUSE MicroOS 5.1 (aarch64):

      qemu-arm-5.2.0-106.4
      qemu-arm-debuginfo-5.2.0-106.4

   - SUSE MicroOS 5.1 (x86_64):

      qemu-x86-5.2.0-106.4
      qemu-x86-debuginfo-5.2.0-106.4

   - SUSE MicroOS 5.1 (noarch):

      qemu-ipxe-1.0.0+-106.4
      qemu-seabios-1.14.0_0_g155821a-106.4
      qemu-sgabios-8-106.4
      qemu-vgabios-1.14.0_0_g155821a-106.4

   - SUSE MicroOS 5.1 (s390x):

      qemu-s390x-5.2.0-106.4
      qemu-s390x-debuginfo-5.2.0-106.4

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      qemu-5.2.0-106.4
      qemu-block-curl-5.2.0-106.4
      qemu-block-curl-debuginfo-5.2.0-106.4
      qemu-block-iscsi-5.2.0-106.4
      qemu-block-iscsi-debuginfo-5.2.0-106.4
      qemu-block-rbd-5.2.0-106.4
      qemu-block-rbd-debuginfo-5.2.0-106.4
      qemu-block-ssh-5.2.0-106.4
      qemu-block-ssh-debuginfo-5.2.0-106.4
      qemu-chardev-baum-5.2.0-106.4
      qemu-chardev-baum-debuginfo-5.2.0-106.4
      qemu-debuginfo-5.2.0-106.4
      qemu-debugsource-5.2.0-106.4
      qemu-guest-agent-5.2.0-106.4
      qemu-guest-agent-debuginfo-5.2.0-106.4
      qemu-ksm-5.2.0-106.4
      qemu-lang-5.2.0-106.4
      qemu-ui-curses-5.2.0-106.4
      qemu-ui-curses-debuginfo-5.2.0-106.4

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le x86_64):

      qemu-audio-spice-5.2.0-106.4
      qemu-audio-spice-debuginfo-5.2.0-106.4
      qemu-chardev-spice-5.2.0-106.4
      qemu-chardev-spice-debuginfo-5.2.0-106.4
      qemu-hw-display-qxl-5.2.0-106.4
      qemu-hw-display-qxl-debuginfo-5.2.0-106.4
      qemu-hw-display-virtio-vga-5.2.0-106.4
      qemu-hw-display-virtio-vga-debuginfo-5.2.0-106.4
      qemu-hw-usb-redirect-5.2.0-106.4
      qemu-hw-usb-redirect-debuginfo-5.2.0-106.4
      qemu-ui-gtk-5.2.0-106.4
      qemu-ui-gtk-debuginfo-5.2.0-106.4
      qemu-ui-opengl-5.2.0-106.4
      qemu-ui-opengl-debuginfo-5.2.0-106.4
      qemu-ui-spice-app-5.2.0-106.4
      qemu-ui-spice-app-debuginfo-5.2.0-106.4
      qemu-ui-spice-core-5.2.0-106.4
      qemu-ui-spice-core-debuginfo-5.2.0-106.4

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x x86_64):

      qemu-hw-display-virtio-gpu-5.2.0-106.4
      qemu-hw-display-virtio-gpu-debuginfo-5.2.0-106.4
      qemu-hw-display-virtio-gpu-pci-5.2.0-106.4
      qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-106.4
      qemu-kvm-5.2.0-106.4

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le):

      qemu-ppc-5.2.0-106.4
      qemu-ppc-debuginfo-5.2.0-106.4

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64):

      qemu-arm-5.2.0-106.4
      qemu-arm-debuginfo-5.2.0-106.4

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):

      qemu-ipxe-1.0.0+-106.4
      qemu-seabios-1.14.0_0_g155821a-106.4
      qemu-sgabios-8-106.4
      qemu-skiboot-5.2.0-106.4
      qemu-vgabios-1.14.0_0_g155821a-106.4

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64):

      qemu-audio-alsa-5.2.0-106.4
      qemu-audio-alsa-debuginfo-5.2.0-106.4
      qemu-audio-pa-5.2.0-106.4
      qemu-audio-pa-debuginfo-5.2.0-106.4
      qemu-x86-5.2.0-106.4
      qemu-x86-debuginfo-5.2.0-106.4

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x):

      qemu-hw-s390x-virtio-gpu-ccw-5.2.0-106.4
      qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-106.4
      qemu-s390x-5.2.0-106.4
      qemu-s390x-debuginfo-5.2.0-106.4

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      qemu-debuginfo-5.2.0-106.4
      qemu-debugsource-5.2.0-106.4
      qemu-tools-5.2.0-106.4
      qemu-tools-debuginfo-5.2.0-106.4


References:

   https://www.suse.com/security/cve/CVE-2021-3713.html
   https://www.suse.com/security/cve/CVE-2021-3748.html
   https://bugzilla.suse.com/1189234
   https://bugzilla.suse.com/1189702
   https://bugzilla.suse.com/1189938
   https://bugzilla.suse.com/1190425


From sle-updates at lists.suse.com  Wed Nov  3 17:31:27 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 18:31:27 +0100 (CET)
Subject: SUSE-RU-2021:3607-1: important: Recommended update for SUSEConnect
Message-ID: <20211103173127.B8045FCC9@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for SUSEConnect
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3607-1
Rating:             important
References:         
Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that has 0 recommended fixes can now be installed.

Description:

   This update for SUSEConnect contains the following fix:

   - Update to 0.3.32:
     - Allow --regcode and --instance-data attributes at the same time.
       (jsc#PCT-164)
     - Document that 'debug' can also get set in the config file.
     - --status will also print the subscription name.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3607=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3607=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3607=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3607=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3607=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3607=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3607=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3607=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3607=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3607=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      SUSEConnect-0.3.32-3.49.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      SUSEConnect-0.3.32-3.49.1

   - SUSE OpenStack Cloud 9 (x86_64):

      SUSEConnect-0.3.32-3.49.1

   - SUSE OpenStack Cloud 8 (x86_64):

      SUSEConnect-0.3.32-3.49.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      SUSEConnect-0.3.32-3.49.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      SUSEConnect-0.3.32-3.49.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      SUSEConnect-0.3.32-3.49.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      SUSEConnect-0.3.32-3.49.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      SUSEConnect-0.3.32-3.49.1

   - HPE Helion Openstack 8 (x86_64):

      SUSEConnect-0.3.32-3.49.1


References:



From sle-updates at lists.suse.com  Wed Nov  3 17:32:33 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 18:32:33 +0100 (CET)
Subject: SUSE-RU-2021:3608-1: important: Recommended update for SUSEConnect
Message-ID: <20211103173233.74A68FCC9@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for SUSEConnect
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3608-1
Rating:             important
References:         #1185611 
Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for SUSEConnect contains the following fixes:

   - Update to 0.3.32:
     - Allow --regcode and --instance-data attributes at the same time
       (jsc#PCT-164)
     - Document that 'debug' can also get set in the config file
     - --status will also print the subscription name

   - Update to 0.3.31:
     - Disallow registering via SUSEConnect if the system is managed by SUSE
       Manager.
     - Add subscription name to output of 'SUSEConnect --status'

   - Update to 0.3.30:
     - send payload of GET requests as part of the url. (bsc#1185611)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3608=1



Package List:

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      SUSEConnect-0.3.32-19.10.38.1


References:

   https://bugzilla.suse.com/1185611


From sle-updates at lists.suse.com  Wed Nov  3 17:33:45 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 18:33:45 +0100 (CET)
Subject: SUSE-SU-2021:3604-1: important: Security update for qemu
Message-ID: <20211103173345.67379FCC9@maintenance.suse.de>


   SUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3604-1
Rating:             important
References:         #1189234 #1189702 #1189938 #1190425 
Cross-References:   CVE-2021-3713 CVE-2021-3748
CVSS scores:
                    CVE-2021-3713 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-3748 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE MicroOS 5.0
                    SUSE Linux Enterprise Module for Server Applications 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that solves two vulnerabilities and has two fixes
   is now available.

Description:

   This update for qemu fixes the following issues:

   Security issues fixed:

   - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device
     emulation (bsc#1189702)
   - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu
     (bsc#1189938)

   Non-security issues fixed:

   - Add transfer length item in block limits page of scsi vpd (bsc#1190425)
   - Fix qemu crash while deleting xen-block (bsc#1189234)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3604=1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3604=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3604=1



Package List:

   - SUSE MicroOS 5.0 (aarch64 x86_64):

      qemu-4.2.1-11.31.3
      qemu-debuginfo-4.2.1-11.31.3
      qemu-debugsource-4.2.1-11.31.3
      qemu-tools-4.2.1-11.31.3
      qemu-tools-debuginfo-4.2.1-11.31.3

   - SUSE MicroOS 5.0 (aarch64):

      qemu-arm-4.2.1-11.31.3
      qemu-arm-debuginfo-4.2.1-11.31.3

   - SUSE MicroOS 5.0 (noarch):

      qemu-ipxe-1.0.0+-11.31.3
      qemu-seabios-1.12.1+-11.31.3
      qemu-sgabios-8-11.31.3
      qemu-vgabios-1.12.1+-11.31.3

   - SUSE MicroOS 5.0 (x86_64):

      qemu-x86-4.2.1-11.31.3
      qemu-x86-debuginfo-4.2.1-11.31.3

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64):

      qemu-4.2.1-11.31.3
      qemu-block-curl-4.2.1-11.31.3
      qemu-block-curl-debuginfo-4.2.1-11.31.3
      qemu-block-iscsi-4.2.1-11.31.3
      qemu-block-iscsi-debuginfo-4.2.1-11.31.3
      qemu-block-rbd-4.2.1-11.31.3
      qemu-block-rbd-debuginfo-4.2.1-11.31.3
      qemu-block-ssh-4.2.1-11.31.3
      qemu-block-ssh-debuginfo-4.2.1-11.31.3
      qemu-debuginfo-4.2.1-11.31.3
      qemu-debugsource-4.2.1-11.31.3
      qemu-guest-agent-4.2.1-11.31.3
      qemu-guest-agent-debuginfo-4.2.1-11.31.3
      qemu-lang-4.2.1-11.31.3
      qemu-ui-spice-app-4.2.1-11.31.3
      qemu-ui-spice-app-debuginfo-4.2.1-11.31.3

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x x86_64):

      qemu-kvm-4.2.1-11.31.3

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le):

      qemu-ppc-4.2.1-11.31.3
      qemu-ppc-debuginfo-4.2.1-11.31.3

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64):

      qemu-arm-4.2.1-11.31.3
      qemu-arm-debuginfo-4.2.1-11.31.3

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64):

      qemu-audio-alsa-4.2.1-11.31.3
      qemu-audio-alsa-debuginfo-4.2.1-11.31.3
      qemu-audio-pa-4.2.1-11.31.3
      qemu-audio-pa-debuginfo-4.2.1-11.31.3
      qemu-ui-curses-4.2.1-11.31.3
      qemu-ui-curses-debuginfo-4.2.1-11.31.3
      qemu-ui-gtk-4.2.1-11.31.3
      qemu-ui-gtk-debuginfo-4.2.1-11.31.3
      qemu-x86-4.2.1-11.31.3
      qemu-x86-debuginfo-4.2.1-11.31.3

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch):

      qemu-ipxe-1.0.0+-11.31.3
      qemu-microvm-4.2.1-11.31.3
      qemu-seabios-1.12.1+-11.31.3
      qemu-sgabios-8-11.31.3
      qemu-vgabios-1.12.1+-11.31.3

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x):

      qemu-s390-4.2.1-11.31.3
      qemu-s390-debuginfo-4.2.1-11.31.3

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      qemu-debuginfo-4.2.1-11.31.3
      qemu-debugsource-4.2.1-11.31.3
      qemu-tools-4.2.1-11.31.3
      qemu-tools-debuginfo-4.2.1-11.31.3


References:

   https://www.suse.com/security/cve/CVE-2021-3713.html
   https://www.suse.com/security/cve/CVE-2021-3748.html
   https://bugzilla.suse.com/1189234
   https://bugzilla.suse.com/1189702
   https://bugzilla.suse.com/1189938
   https://bugzilla.suse.com/1190425


From sle-updates at lists.suse.com  Wed Nov  3 20:16:28 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed,  3 Nov 2021 21:16:28 +0100 (CET)
Subject: SUSE-RU-2021:3609-1: Recommended update for autoyast2
Message-ID: <20211103201628.4113FFBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for autoyast2
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3609-1
Rating:             low
References:         #1191968 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Installer 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for autoyast2 fixes the following issues:

   - Add the "keep_unknown_lv" element to the partitioning schema.
     (bsc#1191968)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3609=1

   - SUSE Linux Enterprise Installer 15-SP3:

      zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-3609=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      autoyast2-4.3.91-3.28.1
      autoyast2-installation-4.3.91-3.28.1

   - SUSE Linux Enterprise Installer 15-SP3 (noarch):

      autoyast2-installation-4.3.91-3.28.1


References:

   https://bugzilla.suse.com/1191968


From sle-updates at lists.suse.com  Thu Nov  4 14:16:37 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu,  4 Nov 2021 15:16:37 +0100 (CET)
Subject: SUSE-SU-2021:3611-1: moderate: Security update for systemd
Message-ID: <20211104141637.91196FCC9@maintenance.suse.de>


   SUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3611-1
Rating:             moderate
References:         #1171962 #1180225 #1188018 #1188063 #1188291 
                    #1189480 #1191399 SLE-21894 
Cross-References:   CVE-2021-33910
CVSS scores:
                    CVE-2021-33910 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-33910 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that solves one vulnerability, contains one
   feature and has 6 fixes is now available.

Description:

   This update for systemd fixes the following issues:

   - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
   - Add timestamp to D-Bus events to improve traceability. (jsc#SLE-21894)
   - busctl: add a timestamp to the output of the busctl monitor command
     (bsc#1180225, jsc#SLE-21894)
   - sysctl: configure kernel parameters in the order they occur in each
     sysctl configuration files (bsc#1191399)
   - basic/unit-name: do not use strdupa() on a path (bsc#1188063,
     CVE-2021-33910)
   - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018)
   - units: make fsck/grows/makefs/makeswap units conflict against
     shutdown.target
   - Make sure the versions of both udev and systemd packages are always the
     same (bsc#1189480)
   - Avoid the error message when udev is updated due to udev being already
     active when the sockets are started again (bsc#1188291)
   - Allow systemd sysusers config files to be overriden during system
     installation (bsc#1171962)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3611=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3611=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      libudev-devel-228-157.33.1
      systemd-debuginfo-228-157.33.1
      systemd-debugsource-228-157.33.1
      systemd-devel-228-157.33.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      libsystemd0-228-157.33.1
      libsystemd0-debuginfo-228-157.33.1
      libudev-devel-228-157.33.1
      libudev1-228-157.33.1
      libudev1-debuginfo-228-157.33.1
      systemd-228-157.33.1
      systemd-debuginfo-228-157.33.1
      systemd-debugsource-228-157.33.1
      systemd-devel-228-157.33.1
      systemd-sysvinit-228-157.33.1
      udev-228-157.33.1
      udev-debuginfo-228-157.33.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):

      libsystemd0-32bit-228-157.33.1
      libsystemd0-debuginfo-32bit-228-157.33.1
      libudev1-32bit-228-157.33.1
      libudev1-debuginfo-32bit-228-157.33.1
      systemd-32bit-228-157.33.1
      systemd-debuginfo-32bit-228-157.33.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      systemd-bash-completion-228-157.33.1


References:

   https://www.suse.com/security/cve/CVE-2021-33910.html
   https://bugzilla.suse.com/1171962
   https://bugzilla.suse.com/1180225
   https://bugzilla.suse.com/1188018
   https://bugzilla.suse.com/1188063
   https://bugzilla.suse.com/1188291
   https://bugzilla.suse.com/1189480
   https://bugzilla.suse.com/1191399


From sle-updates at lists.suse.com  Thu Nov  4 14:19:36 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu,  4 Nov 2021 15:19:36 +0100 (CET)
Subject: SUSE-RU-2021:3610-1: Recommended update for slurm_20_11
Message-ID: <20211104141936.DBA63FCC9@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for slurm_20_11
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3610-1
Rating:             low
References:         #1191666 
Affected Products:
                    SUSE Linux Enterprise Module for HPC 15-SP2
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for slurm_20_11 fixes the following issue:

   - Adds libslurm36-debuginfo to the repositores. (bsc#1191666)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for HPC 15-SP2:

      zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2021-3610=1



Package List:

   - SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64):

      libnss_slurm2_20_11-20.11.7-6.7.1
      libpmi0_20_11-20.11.7-6.7.1
      libslurm36-20.11.7-6.7.1
      libslurm36-debuginfo-20.11.7-6.7.1
      perl-slurm_20_11-20.11.7-6.7.1
      slurm_20_11-20.11.7-6.7.1
      slurm_20_11-auth-none-20.11.7-6.7.1
      slurm_20_11-config-20.11.7-6.7.1
      slurm_20_11-config-man-20.11.7-6.7.1
      slurm_20_11-devel-20.11.7-6.7.1
      slurm_20_11-doc-20.11.7-6.7.1
      slurm_20_11-lua-20.11.7-6.7.1
      slurm_20_11-munge-20.11.7-6.7.1
      slurm_20_11-node-20.11.7-6.7.1
      slurm_20_11-pam_slurm-20.11.7-6.7.1
      slurm_20_11-plugins-20.11.7-6.7.1
      slurm_20_11-slurmdbd-20.11.7-6.7.1
      slurm_20_11-sql-20.11.7-6.7.1
      slurm_20_11-sview-20.11.7-6.7.1
      slurm_20_11-torque-20.11.7-6.7.1
      slurm_20_11-webdoc-20.11.7-6.7.1


References:

   https://bugzilla.suse.com/1191666


From sle-updates at lists.suse.com  Thu Nov  4 17:20:17 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu,  4 Nov 2021 18:20:17 +0100 (CET)
Subject: SUSE-SU-2021:3616-1: moderate: Security update for binutils
Message-ID: <20211104172017.17CBCFCC9@maintenance.suse.de>


   SUSE Security Update: Security update for binutils
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3616-1
Rating:             moderate
References:         #1179898 #1179899 #1179900 #1179901 #1179902 
                    #1179903 #1180451 #1180454 #1180461 #1181452 
                    #1182252 #1183511 #1184620 #1184794 PM-2767 
                    SLE-18637 SLE-19618 SLE-21561 
Cross-References:   CVE-2020-16590 CVE-2020-16591 CVE-2020-16592
                    CVE-2020-16593 CVE-2020-16598 CVE-2020-16599
                    CVE-2020-35448 CVE-2020-35493 CVE-2020-35496
                    CVE-2020-35507 CVE-2021-20197 CVE-2021-20284
                    CVE-2021-3487
CVSS scores:
                    CVE-2020-16590 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16590 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2020-16591 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16591 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16592 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16592 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16593 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16593 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16598 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16598 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16599 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-16599 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2020-35448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2020-35448 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
                    CVE-2020-35493 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35493 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35496 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35507 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35507 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-20197 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-20197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-20284 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-20284 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-3487 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-3487 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Development Tools 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that solves 13 vulnerabilities, contains four
   features and has one errata is now available.

Description:

   This update for binutils fixes the following issues:

   Update to binutils 2.37:

   * The GNU Binutils sources now requires a C99 compiler and library to
     build.
   * Support for Realm Management Extension (RME) for AArch64 has been added.
   * A new linker option '-z report-relative-reloc' for x86 ELF targets has
     been added to report dynamic relative relocations.
   * A new linker option '-z start-stop-gc' has been added to disable special
     treatment of __start_*/__stop_* references when
     --gc-sections.
   * A new linker options '-Bno-symbolic' has been added which will cancel
     the '-Bsymbolic' and '-Bsymbolic-functions' options.
   * The readelf tool has a new command line option which can be used to
     specify how the numeric values of symbols are reported.
     --sym-base=0|8|10|16 tells readelf to display the values in base 8, base
      10 or base 16.  A sym base of 0 represents the default action
     of displaying values under 10000 in base 10 and values above that in
      base 16.
   * A new format has been added to the nm program.  Specifying
     '--format=just-symbols' (or just using -j) will tell the program to
     only display symbol names and nothing else.
   * A new command line option '--keep-section-symbols' has been added to
     objcopy and strip.  This stops the removal of unused section symbols
      when the file is copied.  Removing these symbols saves space, but
      sometimes they are needed by other tools.
   * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
     supported by objcopy now make undefined symbols weak on targets that
     support weak symbols.
   * Readelf and objdump can now display and use the contents of .debug_sup
     sections.
   * Readelf and objdump will now follow links to separate debug info files
     by default.  This behaviour can be stopped via the use of the new '-wN'
     or '--debug-dump=no-follow-links' options for readelf and the '-WN' or
     '--dwarf=no-follow-links' options for objdump.  Also the old behaviour
     can be restored by the use of the '--enable-follow-debug-links=no'
     configure time option.

     The semantics of the =follow-links option have also been slightly
   changed.  When enabled, the option allows for the loading of symbol tables
   and string tables from the separate files which can be used to enhance the
   information displayed when dumping other sections, but it does not
   automatically imply that information from the separate files should be
   displayed.

     If other debug section display options are also enabled (eg
   '--debug-dump=info') then the contents of matching sections in both the
   main file and the separate debuginfo file *will* be displayed. This is
   because in most cases the debug section will only be present in one of the
   files.

     If however non-debug section display options are enabled (eg
   '--sections') then the contents of matching parts of the separate
   debuginfo file will *not* be displayed.  This is because in most cases the
   user probably only wanted to load the symbol information from the separate
   debuginfo file.  In order to change this behaviour a new command line
   option --process-links can be used.  This will allow di0pslay options to
   applied to both the main file and any separate debuginfo files.

   * Nm has a new command line option: '--quiet'.  This suppresses "no
     symbols" diagnostic.

   Update to binutils 2.36:

   New features in the Assembler:

   - General:

      * When setting the link order attribute of ELF sections, it is now
        possible to use a numeric section index instead of symbol name.
      * Added a .nop directive to generate a single no-op instruction in a
        target neutral manner.  This instruction does have an effect on DWARF
        line number generation, if that is active.
      * Removed --reduce-memory-overheads and --hash-size as gas now uses
        hash tables that can be expand and shrink automatically.

   - X86/x86_64:

      * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker
        instructions.
      * Support non-absolute segment values for lcall and ljmp.
      * Add {disp16} pseudo prefix to x86 assembler.
      * Configure with --enable-x86-used-note by default for Linux/x86.

   -  ARM/AArch64:

      * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82,
        Neoverse V1, and Neoverse N2 cores.
      * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace
        Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder
        Extension) and BRBE (Branch Record Buffer Extension) system registers.
      * Add support for Armv8-R and Armv8.7-A ISA extensions.
      * Add support for DSB memory nXS barrier, WFET and WFIT instruction for
        Armv8.7.
      * Add support for +csre feature for -march. Add CSR PDEC instruction
        for CSRE feature in AArch64.
      * Add support for +flagm feature for -march in Armv8.4 AArch64.
      * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add
        atomic 64-byte load/store instructions for this feature.
      * Add support for +pauth (Pointer Authentication) feature for
        -march in AArch64.

   New features in the Linker:

     * Add --error-handling-script=<NAME> command line option to allow a
       helper script to be invoked when an undefined symbol or a missing
       library is encountered.  This option can be suppressed via the
       configure time switch: --enable-error-handling-script=no.
     * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
       x86-64-{baseline|v[234]} ISA level as needed.
     * Add -z unique-symbol to avoid duplicated local symbol names.
     * The creation of PE format DLLs now defaults to using a more secure set
       of DLL characteristics.
     * The linker now deduplicates the types in .ctf sections.  The new
       command-line option --ctf-share-types describes how to do this: its
       default value, share-unconflicted, produces the most compact
        output.
     * The linker now omits the "variable section" from .ctf sections by
       default, saving space.  This is almost certainly what you want unless
       you are working on a project that has its own analogue of symbol
       tables that are not reflected in the ELF symtabs.

   New features in other binary tools:

     * The ar tool's previously unused l modifier is now used for specifying
       dependencies of a static library. The arguments of this option (or
       --record-libdeps long form option) will be stored verbatim in the
       __.LIBDEP member of the archive, which the linker may read at link
       time.
     * Readelf can now display the contents of LTO symbol table sections when
       asked to do so via the --lto-syms command line
       option.
     * Readelf now accepts the -C command line option to enable the
       demangling of symbol names.  In addition the --demangle=<style>,
       --no-demangle, --recurse-limit and --no-recurse-limit options are also
        now availale.

   The following security fixes are addressed by the update:

   - CVE-2021-20197: Fixed a race condition which allows users to own
     arbitrary files (bsc#1181452).
   - CVE-2021-20284: Fixed a heap-based buffer overflow in
     _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
   - CVE-2021-3487: Fixed a denial of service via excessive debug section
     size causing excessive memory consumption in bfd's dwarf2.c
     read_section() (bsc#1184620).
   - CVE-2020-35448: Fixed a heap-based buffer over-read in
     bfd_getl_signed_32() in libbfd.c (bsc#1184794).
   - CVE-2020-16590: Fixed a double free vulnerability in
     process_symbol_table() (bsc#1179898).
   - CVE-2020-16591: Fixed an invalid read in process_symbol_table()
     (bsc#1179899).
   - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup()
     (bsc#1179900).
   - CVE-2020-16593: Fixed a null pointer dereference in
     scan_unit_for_symbols() (bsc#1179901).
   - CVE-2020-16598: Fixed a null pointer dereference in
     debug_get_real_type() (bsc#1179902).
   - CVE-2020-16599: Fixed a null pointer dereference in
     _bfd_elf_get_symbol_version_string() (bsc#1179903)
   - CVE-2020-35493: Fixed heap-based buffer overflow in
     bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file
     (bsc#1180451).
   - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module
     due to not checking return value of bfd_malloc (bsc#1180454).
   - CVE-2020-35507: Fixed a null pointer dereference in
     bfd_pef_parse_function_stubs() (bsc#1180461).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3616=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3616=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3616=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3616=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3616=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3616=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3616=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3616=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3616=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3616=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3616=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3616=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      binutils-2.37-7.21.2
      binutils-debuginfo-2.37-7.21.2
      binutils-debugsource-2.37-7.21.2
      binutils-devel-2.37-7.21.2
      libctf-nobfd0-2.37-7.21.2
      libctf-nobfd0-debuginfo-2.37-7.21.2
      libctf0-2.37-7.21.2
      libctf0-debuginfo-2.37-7.21.2

   - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):

      binutils-devel-32bit-2.37-7.21.2

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      binutils-2.37-7.21.2
      binutils-debuginfo-2.37-7.21.2
      binutils-debugsource-2.37-7.21.2
      binutils-devel-2.37-7.21.2
      libctf-nobfd0-2.37-7.21.2
      libctf-nobfd0-debuginfo-2.37-7.21.2
      libctf0-2.37-7.21.2
      libctf0-debuginfo-2.37-7.21.2

   - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):

      binutils-devel-32bit-2.37-7.21.2

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      binutils-2.37-7.21.2
      binutils-debuginfo-2.37-7.21.2
      binutils-debugsource-2.37-7.21.2
      binutils-devel-2.37-7.21.2
      binutils-devel-32bit-2.37-7.21.2
      libctf-nobfd0-2.37-7.21.2
      libctf-nobfd0-debuginfo-2.37-7.21.2
      libctf0-2.37-7.21.2
      libctf0-debuginfo-2.37-7.21.2

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):

      binutils-debuginfo-2.37-7.21.2
      binutils-debugsource-2.37-7.21.2
      binutils-gold-2.37-7.21.2
      binutils-gold-debuginfo-2.37-7.21.2

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64):

      binutils-debuginfo-2.37-7.21.2
      binutils-debugsource-2.37-7.21.2
      binutils-gold-2.37-7.21.2
      binutils-gold-debuginfo-2.37-7.21.2

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      bpftrace-0.11.4-3.2.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64):

      binutils-debugsource-2.37-7.21.2
      binutils-devel-32bit-2.37-7.21.2

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):

      bpftrace-tools-0.11.4-3.2.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64):

      binutils-debugsource-2.37-7.21.2
      binutils-devel-32bit-2.37-7.21.2

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      binutils-2.37-7.21.2
      binutils-debuginfo-2.37-7.21.2
      binutils-debugsource-2.37-7.21.2
      binutils-devel-2.37-7.21.2
      libctf-nobfd0-2.37-7.21.2
      libctf-nobfd0-debuginfo-2.37-7.21.2
      libctf0-2.37-7.21.2
      libctf0-debuginfo-2.37-7.21.2

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      binutils-2.37-7.21.2
      binutils-debuginfo-2.37-7.21.2
      binutils-debugsource-2.37-7.21.2
      binutils-devel-2.37-7.21.2
      libctf-nobfd0-2.37-7.21.2
      libctf-nobfd0-debuginfo-2.37-7.21.2
      libctf0-2.37-7.21.2
      libctf0-debuginfo-2.37-7.21.2

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      binutils-2.37-7.21.2
      binutils-debuginfo-2.37-7.21.2
      binutils-debugsource-2.37-7.21.2
      binutils-devel-2.37-7.21.2
      libctf-nobfd0-2.37-7.21.2
      libctf-nobfd0-debuginfo-2.37-7.21.2
      libctf0-2.37-7.21.2
      libctf0-debuginfo-2.37-7.21.2

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):

      binutils-devel-32bit-2.37-7.21.2

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      binutils-2.37-7.21.2
      binutils-debuginfo-2.37-7.21.2
      binutils-debugsource-2.37-7.21.2
      binutils-devel-2.37-7.21.2
      libctf-nobfd0-2.37-7.21.2
      libctf-nobfd0-debuginfo-2.37-7.21.2
      libctf0-2.37-7.21.2
      libctf0-debuginfo-2.37-7.21.2

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):

      binutils-devel-32bit-2.37-7.21.2

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      binutils-2.37-7.21.2
      binutils-debuginfo-2.37-7.21.2
      binutils-debugsource-2.37-7.21.2
      binutils-devel-2.37-7.21.2
      libctf-nobfd0-2.37-7.21.2
      libctf-nobfd0-debuginfo-2.37-7.21.2
      libctf0-2.37-7.21.2
      libctf0-debuginfo-2.37-7.21.2

   - SUSE Enterprise Storage 6 (x86_64):

      binutils-devel-32bit-2.37-7.21.2

   - SUSE CaaS Platform 4.0 (x86_64):

      binutils-2.37-7.21.2
      binutils-debuginfo-2.37-7.21.2
      binutils-debugsource-2.37-7.21.2
      binutils-devel-2.37-7.21.2
      binutils-devel-32bit-2.37-7.21.2
      libctf-nobfd0-2.37-7.21.2
      libctf-nobfd0-debuginfo-2.37-7.21.2
      libctf0-2.37-7.21.2
      libctf0-debuginfo-2.37-7.21.2


References:

   https://www.suse.com/security/cve/CVE-2020-16590.html
   https://www.suse.com/security/cve/CVE-2020-16591.html
   https://www.suse.com/security/cve/CVE-2020-16592.html
   https://www.suse.com/security/cve/CVE-2020-16593.html
   https://www.suse.com/security/cve/CVE-2020-16598.html
   https://www.suse.com/security/cve/CVE-2020-16599.html
   https://www.suse.com/security/cve/CVE-2020-35448.html
   https://www.suse.com/security/cve/CVE-2020-35493.html
   https://www.suse.com/security/cve/CVE-2020-35496.html
   https://www.suse.com/security/cve/CVE-2020-35507.html
   https://www.suse.com/security/cve/CVE-2021-20197.html
   https://www.suse.com/security/cve/CVE-2021-20284.html
   https://www.suse.com/security/cve/CVE-2021-3487.html
   https://bugzilla.suse.com/1179898
   https://bugzilla.suse.com/1179899
   https://bugzilla.suse.com/1179900
   https://bugzilla.suse.com/1179901
   https://bugzilla.suse.com/1179902
   https://bugzilla.suse.com/1179903
   https://bugzilla.suse.com/1180451
   https://bugzilla.suse.com/1180454
   https://bugzilla.suse.com/1180461
   https://bugzilla.suse.com/1181452
   https://bugzilla.suse.com/1182252
   https://bugzilla.suse.com/1183511
   https://bugzilla.suse.com/1184620
   https://bugzilla.suse.com/1184794


From sle-updates at lists.suse.com  Thu Nov  4 17:25:33 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu,  4 Nov 2021 18:25:33 +0100 (CET)
Subject: SUSE-SU-2021:3614-1: important: Security update for qemu
Message-ID: <20211104172533.6838FFCC9@maintenance.suse.de>


   SUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3614-1
Rating:             important
References:         #1180432 #1180433 #1180434 #1180435 #1182651 
                    #1186012 #1189145 #1189702 #1189938 
Cross-References:   CVE-2020-35503 CVE-2020-35504 CVE-2020-35505
                    CVE-2020-35506 CVE-2021-20255 CVE-2021-3527
                    CVE-2021-3682 CVE-2021-3713 CVE-2021-3748
                   
CVSS scores:
                    CVE-2020-35503 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
                    CVE-2020-35503 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35504 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
                    CVE-2020-35504 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35505 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35505 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35506 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-35506 (SUSE): 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
                    CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
                    CVE-2021-3527 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3527 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
                    CVE-2021-3682 (SUSE): 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
                    CVE-2021-3713 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-3748 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:

   This update for qemu fixes the following issues:

   Security issues fixed:

   - Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation
     (bsc#1189702, CVE-2021-3713)
   - Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938,
     CVE-2021-3748)
   - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145,
     CVE-2021-3682)
   - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504)
     (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506)
   - NULL pointer dereference issue in megasas-gen2 host bus adapter
     (bsc#1180432, CVE-2020-35503)
   - eepro100: stack overflow via infinite recursion (bsc#1182651,
     CVE-2021-20255)
   - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527)

   Non-security issues fixed:

   - Use max host physical address if -cpu max is used (bsc#1188299)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3614=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3614=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3614=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3614=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3614=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3614=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      qemu-3.1.1.1-80.40.1
      qemu-block-curl-3.1.1.1-80.40.1
      qemu-block-curl-debuginfo-3.1.1.1-80.40.1
      qemu-block-iscsi-3.1.1.1-80.40.1
      qemu-block-iscsi-debuginfo-3.1.1.1-80.40.1
      qemu-block-rbd-3.1.1.1-80.40.1
      qemu-block-rbd-debuginfo-3.1.1.1-80.40.1
      qemu-block-ssh-3.1.1.1-80.40.1
      qemu-block-ssh-debuginfo-3.1.1.1-80.40.1
      qemu-debuginfo-3.1.1.1-80.40.1
      qemu-debugsource-3.1.1.1-80.40.1
      qemu-guest-agent-3.1.1.1-80.40.1
      qemu-guest-agent-debuginfo-3.1.1.1-80.40.1
      qemu-lang-3.1.1.1-80.40.1
      qemu-tools-3.1.1.1-80.40.1
      qemu-tools-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le):

      qemu-ppc-3.1.1.1-80.40.1
      qemu-ppc-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):

      qemu-audio-alsa-3.1.1.1-80.40.1
      qemu-audio-alsa-debuginfo-3.1.1.1-80.40.1
      qemu-audio-oss-3.1.1.1-80.40.1
      qemu-audio-oss-debuginfo-3.1.1.1-80.40.1
      qemu-audio-pa-3.1.1.1-80.40.1
      qemu-audio-pa-debuginfo-3.1.1.1-80.40.1
      qemu-kvm-3.1.1.1-80.40.1
      qemu-ui-curses-3.1.1.1-80.40.1
      qemu-ui-curses-debuginfo-3.1.1.1-80.40.1
      qemu-ui-gtk-3.1.1.1-80.40.1
      qemu-ui-gtk-debuginfo-3.1.1.1-80.40.1
      qemu-x86-3.1.1.1-80.40.1
      qemu-x86-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

      qemu-ipxe-1.0.0+-80.40.1
      qemu-seabios-1.12.0_0_ga698c89-80.40.1
      qemu-sgabios-8-80.40.1
      qemu-vgabios-1.12.0_0_ga698c89-80.40.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      qemu-3.1.1.1-80.40.1
      qemu-block-curl-3.1.1.1-80.40.1
      qemu-block-curl-debuginfo-3.1.1.1-80.40.1
      qemu-block-iscsi-3.1.1.1-80.40.1
      qemu-block-iscsi-debuginfo-3.1.1.1-80.40.1
      qemu-block-rbd-3.1.1.1-80.40.1
      qemu-block-rbd-debuginfo-3.1.1.1-80.40.1
      qemu-block-ssh-3.1.1.1-80.40.1
      qemu-block-ssh-debuginfo-3.1.1.1-80.40.1
      qemu-debuginfo-3.1.1.1-80.40.1
      qemu-debugsource-3.1.1.1-80.40.1
      qemu-guest-agent-3.1.1.1-80.40.1
      qemu-guest-agent-debuginfo-3.1.1.1-80.40.1
      qemu-lang-3.1.1.1-80.40.1
      qemu-tools-3.1.1.1-80.40.1
      qemu-tools-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x x86_64):

      qemu-kvm-3.1.1.1-80.40.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le):

      qemu-ppc-3.1.1.1-80.40.1
      qemu-ppc-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64):

      qemu-arm-3.1.1.1-80.40.1
      qemu-arm-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):

      qemu-audio-alsa-3.1.1.1-80.40.1
      qemu-audio-alsa-debuginfo-3.1.1.1-80.40.1
      qemu-audio-oss-3.1.1.1-80.40.1
      qemu-audio-oss-debuginfo-3.1.1.1-80.40.1
      qemu-audio-pa-3.1.1.1-80.40.1
      qemu-audio-pa-debuginfo-3.1.1.1-80.40.1
      qemu-ui-curses-3.1.1.1-80.40.1
      qemu-ui-curses-debuginfo-3.1.1.1-80.40.1
      qemu-ui-gtk-3.1.1.1-80.40.1
      qemu-ui-gtk-debuginfo-3.1.1.1-80.40.1
      qemu-x86-3.1.1.1-80.40.1
      qemu-x86-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

      qemu-ipxe-1.0.0+-80.40.1
      qemu-seabios-1.12.0_0_ga698c89-80.40.1
      qemu-sgabios-8-80.40.1
      qemu-vgabios-1.12.0_0_ga698c89-80.40.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):

      qemu-s390-3.1.1.1-80.40.1
      qemu-s390-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

      qemu-ipxe-1.0.0+-80.40.1
      qemu-seabios-1.12.0_0_ga698c89-80.40.1
      qemu-sgabios-8-80.40.1
      qemu-vgabios-1.12.0_0_ga698c89-80.40.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      qemu-3.1.1.1-80.40.1
      qemu-audio-alsa-3.1.1.1-80.40.1
      qemu-audio-alsa-debuginfo-3.1.1.1-80.40.1
      qemu-audio-oss-3.1.1.1-80.40.1
      qemu-audio-oss-debuginfo-3.1.1.1-80.40.1
      qemu-audio-pa-3.1.1.1-80.40.1
      qemu-audio-pa-debuginfo-3.1.1.1-80.40.1
      qemu-block-curl-3.1.1.1-80.40.1
      qemu-block-curl-debuginfo-3.1.1.1-80.40.1
      qemu-block-iscsi-3.1.1.1-80.40.1
      qemu-block-iscsi-debuginfo-3.1.1.1-80.40.1
      qemu-block-rbd-3.1.1.1-80.40.1
      qemu-block-rbd-debuginfo-3.1.1.1-80.40.1
      qemu-block-ssh-3.1.1.1-80.40.1
      qemu-block-ssh-debuginfo-3.1.1.1-80.40.1
      qemu-debuginfo-3.1.1.1-80.40.1
      qemu-debugsource-3.1.1.1-80.40.1
      qemu-guest-agent-3.1.1.1-80.40.1
      qemu-guest-agent-debuginfo-3.1.1.1-80.40.1
      qemu-kvm-3.1.1.1-80.40.1
      qemu-lang-3.1.1.1-80.40.1
      qemu-tools-3.1.1.1-80.40.1
      qemu-tools-debuginfo-3.1.1.1-80.40.1
      qemu-ui-curses-3.1.1.1-80.40.1
      qemu-ui-curses-debuginfo-3.1.1.1-80.40.1
      qemu-ui-gtk-3.1.1.1-80.40.1
      qemu-ui-gtk-debuginfo-3.1.1.1-80.40.1
      qemu-x86-3.1.1.1-80.40.1
      qemu-x86-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      qemu-3.1.1.1-80.40.1
      qemu-block-curl-3.1.1.1-80.40.1
      qemu-block-curl-debuginfo-3.1.1.1-80.40.1
      qemu-block-iscsi-3.1.1.1-80.40.1
      qemu-block-iscsi-debuginfo-3.1.1.1-80.40.1
      qemu-block-rbd-3.1.1.1-80.40.1
      qemu-block-rbd-debuginfo-3.1.1.1-80.40.1
      qemu-block-ssh-3.1.1.1-80.40.1
      qemu-block-ssh-debuginfo-3.1.1.1-80.40.1
      qemu-debuginfo-3.1.1.1-80.40.1
      qemu-debugsource-3.1.1.1-80.40.1
      qemu-guest-agent-3.1.1.1-80.40.1
      qemu-guest-agent-debuginfo-3.1.1.1-80.40.1
      qemu-lang-3.1.1.1-80.40.1
      qemu-tools-3.1.1.1-80.40.1
      qemu-tools-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64):

      qemu-arm-3.1.1.1-80.40.1
      qemu-arm-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):

      qemu-audio-alsa-3.1.1.1-80.40.1
      qemu-audio-alsa-debuginfo-3.1.1.1-80.40.1
      qemu-audio-oss-3.1.1.1-80.40.1
      qemu-audio-oss-debuginfo-3.1.1.1-80.40.1
      qemu-audio-pa-3.1.1.1-80.40.1
      qemu-audio-pa-debuginfo-3.1.1.1-80.40.1
      qemu-kvm-3.1.1.1-80.40.1
      qemu-ui-curses-3.1.1.1-80.40.1
      qemu-ui-curses-debuginfo-3.1.1.1-80.40.1
      qemu-ui-gtk-3.1.1.1-80.40.1
      qemu-ui-gtk-debuginfo-3.1.1.1-80.40.1
      qemu-x86-3.1.1.1-80.40.1
      qemu-x86-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

      qemu-ipxe-1.0.0+-80.40.1
      qemu-seabios-1.12.0_0_ga698c89-80.40.1
      qemu-sgabios-8-80.40.1
      qemu-vgabios-1.12.0_0_ga698c89-80.40.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      qemu-3.1.1.1-80.40.1
      qemu-block-curl-3.1.1.1-80.40.1
      qemu-block-curl-debuginfo-3.1.1.1-80.40.1
      qemu-block-iscsi-3.1.1.1-80.40.1
      qemu-block-iscsi-debuginfo-3.1.1.1-80.40.1
      qemu-block-rbd-3.1.1.1-80.40.1
      qemu-block-rbd-debuginfo-3.1.1.1-80.40.1
      qemu-block-ssh-3.1.1.1-80.40.1
      qemu-block-ssh-debuginfo-3.1.1.1-80.40.1
      qemu-debuginfo-3.1.1.1-80.40.1
      qemu-debugsource-3.1.1.1-80.40.1
      qemu-guest-agent-3.1.1.1-80.40.1
      qemu-guest-agent-debuginfo-3.1.1.1-80.40.1
      qemu-lang-3.1.1.1-80.40.1
      qemu-tools-3.1.1.1-80.40.1
      qemu-tools-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64):

      qemu-arm-3.1.1.1-80.40.1
      qemu-arm-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):

      qemu-audio-alsa-3.1.1.1-80.40.1
      qemu-audio-alsa-debuginfo-3.1.1.1-80.40.1
      qemu-audio-oss-3.1.1.1-80.40.1
      qemu-audio-oss-debuginfo-3.1.1.1-80.40.1
      qemu-audio-pa-3.1.1.1-80.40.1
      qemu-audio-pa-debuginfo-3.1.1.1-80.40.1
      qemu-kvm-3.1.1.1-80.40.1
      qemu-ui-curses-3.1.1.1-80.40.1
      qemu-ui-curses-debuginfo-3.1.1.1-80.40.1
      qemu-ui-gtk-3.1.1.1-80.40.1
      qemu-ui-gtk-debuginfo-3.1.1.1-80.40.1
      qemu-x86-3.1.1.1-80.40.1
      qemu-x86-debuginfo-3.1.1.1-80.40.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

      qemu-ipxe-1.0.0+-80.40.1
      qemu-seabios-1.12.0_0_ga698c89-80.40.1
      qemu-sgabios-8-80.40.1
      qemu-vgabios-1.12.0_0_ga698c89-80.40.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      qemu-3.1.1.1-80.40.1
      qemu-block-curl-3.1.1.1-80.40.1
      qemu-block-curl-debuginfo-3.1.1.1-80.40.1
      qemu-block-iscsi-3.1.1.1-80.40.1
      qemu-block-iscsi-debuginfo-3.1.1.1-80.40.1
      qemu-block-rbd-3.1.1.1-80.40.1
      qemu-block-rbd-debuginfo-3.1.1.1-80.40.1
      qemu-block-ssh-3.1.1.1-80.40.1
      qemu-block-ssh-debuginfo-3.1.1.1-80.40.1
      qemu-debuginfo-3.1.1.1-80.40.1
      qemu-debugsource-3.1.1.1-80.40.1
      qemu-guest-agent-3.1.1.1-80.40.1
      qemu-guest-agent-debuginfo-3.1.1.1-80.40.1
      qemu-lang-3.1.1.1-80.40.1
      qemu-tools-3.1.1.1-80.40.1
      qemu-tools-debuginfo-3.1.1.1-80.40.1

   - SUSE Enterprise Storage 6 (aarch64):

      qemu-arm-3.1.1.1-80.40.1
      qemu-arm-debuginfo-3.1.1.1-80.40.1

   - SUSE Enterprise Storage 6 (noarch):

      qemu-ipxe-1.0.0+-80.40.1
      qemu-seabios-1.12.0_0_ga698c89-80.40.1
      qemu-sgabios-8-80.40.1
      qemu-vgabios-1.12.0_0_ga698c89-80.40.1

   - SUSE Enterprise Storage 6 (x86_64):

      qemu-audio-alsa-3.1.1.1-80.40.1
      qemu-audio-alsa-debuginfo-3.1.1.1-80.40.1
      qemu-audio-oss-3.1.1.1-80.40.1
      qemu-audio-oss-debuginfo-3.1.1.1-80.40.1
      qemu-audio-pa-3.1.1.1-80.40.1
      qemu-audio-pa-debuginfo-3.1.1.1-80.40.1
      qemu-kvm-3.1.1.1-80.40.1
      qemu-ui-curses-3.1.1.1-80.40.1
      qemu-ui-curses-debuginfo-3.1.1.1-80.40.1
      qemu-ui-gtk-3.1.1.1-80.40.1
      qemu-ui-gtk-debuginfo-3.1.1.1-80.40.1
      qemu-x86-3.1.1.1-80.40.1
      qemu-x86-debuginfo-3.1.1.1-80.40.1

   - SUSE CaaS Platform 4.0 (noarch):

      qemu-ipxe-1.0.0+-80.40.1
      qemu-seabios-1.12.0_0_ga698c89-80.40.1
      qemu-sgabios-8-80.40.1
      qemu-vgabios-1.12.0_0_ga698c89-80.40.1

   - SUSE CaaS Platform 4.0 (x86_64):

      qemu-3.1.1.1-80.40.1
      qemu-audio-alsa-3.1.1.1-80.40.1
      qemu-audio-alsa-debuginfo-3.1.1.1-80.40.1
      qemu-audio-oss-3.1.1.1-80.40.1
      qemu-audio-oss-debuginfo-3.1.1.1-80.40.1
      qemu-audio-pa-3.1.1.1-80.40.1
      qemu-audio-pa-debuginfo-3.1.1.1-80.40.1
      qemu-block-curl-3.1.1.1-80.40.1
      qemu-block-curl-debuginfo-3.1.1.1-80.40.1
      qemu-block-iscsi-3.1.1.1-80.40.1
      qemu-block-iscsi-debuginfo-3.1.1.1-80.40.1
      qemu-block-rbd-3.1.1.1-80.40.1
      qemu-block-rbd-debuginfo-3.1.1.1-80.40.1
      qemu-block-ssh-3.1.1.1-80.40.1
      qemu-block-ssh-debuginfo-3.1.1.1-80.40.1
      qemu-debuginfo-3.1.1.1-80.40.1
      qemu-debugsource-3.1.1.1-80.40.1
      qemu-guest-agent-3.1.1.1-80.40.1
      qemu-guest-agent-debuginfo-3.1.1.1-80.40.1
      qemu-kvm-3.1.1.1-80.40.1
      qemu-lang-3.1.1.1-80.40.1
      qemu-tools-3.1.1.1-80.40.1
      qemu-tools-debuginfo-3.1.1.1-80.40.1
      qemu-ui-curses-3.1.1.1-80.40.1
      qemu-ui-curses-debuginfo-3.1.1.1-80.40.1
      qemu-ui-gtk-3.1.1.1-80.40.1
      qemu-ui-gtk-debuginfo-3.1.1.1-80.40.1
      qemu-x86-3.1.1.1-80.40.1
      qemu-x86-debuginfo-3.1.1.1-80.40.1


References:

   https://www.suse.com/security/cve/CVE-2020-35503.html
   https://www.suse.com/security/cve/CVE-2020-35504.html
   https://www.suse.com/security/cve/CVE-2020-35505.html
   https://www.suse.com/security/cve/CVE-2020-35506.html
   https://www.suse.com/security/cve/CVE-2021-20255.html
   https://www.suse.com/security/cve/CVE-2021-3527.html
   https://www.suse.com/security/cve/CVE-2021-3682.html
   https://www.suse.com/security/cve/CVE-2021-3713.html
   https://www.suse.com/security/cve/CVE-2021-3748.html
   https://bugzilla.suse.com/1180432
   https://bugzilla.suse.com/1180433
   https://bugzilla.suse.com/1180434
   https://bugzilla.suse.com/1180435
   https://bugzilla.suse.com/1182651
   https://bugzilla.suse.com/1186012
   https://bugzilla.suse.com/1189145
   https://bugzilla.suse.com/1189702
   https://bugzilla.suse.com/1189938


From sle-updates at lists.suse.com  Thu Nov  4 17:30:56 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu,  4 Nov 2021 18:30:56 +0100 (CET)
Subject: SUSE-SU-2021:3613-1: important: Security update for qemu
Message-ID: <20211104173056.647BAFCC9@maintenance.suse.de>


   SUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3613-1
Rating:             important
References:         #1180432 #1180433 #1180434 #1180435 #1182651 
                    #1186012 #1189145 #1189702 #1189938 
Cross-References:   CVE-2020-35503 CVE-2020-35504 CVE-2020-35505
                    CVE-2020-35506 CVE-2021-20255 CVE-2021-3527
                    CVE-2021-3682 CVE-2021-3713 CVE-2021-3748
                   
CVSS scores:
                    CVE-2020-35503 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
                    CVE-2020-35503 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35504 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
                    CVE-2020-35504 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35505 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35505 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35506 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-35506 (SUSE): 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
                    CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
                    CVE-2021-3527 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3527 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
                    CVE-2021-3682 (SUSE): 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
                    CVE-2021-3713 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-3748 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:

   This update for qemu fixes the following issues:

   Security issues fixed:

   - Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938,
     CVE-2021-3748)
   - Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation
     (bsc#1189702, CVE-2021-3713)
   - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145,
     CVE-2021-3682)
   - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504)
     (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506)
   - NULL pointer dereference issue in megasas-gen2 host bus adapter
     (bsc#1180432, CVE-2020-35503)
   - eepro100: stack overflow via infinite recursion (bsc#1182651,
     CVE-2021-20255)
   - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3613=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3613=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3613=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3613=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      qemu-2.11.2-70.59.1
      qemu-block-curl-2.11.2-70.59.1
      qemu-block-curl-debuginfo-2.11.2-70.59.1
      qemu-block-iscsi-2.11.2-70.59.1
      qemu-block-iscsi-debuginfo-2.11.2-70.59.1
      qemu-block-rbd-2.11.2-70.59.1
      qemu-block-rbd-debuginfo-2.11.2-70.59.1
      qemu-block-ssh-2.11.2-70.59.1
      qemu-block-ssh-debuginfo-2.11.2-70.59.1
      qemu-debuginfo-2.11.2-70.59.1
      qemu-debugsource-2.11.2-70.59.1
      qemu-guest-agent-2.11.2-70.59.1
      qemu-guest-agent-debuginfo-2.11.2-70.59.1
      qemu-lang-2.11.2-70.59.1
      qemu-tools-2.11.2-70.59.1
      qemu-tools-debuginfo-2.11.2-70.59.1

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le):

      qemu-ppc-2.11.2-70.59.1
      qemu-ppc-debuginfo-2.11.2-70.59.1

   - SUSE Linux Enterprise Server for SAP 15 (x86_64):

      qemu-kvm-2.11.2-70.59.1
      qemu-x86-2.11.2-70.59.1
      qemu-x86-debuginfo-2.11.2-70.59.1

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      qemu-ipxe-1.0.0+-70.59.1
      qemu-seabios-1.11.0_0_g63451fc-70.59.1
      qemu-sgabios-8-70.59.1
      qemu-vgabios-1.11.0_0_g63451fc-70.59.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      qemu-2.11.2-70.59.1
      qemu-block-curl-2.11.2-70.59.1
      qemu-block-curl-debuginfo-2.11.2-70.59.1
      qemu-block-iscsi-2.11.2-70.59.1
      qemu-block-iscsi-debuginfo-2.11.2-70.59.1
      qemu-block-rbd-2.11.2-70.59.1
      qemu-block-rbd-debuginfo-2.11.2-70.59.1
      qemu-block-ssh-2.11.2-70.59.1
      qemu-block-ssh-debuginfo-2.11.2-70.59.1
      qemu-debuginfo-2.11.2-70.59.1
      qemu-debugsource-2.11.2-70.59.1
      qemu-guest-agent-2.11.2-70.59.1
      qemu-guest-agent-debuginfo-2.11.2-70.59.1
      qemu-lang-2.11.2-70.59.1
      qemu-tools-2.11.2-70.59.1
      qemu-tools-debuginfo-2.11.2-70.59.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64):

      qemu-arm-2.11.2-70.59.1
      qemu-arm-debuginfo-2.11.2-70.59.1

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      qemu-ipxe-1.0.0+-70.59.1
      qemu-vgabios-1.11.0_0_g63451fc-70.59.1

   - SUSE Linux Enterprise Server 15-LTSS (s390x):

      qemu-kvm-2.11.2-70.59.1
      qemu-s390-2.11.2-70.59.1
      qemu-s390-debuginfo-2.11.2-70.59.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      qemu-2.11.2-70.59.1
      qemu-block-curl-2.11.2-70.59.1
      qemu-block-curl-debuginfo-2.11.2-70.59.1
      qemu-block-iscsi-2.11.2-70.59.1
      qemu-block-iscsi-debuginfo-2.11.2-70.59.1
      qemu-block-rbd-2.11.2-70.59.1
      qemu-block-rbd-debuginfo-2.11.2-70.59.1
      qemu-block-ssh-2.11.2-70.59.1
      qemu-block-ssh-debuginfo-2.11.2-70.59.1
      qemu-debuginfo-2.11.2-70.59.1
      qemu-debugsource-2.11.2-70.59.1
      qemu-guest-agent-2.11.2-70.59.1
      qemu-guest-agent-debuginfo-2.11.2-70.59.1
      qemu-lang-2.11.2-70.59.1
      qemu-tools-2.11.2-70.59.1
      qemu-tools-debuginfo-2.11.2-70.59.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64):

      qemu-arm-2.11.2-70.59.1
      qemu-arm-debuginfo-2.11.2-70.59.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):

      qemu-kvm-2.11.2-70.59.1
      qemu-x86-2.11.2-70.59.1
      qemu-x86-debuginfo-2.11.2-70.59.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      qemu-ipxe-1.0.0+-70.59.1
      qemu-seabios-1.11.0_0_g63451fc-70.59.1
      qemu-sgabios-8-70.59.1
      qemu-vgabios-1.11.0_0_g63451fc-70.59.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      qemu-2.11.2-70.59.1
      qemu-block-curl-2.11.2-70.59.1
      qemu-block-curl-debuginfo-2.11.2-70.59.1
      qemu-block-iscsi-2.11.2-70.59.1
      qemu-block-iscsi-debuginfo-2.11.2-70.59.1
      qemu-block-rbd-2.11.2-70.59.1
      qemu-block-rbd-debuginfo-2.11.2-70.59.1
      qemu-block-ssh-2.11.2-70.59.1
      qemu-block-ssh-debuginfo-2.11.2-70.59.1
      qemu-debuginfo-2.11.2-70.59.1
      qemu-debugsource-2.11.2-70.59.1
      qemu-guest-agent-2.11.2-70.59.1
      qemu-guest-agent-debuginfo-2.11.2-70.59.1
      qemu-lang-2.11.2-70.59.1
      qemu-tools-2.11.2-70.59.1
      qemu-tools-debuginfo-2.11.2-70.59.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64):

      qemu-arm-2.11.2-70.59.1
      qemu-arm-debuginfo-2.11.2-70.59.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      qemu-ipxe-1.0.0+-70.59.1
      qemu-seabios-1.11.0_0_g63451fc-70.59.1
      qemu-sgabios-8-70.59.1
      qemu-vgabios-1.11.0_0_g63451fc-70.59.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):

      qemu-kvm-2.11.2-70.59.1
      qemu-x86-2.11.2-70.59.1
      qemu-x86-debuginfo-2.11.2-70.59.1


References:

   https://www.suse.com/security/cve/CVE-2020-35503.html
   https://www.suse.com/security/cve/CVE-2020-35504.html
   https://www.suse.com/security/cve/CVE-2020-35505.html
   https://www.suse.com/security/cve/CVE-2020-35506.html
   https://www.suse.com/security/cve/CVE-2021-20255.html
   https://www.suse.com/security/cve/CVE-2021-3527.html
   https://www.suse.com/security/cve/CVE-2021-3682.html
   https://www.suse.com/security/cve/CVE-2021-3713.html
   https://www.suse.com/security/cve/CVE-2021-3748.html
   https://bugzilla.suse.com/1180432
   https://bugzilla.suse.com/1180433
   https://bugzilla.suse.com/1180434
   https://bugzilla.suse.com/1180435
   https://bugzilla.suse.com/1182651
   https://bugzilla.suse.com/1186012
   https://bugzilla.suse.com/1189145
   https://bugzilla.suse.com/1189702
   https://bugzilla.suse.com/1189938


From sle-updates at lists.suse.com  Thu Nov  4 23:16:28 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri,  5 Nov 2021 00:16:28 +0100 (CET)
Subject: SUSE-RU-2021:3617-1: moderate: Recommended update for samba
Message-ID: <20211104231628.92750FBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for samba
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3617-1
Rating:             moderate
References:         #1188727 
Affected Products:
                    SUSE Linux Enterprise Module for Python2 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for samba fixes the following issues:

   - Fix wrong 'kvno' exported to keytab after 'net ads changetrustpw' due to
     replication delay. (bsc#1188727)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Python2 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-3617=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3617=1

   - SUSE Linux Enterprise High Availability 15-SP2:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3617=1



Package List:

   - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64):

      samba-ad-dc-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-ad-dc-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-debugsource-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-dsdb-modules-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-dsdb-modules-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      libdcerpc-binding0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libdcerpc-binding0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libdcerpc-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libdcerpc-samr-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libdcerpc-samr0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libdcerpc-samr0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libdcerpc0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libdcerpc0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-krb5pac-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-krb5pac0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-krb5pac0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-nbt-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-nbt0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-nbt0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-standard-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-standard0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-standard0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libnetapi-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libnetapi0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libnetapi0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-credentials-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-credentials0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-credentials0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-errors-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-errors0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-errors0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-hostconfig-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-hostconfig0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-hostconfig0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-passdb-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-passdb0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-passdb0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-policy-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-policy-python3-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-policy0-python3-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-policy0-python3-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-util-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-util0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-util0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamdb-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamdb0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamdb0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbclient-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbclient0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbclient0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbconf-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbconf0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbconf0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbldap-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbldap2-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbldap2-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libtevent-util-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libtevent-util0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libtevent-util0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libwbclient-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      libwbclient0-4.11.14+git.263.a1d04a0b95e-4.25.8
      libwbclient0-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-client-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-client-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-core-devel-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-debugsource-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-dsdb-modules-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-dsdb-modules-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-libs-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-libs-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-libs-python3-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-libs-python3-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-python3-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-python3-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-winbind-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-winbind-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):

      samba-ceph-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-ceph-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64):

      libdcerpc-binding0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libdcerpc-binding0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libdcerpc0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libdcerpc0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-krb5pac0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-krb5pac0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-nbt0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-nbt0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-standard0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr-standard0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libndr0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libnetapi0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libnetapi0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-credentials0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-credentials0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-errors0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-errors0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-hostconfig0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-passdb0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-passdb0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-util0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamba-util0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamdb0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsamdb0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbconf0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbconf0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbldap2-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libsmbldap2-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libtevent-util0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libtevent-util0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      libwbclient0-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      libwbclient0-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-libs-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-libs-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-winbind-32bit-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-winbind-32bit-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8

   - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):

      ctdb-4.11.14+git.263.a1d04a0b95e-4.25.8
      ctdb-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-debuginfo-4.11.14+git.263.a1d04a0b95e-4.25.8
      samba-debugsource-4.11.14+git.263.a1d04a0b95e-4.25.8


References:

   https://bugzilla.suse.com/1188727


From sle-updates at lists.suse.com  Fri Nov  5 07:36:10 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri,  5 Nov 2021 08:36:10 +0100 (CET)
Subject: SUSE-CU-2021:493-1: Security update of suse/sles12sp5
Message-ID: <20211105073610.E360EFBAC@maintenance.suse.de>

SUSE Container Update Advisory: suse/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:493-1
Container Tags        : suse/sles12sp5:6.5.253 , suse/sles12sp5:latest
Container Release     : 6.5.253
Severity              : moderate
Type                  : security
References            : 1171962 1180225 1188018 1188063 1188291 1189480 1191399 CVE-2021-33910
-----------------------------------------------------------------

The container suse/sles12sp5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3611-1
Released:    Thu Nov  4 11:14:44 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1171962,1180225,1188018,1188063,1188291,1189480,1191399,CVE-2021-33910
This update for systemd fixes the following issues:

- machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
- Add timestamp to D-Bus events to improve traceability. (jsc#SLE-21894)
- busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225, jsc#SLE-21894)
- sysctl: configure kernel parameters in the order they occur in each sysctl configuration files (bsc#1191399)
- basic/unit-name: do not use strdupa() on a path (bsc#1188063, CVE-2021-33910)
- logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018)
- units: make fsck/grows/makefs/makeswap units conflict against shutdown.target
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Avoid the error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291)
- Allow systemd sysusers config files to be overriden during system installation (bsc#1171962)


The following package changes have been done:

- libsystemd0-228-157.33.1 updated
- libudev1-228-157.33.1 updated

From sle-updates at lists.suse.com  Fri Nov  5 17:17:20 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri,  5 Nov 2021 18:17:20 +0100 (CET)
Subject: SUSE-SU-2021:3619-1: moderate: Security update for libvirt
Message-ID: <20211105171720.6C00BFBAC@maintenance.suse.de>


   SUSE Security Update: Security update for libvirt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3619-1
Rating:             moderate
References:         #1177902 #1183247 #1186398 #1190420 #1190493 
                    #1190693 #1190695 #1190917 
Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Module for Server Applications 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   This update for libvirt fixes the following issues:

   - lxc: controller: Fix container launch on cgroup v1. (bsc#1183247)
   - supportconfig: Use systemctl command 'is-active' instead of 'is-enabled'
     when checking if libvirtd is active.
   - qemu: Do not report error in the logs when processing monitor IO.
     (bsc#1190917)
   - spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693)
   - spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when
     running in traditional mode without socket activation. (bsc#1190695)
   - libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493)
   - libxl: Fix driver reload. (bsc#1190420)
   - qemu: Set label on virtual host network device when hotplugging.
     (bsc#1186398)
   - supportconfig: When checking for installed hypervisor drivers, use the
     libvirtr-daemon-driver-<hypervisor> package instead of
     libvirt-daemon-<hypervisor>. The latter are not required packages for a
     functioning hypervisor driver.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3619=1

   - SUSE Linux Enterprise Module for Server Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3619=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3619=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      libvirt-daemon-7.1.0-6.8.1
      libvirt-daemon-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-interface-7.1.0-6.8.1
      libvirt-daemon-driver-interface-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-network-7.1.0-6.8.1
      libvirt-daemon-driver-network-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-nodedev-7.1.0-6.8.1
      libvirt-daemon-driver-nodedev-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-nwfilter-7.1.0-6.8.1
      libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-qemu-7.1.0-6.8.1
      libvirt-daemon-driver-qemu-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-secret-7.1.0-6.8.1
      libvirt-daemon-driver-secret-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-7.1.0-6.8.1
      libvirt-daemon-driver-storage-core-7.1.0-6.8.1
      libvirt-daemon-driver-storage-core-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-disk-7.1.0-6.8.1
      libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-iscsi-7.1.0-6.8.1
      libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-iscsi-direct-7.1.0-6.8.1
      libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-logical-7.1.0-6.8.1
      libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-mpath-7.1.0-6.8.1
      libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-scsi-7.1.0-6.8.1
      libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-6.8.1
      libvirt-daemon-qemu-7.1.0-6.8.1
      libvirt-debugsource-7.1.0-6.8.1
      libvirt-libs-7.1.0-6.8.1
      libvirt-libs-debuginfo-7.1.0-6.8.1

   - SUSE MicroOS 5.1 (aarch64 x86_64):

      libvirt-daemon-driver-storage-rbd-7.1.0-6.8.1
      libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-6.8.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      libvirt-7.1.0-6.8.1
      libvirt-admin-7.1.0-6.8.1
      libvirt-admin-debuginfo-7.1.0-6.8.1
      libvirt-client-7.1.0-6.8.1
      libvirt-client-debuginfo-7.1.0-6.8.1
      libvirt-daemon-7.1.0-6.8.1
      libvirt-daemon-config-network-7.1.0-6.8.1
      libvirt-daemon-config-nwfilter-7.1.0-6.8.1
      libvirt-daemon-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-interface-7.1.0-6.8.1
      libvirt-daemon-driver-interface-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-lxc-7.1.0-6.8.1
      libvirt-daemon-driver-lxc-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-network-7.1.0-6.8.1
      libvirt-daemon-driver-network-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-nodedev-7.1.0-6.8.1
      libvirt-daemon-driver-nodedev-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-nwfilter-7.1.0-6.8.1
      libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-qemu-7.1.0-6.8.1
      libvirt-daemon-driver-qemu-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-secret-7.1.0-6.8.1
      libvirt-daemon-driver-secret-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-7.1.0-6.8.1
      libvirt-daemon-driver-storage-core-7.1.0-6.8.1
      libvirt-daemon-driver-storage-core-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-disk-7.1.0-6.8.1
      libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-iscsi-7.1.0-6.8.1
      libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-iscsi-direct-7.1.0-6.8.1
      libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-logical-7.1.0-6.8.1
      libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-mpath-7.1.0-6.8.1
      libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-6.8.1
      libvirt-daemon-driver-storage-scsi-7.1.0-6.8.1
      libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-6.8.1
      libvirt-daemon-hooks-7.1.0-6.8.1
      libvirt-daemon-lxc-7.1.0-6.8.1
      libvirt-daemon-qemu-7.1.0-6.8.1
      libvirt-debugsource-7.1.0-6.8.1
      libvirt-devel-7.1.0-6.8.1
      libvirt-lock-sanlock-7.1.0-6.8.1
      libvirt-lock-sanlock-debuginfo-7.1.0-6.8.1
      libvirt-nss-7.1.0-6.8.1
      libvirt-nss-debuginfo-7.1.0-6.8.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 x86_64):

      libvirt-daemon-driver-storage-rbd-7.1.0-6.8.1
      libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-6.8.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64):

      libvirt-daemon-driver-libxl-7.1.0-6.8.1
      libvirt-daemon-driver-libxl-debuginfo-7.1.0-6.8.1
      libvirt-daemon-xen-7.1.0-6.8.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):

      libvirt-bash-completion-7.1.0-6.8.1
      libvirt-doc-7.1.0-6.8.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      libvirt-debugsource-7.1.0-6.8.1
      libvirt-libs-7.1.0-6.8.1
      libvirt-libs-debuginfo-7.1.0-6.8.1


References:

   https://bugzilla.suse.com/1177902
   https://bugzilla.suse.com/1183247
   https://bugzilla.suse.com/1186398
   https://bugzilla.suse.com/1190420
   https://bugzilla.suse.com/1190493
   https://bugzilla.suse.com/1190693
   https://bugzilla.suse.com/1190695
   https://bugzilla.suse.com/1190917


From sle-updates at lists.suse.com  Fri Nov  5 20:17:09 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri,  5 Nov 2021 21:17:09 +0100 (CET)
Subject: SUSE-SU-2021:3621-1: moderate: Security update for SUSE Manager
 Server 4.1
Message-ID: <20211105201709.C1608FBAC@maintenance.suse.de>


   SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3621-1
Rating:             moderate
References:         #1185951 #1187998 #1188315 #1189609 #1189643 
                    #1189818 #1190151 #1190166 #1190265 #1190276 
                    #1190512 #1190665 #1190751 #1191144 #1191222 
                    #1191274 #1191444 #1191495 #1191538 #1191643 
                    #1191898 
Cross-References:   CVE-2021-21996
CVSS scores:
                    CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.1
______________________________________________________________________________

   An update that solves one vulnerability and has 20 fixes is
   now available.

Description:

   This update fixes the following issues:

   grafana-formula:

   - Version 0.4.2
     * Add SSH blackbox status check panel to clients dashboard
     * Migrate deprecated panels in clients dashboard

   prometheus-formula:

   - Version 0.3.4
     * Fix opening Prometheus ports on proxy
   - Version 0.3.3
     * Add Prometheus targets configuration for minions SSH probing
     * Add blackbox exporter
     * Open Prometheus ports (bsc#1191144)

   py26-compat-salt:

   - Exclude the full path of a download URL to prevent injection of alicious
     code (bsc#1190265, CVE-2021-21996)

   py26-compat-tornado:

   - No relevant changes for users

   py27-compat-salt:

   - Fix the regression of docker_container state module
   - Support querying for JSON data in external sql pillar
   - Exclude the full path of a download URL to prevent injection of
     malicious code (bsc#1190265, CVE-2021-21996)
   - Fix wrong relative paths resolution with Jinja renderer when importing
     subdirectories

   spacecmd:

   - Version 4.1.15-1
     * configchannel_updatefile handles directory properly (bsc#1190512)

   spacewalk-backend:

   - Version 4.1.29-1
     * Avoid GPG errors messages in reposync caused by rpm not understanding
       signatures (bsc#1191538)
     * handle download of metadata filesnames with checksums (bsc#1188315)
     * Sanitize cached filename for custom SSL certs used by reposync
       (bsc#1190751)

   spacewalk-certs-tools:

   - Version 4.1.19-1
     * add GPG keys using apt-key on debian machines (bsc#1187998)
     * set key format to PEM when generating key for traditional clients push
       ssh (bsc#1189643)

   spacewalk-java:

   - Version 4.1.41-1
     * Move pickedup actions to history as soon as they are pickedup
       (bsc#1191444)
     * On salt-ssh minions, enforce package list refresh after state apply
     * Fix internal server error on DuplicateSystemsCompare (bsc#1191643)
     * mgr-sync refresh logs when a vendor channel is expire and shows how to
       remove it (bsc#1191222)
     * Remove NullPointerException in rhn_web_ui.log when building an image
       (bsc#1185951)
     * Add checksums to repository metadata filenames (bsc#1188315)
     * Fix ISE in product migration if base product is missing (bsc#1190151)
     * use TLSv1.3 if it is a supported Protocol
     * Adapt auto errata update to respect maintenance windows
     * Adapt auto errata update to skip during CLM build (bsc#1189609)
     * Update kernel live patch version on minion startup (bsc#1190276)

   spacewalk-reports:

   - Version 4.1.4-1
     * Improve performance of inventory report (bsc#1191495)

   spacewalk-web:

   - Version 4.1.30-1
     * Update Web UI version to 4.1.12

   subscription-matcher:

   - Version 0.27
     * update subscription rules for new SKUs (bsc#1189818)

   susemanager:

   - Version 4.1.31-1
     * Add the gnupg package for ubuntu which is then needed by apt-key
       (bsc#1187998)
     * Add python-mako, python-gnupg and gnupg1 to the Debian 9 bootstrap
       repository so bootstrapping without any enabled repositories is
       possible (bsc#1191898)

   susemanager-doc-indexes:

   - Add SLS state for keeping clients updated in Client Configuration Guide
   - Fixed unpublished patches note in the server update chapter of the
     Upgrade Guide
   - Added DNS resolution for minions to the troubleshooting section in the
     Client Configuration Guide
   - Documented low disc space warnings in the managing disk space chapter of
     the Administration Guide
   - In the ports section of the Installation Guide, mention tftpsync
     explicitly for port 443 (bsc#1190665)
   - In server upgrade procedure of the Upgrade Guide, add zypper ref step to
     refresh repositories reliably
   - Update effective_cache_size section of the Salt Guide (bsc#1191274)
   - Documented new filter in the content lifecycle management chapter of the
     Administration Guide
   - Added aarch64 support for clients in the Installation Guide and Client
     Configuration Guide
   - Documented AWS Permissions for Virtual Host Manager in VHM and Amazon
     Web Services chapter of the Client Configuration Guide
   - Removed an outdated patches note in the server update chapter of the
   - Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
     commands on the client (bsc#1190166)
   - Removed Portus and CaaSP references from the image management chapter

   susemanager-docs_en:

   - Add SLS state for keeping clients updated in Client Configuration Guide
   - Fixed unpublished patches note in the server update chapter of the
     Upgrade Guide
   - Added DNS resolution for minions to the troubleshooting section in the
     Client Configuration Guide
   - Documented low disc space warnings in the managing disk space chapter of
     the Administration Guide
   - In the ports section of the Installation Guide, mention tftpsync
     explicitly for port 443 (bsc#1190665)
   - In server upgrade procedure of the Upgrade Guide, add zypper ref step to
     refresh repositories reliably
   - Update effective_cache_size section of the Salt Guide (bsc#1191274)
   - Documented new filter in the content lifecycle management chapter of the
     Administration Guide
   - Added aarch64 support for clients in the Installation Guide and Client
     Configuration Guide
   - Documented AWS Permissions for Virtual Host Manager in VHM and Amazon
     Web Services chapter of the Client Configuration Guide
   - Removed an outdated patches note in the server update chapter of the
   - Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
     commands on the client (bsc#1190166)
   - Removed Portus and CaaSP references from the image management chapter

   susemanager-sls:

   - Version 4.1.31-1
     * Fix mgrcompat state module to work with Salt 3003 and 3004
     * Update kernel live patch version on minion startup (bsc#1190276)

   How to apply this update:

   1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
   service: `spacewalk-service stop` 3. Apply the patch using either zypper
   patch or YaST Online Update. 4. Start the Spacewalk service:
   `spacewalk-service start`


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-3621=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):

      py26-compat-tornado-4.2.1-3.3.2
      py26-compat-tornado-debuginfo-4.2.1-3.3.2
      py26-compat-tornado-debugsource-4.2.1-3.3.2
      susemanager-4.1.31-3.39.2
      susemanager-tools-4.1.31-3.39.2

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):

      grafana-formula-0.4.2-3.12.2
      prometheus-formula-0.3.4-3.12.2
      py26-compat-salt-2016.11.10-17.2
      py27-compat-salt-3000.3-6.15.2
      python3-spacewalk-certs-tools-4.1.19-3.22.2
      spacecmd-4.1.15-4.30.2
      spacewalk-backend-4.1.29-4.44.2
      spacewalk-backend-app-4.1.29-4.44.2
      spacewalk-backend-applet-4.1.29-4.44.2
      spacewalk-backend-config-files-4.1.29-4.44.2
      spacewalk-backend-config-files-common-4.1.29-4.44.2
      spacewalk-backend-config-files-tool-4.1.29-4.44.2
      spacewalk-backend-iss-4.1.29-4.44.2
      spacewalk-backend-iss-export-4.1.29-4.44.2
      spacewalk-backend-package-push-server-4.1.29-4.44.2
      spacewalk-backend-server-4.1.29-4.44.2
      spacewalk-backend-sql-4.1.29-4.44.2
      spacewalk-backend-sql-postgresql-4.1.29-4.44.2
      spacewalk-backend-tools-4.1.29-4.44.2
      spacewalk-backend-xml-export-libs-4.1.29-4.44.2
      spacewalk-backend-xmlrpc-4.1.29-4.44.2
      spacewalk-base-4.1.30-3.36.1
      spacewalk-base-minimal-4.1.30-3.36.1
      spacewalk-base-minimal-config-4.1.30-3.36.1
      spacewalk-certs-tools-4.1.19-3.22.2
      spacewalk-html-4.1.30-3.36.1
      spacewalk-java-4.1.41-3.58.2
      spacewalk-java-config-4.1.41-3.58.2
      spacewalk-java-lib-4.1.41-3.58.2
      spacewalk-java-postgresql-4.1.41-3.58.2
      spacewalk-reports-4.1.4-3.6.2
      spacewalk-taskomatic-4.1.41-3.58.2
      subscription-matcher-0.27-3.12.2
      susemanager-doc-indexes-4.1-11.46.2
      susemanager-docs_en-4.1-11.46.2
      susemanager-docs_en-pdf-4.1-11.46.2
      susemanager-sls-4.1.31-3.51.2
      susemanager-web-libs-4.1.30-3.36.1
      uyuni-config-modules-4.1.31-3.51.2


References:

   https://www.suse.com/security/cve/CVE-2021-21996.html
   https://bugzilla.suse.com/1185951
   https://bugzilla.suse.com/1187998
   https://bugzilla.suse.com/1188315
   https://bugzilla.suse.com/1189609
   https://bugzilla.suse.com/1189643
   https://bugzilla.suse.com/1189818
   https://bugzilla.suse.com/1190151
   https://bugzilla.suse.com/1190166
   https://bugzilla.suse.com/1190265
   https://bugzilla.suse.com/1190276
   https://bugzilla.suse.com/1190512
   https://bugzilla.suse.com/1190665
   https://bugzilla.suse.com/1190751
   https://bugzilla.suse.com/1191144
   https://bugzilla.suse.com/1191222
   https://bugzilla.suse.com/1191274
   https://bugzilla.suse.com/1191444
   https://bugzilla.suse.com/1191495
   https://bugzilla.suse.com/1191538
   https://bugzilla.suse.com/1191643
   https://bugzilla.suse.com/1191898


From sle-updates at lists.suse.com  Fri Nov  5 20:20:43 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri,  5 Nov 2021 21:20:43 +0100 (CET)
Subject: SUSE-RU-2021:3622-1: moderate: Recommended update for
 release-notes-susemanager, release-notes-susemanager-proxy
Message-ID: <20211105202043.26B1DFBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3622-1
Rating:             moderate
References:         #1185951 #1187998 #1188315 #1189609 #1189643 
                    #1189818 #1190151 #1190166 #1190265 #1190276 
                    #1190512 #1190665 #1190751 #1191144 #1191222 
                    #1191274 #1191444 #1191495 #1191538 #1191643 
                    #1191898 
Affected Products:
                    SUSE Manager Server 4.1
                    SUSE Manager Retail Branch Server 4.1
                    SUSE Manager Proxy 4.1
______________________________________________________________________________

   An update that has 21 recommended fixes can now be
   installed.

Description:

   This update for release-notes-susemanager, release-notes-susemanager-proxy
   fixes the following issues:

   - Update to 4.1.12
     * Bugs mentioned bsc#1188315, bsc#1189643, bsc#1190512, bsc#1190751,
       bsc#1191538

   - Update to 4.1.12
     * Bugs mentioned bsc#1185951, bsc#1188315, bsc#1189609, bsc#1189643,
       bsc#1189818, bsc#1190151, bsc#1190166, bsc#1190265, bsc#1190276,
       bsc#1190512, bsc#1190665, bsc#1190751, bsc#1191144, bsc#1191222,
       bsc#1191274, bsc#1191444, bsc#1191495, bsc#1191538, bsc#1191643,
       bsc#1191898, bsc#1187998


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-3622=1

   - SUSE Manager Retail Branch Server 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-3622=1

   - SUSE Manager Proxy 4.1:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-3622=1



Package List:

   - SUSE Manager Server 4.1 (ppc64le s390x x86_64):

      release-notes-susemanager-4.1.12-3.64.1

   - SUSE Manager Retail Branch Server 4.1 (x86_64):

      release-notes-susemanager-proxy-4.1.12-3.47.1

   - SUSE Manager Proxy 4.1 (x86_64):

      release-notes-susemanager-proxy-4.1.12-3.47.1


References:

   https://bugzilla.suse.com/1185951
   https://bugzilla.suse.com/1187998
   https://bugzilla.suse.com/1188315
   https://bugzilla.suse.com/1189609
   https://bugzilla.suse.com/1189643
   https://bugzilla.suse.com/1189818
   https://bugzilla.suse.com/1190151
   https://bugzilla.suse.com/1190166
   https://bugzilla.suse.com/1190265
   https://bugzilla.suse.com/1190276
   https://bugzilla.suse.com/1190512
   https://bugzilla.suse.com/1190665
   https://bugzilla.suse.com/1190751
   https://bugzilla.suse.com/1191144
   https://bugzilla.suse.com/1191222
   https://bugzilla.suse.com/1191274
   https://bugzilla.suse.com/1191444
   https://bugzilla.suse.com/1191495
   https://bugzilla.suse.com/1191538
   https://bugzilla.suse.com/1191643
   https://bugzilla.suse.com/1191898


From sle-updates at lists.suse.com  Fri Nov  5 20:25:40 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri,  5 Nov 2021 21:25:40 +0100 (CET)
Subject: SUSE-RU-2021:3621-1: moderate: Recommended update for SUSE Manager
 Proxy 4.1
Message-ID: <20211105202540.4DAD2FBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.1
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3621-1
Rating:             moderate
References:         #1188315 #1189643 #1190512 #1190751 #1191538 
                    
Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1
______________________________________________________________________________

   An update that has 5 recommended fixes can now be installed.

Description:

   This update fixes the following issues:

   spacecmd:

   - Version 4.1.15-1
     * configchannel_updatefile handles directory properly (bsc#1190512)

   spacewalk-backend:

   - Version 4.1.29-1
     * Avoid GPG errors messages in reposync caused by rpm not understanding
       signatures (bsc#1191538)
     * handle download of metadata filesnames with checksums (bsc#1188315)
     * Sanitize cached filename for custom SSL certs used by reposync
       (bsc#1190751)

   spacewalk-certs-tools:

   - Version 4.1.18-1
     * set key format to PEM when generating key for traditional clients push
       ssh (bsc#1189643)

   spacewalk-proxy:

   - Version 4.1.6-1
     * remove SSLProtocol configuration which should be done in the ssl
       configuration file

   spacewalk-proxy-installer:

   - Version 4.1.8-1
     * use system default for SSLProtocol

   How to apply this update:

   1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy
   service: spacewalk-proxy stop 3. Apply the patch using either zypper patch
   or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy
   start


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-3621=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch):

      python3-spacewalk-certs-tools-4.1.19-3.22.2
      spacecmd-4.1.15-4.30.2
      spacewalk-backend-4.1.29-4.44.2
      spacewalk-base-minimal-4.1.30-3.36.1
      spacewalk-base-minimal-config-4.1.30-3.36.1
      spacewalk-certs-tools-4.1.19-3.22.2
      spacewalk-proxy-broker-4.1.6-3.15.2
      spacewalk-proxy-common-4.1.6-3.15.2
      spacewalk-proxy-installer-4.1.8-3.9.2
      spacewalk-proxy-management-4.1.6-3.15.2
      spacewalk-proxy-package-manager-4.1.6-3.15.2
      spacewalk-proxy-redirect-4.1.6-3.15.2
      spacewalk-proxy-salt-4.1.6-3.15.2


References:

   https://bugzilla.suse.com/1188315
   https://bugzilla.suse.com/1189643
   https://bugzilla.suse.com/1190512
   https://bugzilla.suse.com/1190751
   https://bugzilla.suse.com/1191538


From sle-updates at lists.suse.com  Mon Nov  8 17:16:26 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon,  8 Nov 2021 18:16:26 +0100 (CET)
Subject: SUSE-RU-2021:3625-1: moderate: Recommended update for ceph
Message-ID: <20211108171626.6ADEFFBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for ceph
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3625-1
Rating:             moderate
References:         #1185747 #1187584 #1187709 #1188911 #1190415 
                    #1191357 
Affected Products:
                    SUSE Enterprise Storage 6
______________________________________________________________________________

   An update that has 6 recommended fixes can now be installed.

Description:

   This update for ceph fixes the following issues:

   - osd: move down peers out from peer_purged (bsc#1187709)
   - osd: fix scrub reschedule bug (bsc#1187584)
   - osd: marked down causes wrong backfill_toofull (bsc#1188911)
   - osd: panic occur repeatedly when recovery an object after disk
     replacement (bsc#1190415)
   - rgw: allow to set ssl options and ciphers for beast frontend
     (bsc#1185747)
   - bucket removal operation fails (bsc#1191357)
   - os/bluestore: fix erroneous SharedBlob record removal during repair
   - os/bluestore: Remove possibility of replay log and file inconsistency
   - mgr/dashboard/api: set a UTF-8 locale when running pip
   - mgr/DaemonServer: skip redundant update of pgp_num_actual
   - pybind/mgr/insights: Don't persist report data
   - common/options: Set osd_client_message_cap to 256
   - pybind/ceph_volume_client: use cephfs mkdirs api


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3625=1



Package List:

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      ceph-14.2.22.445+ga68959d39a6-3.72.1
      ceph-base-14.2.22.445+ga68959d39a6-3.72.1
      ceph-base-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      ceph-common-14.2.22.445+ga68959d39a6-3.72.1
      ceph-common-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      ceph-debugsource-14.2.22.445+ga68959d39a6-3.72.1
      ceph-fuse-14.2.22.445+ga68959d39a6-3.72.1
      ceph-fuse-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      ceph-mds-14.2.22.445+ga68959d39a6-3.72.1
      ceph-mds-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      ceph-mgr-14.2.22.445+ga68959d39a6-3.72.1
      ceph-mgr-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      ceph-mon-14.2.22.445+ga68959d39a6-3.72.1
      ceph-mon-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      ceph-osd-14.2.22.445+ga68959d39a6-3.72.1
      ceph-osd-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      ceph-radosgw-14.2.22.445+ga68959d39a6-3.72.1
      ceph-radosgw-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      cephfs-shell-14.2.22.445+ga68959d39a6-3.72.1
      libcephfs2-14.2.22.445+ga68959d39a6-3.72.1
      libcephfs2-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      librados2-14.2.22.445+ga68959d39a6-3.72.1
      librados2-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      librbd1-14.2.22.445+ga68959d39a6-3.72.1
      librbd1-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      librgw2-14.2.22.445+ga68959d39a6-3.72.1
      librgw2-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      python3-ceph-argparse-14.2.22.445+ga68959d39a6-3.72.1
      python3-cephfs-14.2.22.445+ga68959d39a6-3.72.1
      python3-cephfs-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      python3-rados-14.2.22.445+ga68959d39a6-3.72.1
      python3-rados-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      python3-rbd-14.2.22.445+ga68959d39a6-3.72.1
      python3-rbd-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      python3-rgw-14.2.22.445+ga68959d39a6-3.72.1
      python3-rgw-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      rbd-fuse-14.2.22.445+ga68959d39a6-3.72.1
      rbd-fuse-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      rbd-mirror-14.2.22.445+ga68959d39a6-3.72.1
      rbd-mirror-debuginfo-14.2.22.445+ga68959d39a6-3.72.1
      rbd-nbd-14.2.22.445+ga68959d39a6-3.72.1
      rbd-nbd-debuginfo-14.2.22.445+ga68959d39a6-3.72.1

   - SUSE Enterprise Storage 6 (noarch):

      ceph-grafana-dashboards-14.2.22.445+ga68959d39a6-3.72.1
      ceph-mgr-dashboard-14.2.22.445+ga68959d39a6-3.72.1
      ceph-mgr-diskprediction-local-14.2.22.445+ga68959d39a6-3.72.1
      ceph-mgr-rook-14.2.22.445+ga68959d39a6-3.72.1
      ceph-prometheus-alerts-14.2.22.445+ga68959d39a6-3.72.1


References:

   https://bugzilla.suse.com/1185747
   https://bugzilla.suse.com/1187584
   https://bugzilla.suse.com/1187709
   https://bugzilla.suse.com/1188911
   https://bugzilla.suse.com/1190415
   https://bugzilla.suse.com/1191357


From sle-updates at lists.suse.com  Mon Nov  8 20:16:29 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon,  8 Nov 2021 21:16:29 +0100 (CET)
Subject: SUSE-RU-2021:3626-1: important: Recommended update for SUSEConnect
Message-ID: <20211108201629.7CF0BFBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for SUSEConnect
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3626-1
Rating:             important
References:         
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that has 0 recommended fixes can now be installed.

Description:

   This update for SUSEConnect contains the following fix:

   - Update to 0.3.32:
     - Allow --regcode and --instance-data attributes at the same time.
       (jsc#PCT-164)
     - Document that 'debug' can also get set in the config file.
     - --status will also print the subscription name.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3626=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3626=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3626=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3626=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3626=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3626=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      SUSEConnect-0.3.32-7.25.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      SUSEConnect-0.3.32-7.25.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      SUSEConnect-0.3.32-7.25.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      SUSEConnect-0.3.32-7.25.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      SUSEConnect-0.3.32-7.25.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      SUSEConnect-0.3.32-7.25.1

   - SUSE CaaS Platform 4.0 (x86_64):

      SUSEConnect-0.3.32-7.25.1


References:



From sle-updates at lists.suse.com  Tue Nov  9 07:27:15 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 08:27:15 +0100 (CET)
Subject: SUSE-CU-2021:494-1: Security update of ses/6/cephcsi/cephcsi
Message-ID: <20211109072715.1A181FBAC@maintenance.suse.de>

SUSE Container Update Advisory: ses/6/cephcsi/cephcsi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:494-1
Container Tags        : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.494 , ses/6/cephcsi/cephcsi:latest
Container Release     : 1.5.494
Severity              : critical
Type                  : security
References            : 1029961 1040589 1047218 1065729 1085917 1122417 1125886 1134353
                        1148868 1152489 1154353 1154935 1157818 1158812 1158958 1158959
                        1158960 1159491 1159715 1159847 1159850 1159886 1160309 1160438
                        1160439 1164719 1167471 1167773 1170774 1171962 1172091 1172115
                        1172234 1172236 1172240 1172389 1172505 1172973 1172974 1173641
                        1173746 1174697 1175086 1175448 1175449 1176206 1176473 1176934
                        1176940 1178016 1178236 1178561 1179382 1179898 1179899 1179900
                        1179901 1179902 1179903 1180451 1180454 1180461 1181095 1181299
                        1181306 1181309 1181371 1181452 1181535 1181536 1181725 1182252
                        1182604 1183511 1183818 1184124 1184439 1184517 1184614 1184620
                        1184761 1184794 1184804 1184967 1184994 1184994 1185016 1185046
                        1185208 1185302 1185331 1185422 1185524 1185540 1185677 1185726
                        1185747 1185748 1185762 1185807 1185958 1186049 1186131 1186489
                        1186561 1186910 1187060 1187105 1187167 1187210 1187212 1187270
                        1187292 1187400 1187512 1187584 1187584 1187709 1187911 1188018
                        1188063 1188063 1188067 1188127 1188217 1188218 1188219 1188220
                        1188291 1188344 1188486 1188571 1188651 1188651 1188713 1188891
                        1188911 1188921 1188986 1189206 1189297 1189465 1189465 1189480
                        1189521 1189521 1189552 1189683 1189841 1189884 1189929 1189996
                        1190023 1190052 1190062 1190115 1190159 1190234 1190358 1190373
                        1190374 1190406 1190415 1190432 1190467 1190523 1190534 1190543
                        1190576 1190595 1190596 1190598 1190620 1190626 1190645 1190679
                        1190705 1190717 1190739 1190746 1190758 1190784 1190785 1190793
                        1190858 1190915 1190933 1191172 1191193 1191240 1191292 1191357
                        1191987 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244
                        CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880
                        CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959
                        CVE-2019-20218 CVE-2019-20838 CVE-2020-12049 CVE-2020-12400 CVE-2020-12401
                        CVE-2020-12403 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631
                        CVE-2020-13632 CVE-2020-13757 CVE-2020-14155 CVE-2020-15358 CVE-2020-16590
                        CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599
                        CVE-2020-24370 CVE-2020-24371 CVE-2020-25648 CVE-2020-35448 CVE-2020-35493
                        CVE-2020-35496 CVE-2020-35507 CVE-2020-35512 CVE-2020-3702 CVE-2020-6829
                        CVE-2020-9327 CVE-2021-20197 CVE-2021-20284 CVE-2021-22922 CVE-2021-22923
                        CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-33560
                        CVE-2021-33574 CVE-2021-33910 CVE-2021-33910 CVE-2021-3487 CVE-2021-3580
                        CVE-2021-35942 CVE-2021-36222 CVE-2021-3669 CVE-2021-3712 CVE-2021-3712
                        CVE-2021-3744 CVE-2021-3752 CVE-2021-37600 CVE-2021-3764 CVE-2021-37750
                        CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-40490 
-----------------------------------------------------------------

The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2008-1
Released:    Thu Jun 17 18:07:45 2021
Summary:     Security update for python-rsa
Type:        security
Severity:    important
References:  1172389,CVE-2020-13757
This update for python-rsa fixes the following issues:

- CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext (bsc#1172389)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2143-1
Released:    Wed Jun 23 16:27:04 2021
Summary:     Security update for libnettle
Type:        security
Severity:    important
References:  1187060,CVE-2021-3580
This update for libnettle fixes the following issues:

- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2157-1
Released:    Thu Jun 24 15:40:14 2021
Summary:     Security update for libgcrypt
Type:        security
Severity:    important
References:  1187212,CVE-2021-33560
This update for libgcrypt fixes the following issues:

- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2173-1
Released:    Mon Jun 28 14:59:45 2021
Summary:     Recommended update for automake
Type:        recommended
Severity:    moderate
References:  1040589,1047218,1182604,1185540,1186049
This update for automake fixes the following issues:

- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)

This update for pcre fixes the following issues:

- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)

This update for brp-check-suse fixes the following issues:

- Add fixes to support reproducible builds. (bsc#1186049) 


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2178-1
Released:    Mon Jun 28 15:56:15 2021
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
References:  1186561
This update for systemd-presets-common-SUSE fixes the following issues:

When installing the systemd-presets-common-SUSE package for the
first time in a new system, it might happen that some services
are installed before systemd so the %systemd_pre/post macros
would not work. This is handled by enabling all preset services
in this package's %posttrans section but it wasn't enabling
user services, just system services. Now it enables also the
user services installed before this package (bsc#1186561)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2179-1
Released:    Mon Jun 28 17:36:37 2021
Summary:     Recommended update for thin-provisioning-tools
Type:        recommended
Severity:    moderate
References:  1184124
This update for thin-provisioning-tools fixes the following issues:

- Link as position-independent executable (bsc#1184124)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2196-1
Released:    Tue Jun 29 09:41:39 2021
Summary:     Security update for lua53
Type:        security
Severity:    moderate
References:  1175448,1175449,CVE-2020-24370,CVE-2020-24371
This update for lua53 fixes the following issues:

Update to version 5.3.6:

- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2205-1
Released:    Wed Jun 30 09:17:41 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    important
References:  1187210
This update for openldap2 fixes the following issues:

- Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2224-1
Released:    Thu Jul  1 13:48:44 2021
Summary:     Recommended update for psmisc
Type:        recommended
Severity:    important
References:  1185208
This update for psmisc fixes the following issues:

- It does no longer list all processes from different private namespaces
  when fuser is run on an NFS mount. This led to an issue where the wrong
  processes were terminated in an SAP application cluster environment (bsc#1185208)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2246-1
Released:    Mon Jul  5 15:17:49 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400
This update for systemd fixes the following issues:

  cgroup: Parse infinity properly for memory protections. (bsc#1167471)
  cgroup: Make empty assignments reset to default. (bsc#1167471)
  cgroup: Support 0-value for memory protection directives. (bsc#1167471)
  core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935)
  bus-unit-util: Add proper 'MemorySwapMax' serialization.
  core: Accept MemorySwapMax= properties that are scaled.
  execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967)
  core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331)
  Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046)
  rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561)
  write_net_rules: Set execute bits. (bsc#1178561)
  udev: Rework network device renaming.
  Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available''
    
  mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
  core: fix output (logging) for mount units (#7603) (bsc#1187400)
  udev requires systemd in its %post (bsc#1185958)
  cgroup: Parse infinity properly for memory protections (bsc#1167471)
  cgroup: Make empty assignments reset to default (bsc#1167471)
  cgroup: Support 0-value for memory protection directives (bsc#1167471)
  Create /run/lock/subsys again (bsc#1187292)
  The creation of this directory was mistakenly dropped when
  'filesystem' package took the initialization of the generic paths
  over.
  Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
  
  

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2292-1
Released:    Mon Jul 12 08:25:20 2021
Summary:     Security update for dbus-1
Type:        security
Severity:    important
References:  1187105,CVE-2020-35512
This update for dbus-1 fixes the following issues:

- CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2320-1
Released:    Wed Jul 14 17:01:06 2021
Summary:     Security update for sqlite3
Type:        security
Severity:    important
References:  1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327
This update for sqlite3 fixes the following issues:

- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener
  optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in
  isAuxiliaryVtabOperator (bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling  of  certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer
  dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling  of certain errors during parsing  multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference
  (bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with
  a shadow table name (bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated
  columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views
  in conjunction with ALTER TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,
  which allows attackers to cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a
  sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2404-1
Released:    Tue Jul 20 14:21:30 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1184994,1188063,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063)
- Skip udev rules if 'elevator=' is used (bsc#1184994)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2440-1
Released:    Wed Jul 21 13:48:24 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925
This update for curl fixes the following issues:

- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released:    Thu Jul 29 14:21:52 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2689-1
Released:    Mon Aug 16 10:54:52 2021
Summary:     Security update for cpio
Type:        security
Severity:    important
References:  1189206,CVE-2021-38185
This update for cpio fixes the following issues:

It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2763-1
Released:    Tue Aug 17 17:16:22 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465
This update for cpio fixes the following issues:

- A regression in last update would cause builds to hang on various architectures(bsc#1189465)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2780-1
Released:    Thu Aug 19 16:09:15 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465,CVE-2021-38185
This update for cpio fixes the following issues:

- A regression in the previous update could lead to crashes (bsc#1189465)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2800-1
Released:    Fri Aug 20 10:43:04 2021
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1188571,CVE-2021-36222
This update for krb5 fixes the following issues:

- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2810-1
Released:    Mon Aug 23 12:14:30 2021
Summary:     Security update for dbus-1
Type:        security
Severity:    moderate
References:  1172505,CVE-2020-12049
This update for dbus-1 fixes the following issues:

- CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:2816-1
Released:    Mon Aug 23 14:17:09 2021
Summary:     Optional update for python-kubernetes
Type:        optional
Severity:    low
References:  
This patch provides the python3-kubernetes package to the following modules:

- Container Module for SUSE Linux Enterprise 15 SP2
- Container Module for SUSE Linux Enterprise 15 SP3

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2820-1
Released:    Tue Aug 24 10:38:27 2021
Summary:     Recommended update for ceph, deepsea
Type:        recommended
Severity:    moderate
References:  1175086,1178016,1181095,1181725,1184517,1185422,1186131,1187584,1188486
This update for ceph fixes the following issues:

- Update to 14.2.22-404-gf74e15c2e55:
  - Fix for an issue when scrub is not rescheduling. (bsc#1187584)

- Update to 14.2.22-403-g54cdaf6e510:
  - Fixed and isshe when dashboard shows partially deleted RBDs. (bsc#1175086)
  - Look for plain entries in non-ascii plain namespace too. (bsc#1184517)
  - Fix monitoring menu item in downstream branding


  This update for deepsea fixes the following issues:
- Version: 0.9.36
- Allow embedding of Grafana graphs (bsc#1186131)
- Wait for OSDs to be active after restarting (bsc#1185422)
- qa: functests/1node/restart: fix changed.any check
- mds/restart: only check MDS processes (not all processes)
- dg: include unavailable disks (bsc#1181725)
- upgrade: Add ability to specify registry credentials (bsc#1181095)
- Fix no UCST response after 1 second when validating time server
- osd: handle ceph osd ok-to-stop output from ceph v14.2.22
- monitoring: put node_exporter ARGS all on one line (bsc#1188486)
- Use correct pool when checking for rados config object (bsc#1178016)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2831-1
Released:    Tue Aug 24 16:20:45 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following security issue:

- CVE-2021-3712: a bug in the code for printing certificate details could
  lead to a buffer overrun that a malicious actor could exploit to crash
  the application, causing a denial-of-service attack. [bsc#1189521]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2863-1
Released:    Mon Aug 30 08:18:50 2021
Summary:     Recommended update for python-dbus-python
Type:        recommended
Severity:    moderate
References:  1183818
This update for python-dbus-python fixes the following issues:

- Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818)

- update to 1.2.16:
  * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present.

- Support builds with more than one python3 flavor
- Clean duplicate python flavor variables for configure

- Version update to version 1.2.14:
  * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions.
  * Disable -Winline.
  * Add clearer license information using SPDX-License-Identifier.
  * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx.
  * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types
  * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag
  * Silence '-Wcast-function-type' with gcc 8.
  * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall.
  * Consistently save and restore the exception indicator when called from C code.

- Add missing dependency for pkg-config files

- Version update to version 1.2.8:
  * Python 2.7 required or 3.4 respectively
  * Upstream dropped epydoc completely

- Add dbus-1-python3 package
- Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to
- When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon
- New package: dbus-1-python-devel

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2938-1
Released:    Fri Sep  3 09:19:36 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1184614

This update for openldap2 fixes the following issue:

- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2968-1
Released:    Tue Sep  7 09:53:00 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    low
References:  1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following issues:

- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. 
  Read buffer overruns processing ASN.1 strings (bsc#1189521).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3001-1
Released:    Thu Sep  9 15:08:13 2021
Summary:     Recommended update for netcfg
Type:        recommended
Severity:    moderate
References:  1189683
This update for netcfg fixes the following issues:

- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3034-1
Released:    Tue Sep 14 13:49:23 2021
Summary:     Recommended update for python-pytz
Type:        recommended
Severity:    moderate
References:  1185748
This update for python-pytz fixes the following issues:

- Add %pyunittest shim for platforms where it is missing.
- Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748)

- update to 2021.1:
  * update to IANA 2021a timezone release 

- update to 2020.5:
  * update to IANA 2020e timezone release 
  
- update to 2020.4:
  * update to IANA 2020d timezone release

- update to version 2020.1:
  * Test against Python 3.8 and Python 3.9
  * Bump version numbers to 2020.1/2020a
  * use .rst extension name
  * Make FixedOffset part of public API

- Update to 2019.3
  * IANA 2019c

- Add versioned dependency on timezone database to ensure the correct data is installed
- Add a symlink to the  system timezone database

- update to 2019.2
 *	IANA 2019b
 * 	Defer generating case-insensitive lookups


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3115-1
Released:    Thu Sep 16 14:04:26 2021
Summary:     Recommended update for mozilla-nspr, mozilla-nss
Type:        recommended
Severity:    moderate
References:  1029961,1174697,1176206,1176934,1179382,1188891,CVE-2020-12400,CVE-2020-12401,CVE-2020-12403,CVE-2020-25648,CVE-2020-6829
This update for mozilla-nspr fixes the following issues:

mozilla-nspr was updated to version 4.32:

* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
  size for DNS queries 
* Lock access to PRCallOnceType members in PR_CallOnce* for
  thread safety bmo#1686138
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
  information about the operating system build version.


Mozilla NSS was updated to version 3.68:

* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.

update to NSS 3.67

* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.

update to NSS 3.66

* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.

update to NSS 3.65

* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.

update to NSS 3.64

* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
		disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports('vsx') with
		ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
		acceleration.

Fixed in 3.63

* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
		initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
		scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
		initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
		scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
		profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
		with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
		of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
		'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
		from NSS.
* bmo#1687822 - Turn off Websites trust bit for the ???Staat der
		Nederlanden Root CA - G3??? root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
		Root - 2008' and 'Global Chambersign Root - 2008???.
* bmo#1694291 - Tracing fixes for ECH.

update to NSS 3.62

* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
		can corrupt 'cachedCertTable'
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07

update to NSS 3.61

* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
		values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
		with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.

Update to NSS 3.60.1:

Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
  has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
  implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
  to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
  for more information.

Update to NSS 3.59.1:

* bmo#1679290 - Fix potential deadlock with certain third-party
		PKCS11 modules

Update to NSS 3.59:

Notable changes:

* Exported two existing functions from libnss:
  CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData

Bugfixes

* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
		root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
		solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
		our CVE-2020-25648 fix that broke purple-discord
		(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
		CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
		ASN.1 decoder that affected decoding certain PKCS8
		private keys when using NSS debug builds
*  bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.

update to NSS 3.58

Bugs fixed:

* bmo#1641480 (CVE-2020-25648)
  Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
  (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
  (draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
  extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
  gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
  to TrustDomain::CheckRevocation instead of the notBefore value.

update to NSS 3.57

* The following CA certificates were Added:
  bmo#1663049 - CN=Trustwave Global Certification Authority
      SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
  bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
      SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
  bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
      SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
  bmo#1651211 - CN=EE Certification Centre Root CA
      SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
  bmo#1656077 - O=Government Root Certification Authority; C=TW
      SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
  bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
      Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes

update to NSS 3.56

Notable changes

* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
		detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
		lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
		fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
		cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting 'all' as the default
		makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
		commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28

update to NSS 3.55

Notable changes
* P384 and P521 elliptic curve implementations are replaced with
  verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
  can be queried with a DER-Encoded certificate, providing performance
  and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)

Relevant Bugfixes

* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
  P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
  ChaCha20 (which was not functioning correctly) and more strictly
  enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
  with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
  for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
  RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
  signature_algorithms extension.

update to NSS 3.54

Notable changes

* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
  (bmo#1528113)
* The following CA certificates were Added:
  bmo#1645186 - certSIGN Root CA G2.
  bmo#1645174 - e-Szigno Root CA 2017.
  bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
  bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
  bmo#1645199 - AddTrust Class 1 CA Root.
  bmo#1645199 - AddTrust External CA Root.
  bmo#1641718 - LuxTrust Global Root 2.
  bmo#1639987 - Staat der Nederlanden Root CA - G2.
  bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
  bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
  bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.

* A number of certificates had their Email trust bit disabled.
  See bmo#1618402 for a complete list.

Bugs fixed

* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
* bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for 'O=Government
	       Root Certification Authority; C=TW' root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate.
* bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root
		certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
		bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
		self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3182-1
Released:    Tue Sep 21 17:04:26 2021
Summary:     Recommended update for file
Type:        recommended
Severity:    moderate
References:  1189996
This update for file fixes the following issues:

- Fixes exception thrown by memory allocation problem (bsc#1189996)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3233-1
Released:    Mon Sep 27 15:02:21 2021
Summary:     Recommended update for xfsprogs
Type:        recommended
Severity:    moderate
References:  1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552
This update for xfsprogs fixes the following issues:

- Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299)
- xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency.
- mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536)
- mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535)
- xfs_growfs: Refactor geometry reporting. (bsc#1181306)
- xfs_growfs: Allow mounted device node as argument. (bsc#1181299)
- xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309)
- xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651)
- xfs_bmap: Remove '-c' from manpage. (bsc#1189552)
- xfs_bmap: Do not reject '-e'. (bsc#1189552)
- Implement 'libhandle1' through ECO. (jsc#SLE-20360)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3278-1
Released:    Mon Oct  4 09:30:10 2021
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    important
References:  1190858
This update for ca-certificates-mozilla fixes the following issues:

- remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires
  September 30th 2021 and openssl certificate chain handling does not handle
  this correctly in openssl 1.0.2 and older. (bsc#1190858)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3297-1
Released:    Wed Oct  6 16:53:29 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1190373,1190374,CVE-2021-22946,CVE-2021-22947
This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3318-1
Released:    Wed Oct  6 19:31:19 2021
Summary:     Recommended update for sudo
Type:        recommended
Severity:    moderate
References:  1176473,1181371
This update for sudo fixes the following issues:

- Update to sudo 1.8.27 (jsc#SLE-17083).
- Fixed special handling of ipa_hostname (bsc#1181371).
- Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED option is not set in /etc/ldap.conf (bsc#1176473).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3348-1
Released:    Tue Oct 12 13:08:06 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).

- logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).
- Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).
- Rules weren't applied to dm devices (multipath) (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234).
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).
- Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3385-1
Released:    Tue Oct 12 15:54:31 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:

- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)
- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3447-1
Released:    Fri Oct 15 09:05:12 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490


The SUSE Linux Enterprise 15 SP2 kernel was updated.


The following security bugs were fixed:

- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)

The following non-security bugs were fixed:

- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: Prevent probing virtual functions (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3454-1
Released:    Mon Oct 18 09:29:26 2021
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1189929,CVE-2021-37750
This update for krb5 fixes the following issues:

- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:08 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3523-1
Released:    Tue Oct 26 15:40:13 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1122417,1125886,1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921).
- agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
- mount: Fix 'mount' output for net file systems (bsc#1122417).
- ipcs: Avoid overflows (bsc#1178236)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3616-1
Released:    Thu Nov  4 12:29:15 2021
Summary:     Security update for binutils
Type:        security
Severity:    moderate
References:  1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487
This update for binutils fixes the following issues:

Update to binutils 2.37:

* The GNU Binutils sources now requires a C99 compiler and library to
  build.
* Support for Realm Management Extension (RME) for AArch64 has been
  added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
  has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
  special treatment of __start_*/__stop_* references when
  --gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
  cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
  specify how the numeric values of symbols are reported.
  --sym-base=0|8|10|16 tells readelf to display the values in base 8,
  base 10 or base 16.  A sym base of 0 represents the default action
  of displaying values under 10000 in base 10 and values above that in
  base 16.
* A new format has been added to the nm program.  Specifying
  '--format=just-symbols' (or just using -j) will tell the program to
  only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
  objcopy and strip.  This stops the removal of unused section symbols
  when the file is copied.  Removing these symbols saves space, but
  sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
  supported by objcopy now make undefined symbols weak on targets that
  support weak symbols. 
* Readelf and objdump can now display and use the contents of .debug_sup
  sections.
* Readelf and objdump will now follow links to separate debug info
  files by default.  This behaviour can be stopped via the use of the
  new '-wN' or '--debug-dump=no-follow-links' options for readelf and
  the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
  the old behaviour can be restored by the use of the
  '--enable-follow-debug-links=no' configure time option.

  The semantics of the =follow-links option have also been slightly
  changed.  When enabled, the option allows for the loading of symbol
  tables and string tables from the separate files which can be used
  to enhance the information displayed when dumping other sections,
  but it does not automatically imply that information from the
  separate files should be displayed.

  If other debug section display options are also enabled (eg
  '--debug-dump=info') then the contents of matching sections in both
  the main file and the separate debuginfo file *will* be displayed.
  This is because in most cases the debug section will only be present
  in one of the files.

  If however non-debug section display options are enabled (eg
  '--sections') then the contents of matching parts of the separate
  debuginfo file will *not* be displayed.  This is because in most
  cases the user probably only wanted to load the symbol information
  from the separate debuginfo file.  In order to change this behaviour
  a new command line option --process-links can be used.  This will
  allow di0pslay options to applied to both the main file and any
  separate debuginfo files.

* Nm has a new command line option: '--quiet'.  This suppresses 'no
  symbols' diagnostic.

Update to binutils 2.36:

New features in the Assembler:

- General:

   * When setting the link order attribute of ELF sections, it is now
     possible to use a numeric section index instead of symbol name.
   * Added a .nop directive to generate a single no-op instruction in
     a target neutral manner.  This instruction does have an effect on
     DWARF line number generation, if that is active.
   * Removed --reduce-memory-overheads and --hash-size as gas now
     uses hash tables that can be expand and shrink automatically.

- X86/x86_64:

   * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
     Locker instructions. 
   * Support non-absolute segment values for lcall and ljmp.
   * Add {disp16} pseudo prefix to x86 assembler.
   * Configure with --enable-x86-used-note by default for Linux/x86.

-  ARM/AArch64:

   * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
     Cortex-R82, Neoverse V1, and Neoverse N2 cores.
   * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
     Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
     Stack Recorder Extension) and BRBE (Branch Record Buffer
     Extension) system registers.
   * Add support for Armv8-R and Armv8.7-A ISA extensions.
   * Add support for DSB memory nXS barrier, WFET and WFIT
     instruction for Armv8.7.
   * Add support for +csre feature for -march. Add CSR PDEC
     instruction for CSRE feature in AArch64.
   * Add support for +flagm feature for -march in Armv8.4 AArch64.
   * Add support for +ls64 feature for -march in Armv8.7
     AArch64. Add atomic 64-byte load/store instructions for this
     feature. 
   * Add support for +pauth (Pointer Authentication) feature for
     -march in AArch64.

New features in the Linker:

  * Add --error-handling-script=<NAME> command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new 
     command-line option --ctf-share-types describes how to do this:
     its default value, share-unconflicted, produces the most compact
     output.
  * The linker now omits the 'variable section' from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.

New features in other binary tools:

  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=<style>,
    --no-demangle, --recurse-limit and --no-recurse-limit options
    are also now availale.

The following security fixes are addressed by the update:

- CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452).
- CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
- CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620).
- CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794).
- CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898).
- CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899).
- CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900).
- CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901).
- CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902).
- CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903)
- CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451).
- CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454).
- CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3618-1
Released:    Fri Nov  5 11:04:58 2021
Summary:     Recommended update for ceph
Type:        recommended
Severity:    moderate
References:  1185747,1187584,1187709,1188911,1190415,1191357
This update for ceph fixes the following issues:

- osd: move down peers out from peer_purged (bsc#1187709)
- osd: fix scrub reschedule bug (bsc#1187584) 
- osd marked down causes wrong backfill_toofull (bsc#1188911)
- osd panic occur repeatedly when recovering an object after disk replacement (bsc#1190415)
- rgw: allow to set ssl options and ciphers for beast frontend (bsc#1185747)
- bucket removal operation fails (bsc#1191357)
- pybind/mgr/insights: Don't persist report data
- os/bluestore: fix erroneous SharedBlob record removal during repair
- os/bluestore: Remove possibility of replay log and file inconsistency
- mgr/dashboard/api: set a UTF-8 locale when running pip
- common/options: Set osd_client_message_cap to 256
- mgr/DaemonServer: skip redundant update of pgp_num_actual
- pybind/ceph_volume_client: use cephfs mkdirs api


The following package changes have been done:

- binutils-2.37-7.21.2 updated
- ca-certificates-mozilla-2.44-4.32.1 updated
- ceph-base-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-common-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-fuse-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-grafana-dashboards-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mds-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-dashboard-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-diskprediction-local-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-rook-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mon-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-osd-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-radosgw-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-14.2.22.445+ga68959d39a6-3.40.1 updated
- cpio-2.12-3.9.1 updated
- dbus-1-1.12.2-8.11.2 updated
- file-magic-5.32-7.14.1 updated
- gawk-4.2.1-1.41 added
- glibc-locale-base-2.26-13.59.1 updated
- glibc-2.26-13.59.1 updated
- kmod-compat-25-6.10.1 updated
- kmod-25-6.10.1 updated
- krb5-1.16.3-3.24.1 updated
- libaugeas0-1.10.1-3.3.1 updated
- libblkid1-2.33.2-4.16.1 updated
- libcephfs2-14.2.22.445+ga68959d39a6-3.40.1 updated
- libctf-nobfd0-2.37-7.21.2 updated
- libctf0-2.37-7.21.2 updated
- libcurl4-7.60.0-25.1 updated
- libdbus-1-3-1.12.2-8.11.2 updated
- libfdisk1-2.33.2-4.16.1 updated
- libfreebl3-3.68-3.56.1 updated
- libgcrypt20-1.8.2-8.39.1 updated
- libhogweed4-3.4.1-4.18.1 updated
- libkmod2-25-6.10.1 updated
- libldap-2_4-2-2.4.46-9.58.1 updated
- libldap-data-2.4.46-9.58.1 updated
- liblua5_3-5-5.3.6-3.6.1 updated
- libmagic1-5.32-7.14.1 updated
- libmount1-2.33.2-4.16.1 updated
- libncurses6-6.1-5.9.1 updated
- libnettle6-3.4.1-4.18.1 updated
- libopenssl1_1-1.1.0i-14.21.2 updated
- libpcre1-8.45-20.10.1 updated
- librados2-14.2.22.445+ga68959d39a6-3.40.1 updated
- librbd1-14.2.22.445+ga68959d39a6-3.40.1 updated
- librgw2-14.2.22.445+ga68959d39a6-3.40.1 updated
- libsmartcols1-2.33.2-4.16.1 updated
- libsoftokn3-3.68-3.56.1 updated
- libsqlite3-0-3.36.0-3.12.1 updated
- libsystemd0-234-24.93.1 updated
- libudev1-234-24.93.1 updated
- libuuid1-2.33.2-4.16.1 updated
- mozilla-nspr-4.32-3.20.1 updated
- mozilla-nss-certs-3.68-3.56.1 updated
- mozilla-nss-3.68-3.56.1 updated
- ncurses-utils-6.1-5.9.1 updated
- netcfg-11.6-3.3.1 updated
- openssl-1_1-1.1.0i-14.21.2 updated
- pam-1.3.0-6.50.1 updated
- psmisc-23.0-6.16.1 updated
- python3-asn1crypto-0.24.0-3.2.1 updated
- python3-ceph-argparse-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-cephfs-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-dbus-python-1.2.16-6.3.1 updated
- python3-google-auth-1.5.1-3.4.1 updated
- python3-kubernetes-8.0.1-3.5.1 updated
- python3-oauth2client-gce-4.1.2-3.2.1 updated
- python3-oauth2client-4.1.2-3.2.1 updated
- python3-pyasn1-0.4.2-3.2.1 updated
- python3-pycparser-2.17-3.2.1 updated
- python3-pytz-2021.1-6.7.1 updated
- python3-rados-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-rbd-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-rgw-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-rsa-3.4.2-3.4.1 updated
- python3-urllib3-1.25.10-9.14.1 updated
- rbd-mirror-14.2.22.445+ga68959d39a6-3.40.1 updated
- rbd-nbd-14.2.22.445+ga68959d39a6-3.40.1 updated
- sudo-1.8.27-4.21.4 updated
- systemd-presets-common-SUSE-15-8.9.1 updated
- systemd-234-24.93.1 updated
- terminfo-base-6.1-5.9.1 updated
- thin-provisioning-tools-0.7.5-3.3.1 updated
- timezone-2021a-3.47.1 updated
- udev-234-24.93.1 updated
- util-linux-2.33.2-4.16.1 updated
- xfsprogs-4.15.0-4.40.1 updated
- container:sles15-image-15.0.0-6.2.526 updated
- dbus-1-glib-0.108-1.29 removed

From sle-updates at lists.suse.com  Tue Nov  9 07:30:10 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 08:30:10 +0100 (CET)
Subject: SUSE-CU-2021:495-1: Security update of ses/6/ceph/ceph
Message-ID: <20211109073010.B47FFFBAC@maintenance.suse.de>

SUSE Container Update Advisory: ses/6/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:495-1
Container Tags        : ses/6/ceph/ceph:14.2.22.445 , ses/6/ceph/ceph:14.2.22.445.1.5.490 , ses/6/ceph/ceph:latest
Container Release     : 1.5.490
Severity              : critical
Type                  : security
References            : 1029961 1040589 1047218 1065729 1085917 1122417 1125886 1134353
                        1148868 1152489 1154353 1154935 1157818 1158812 1158958 1158959
                        1158960 1159491 1159715 1159847 1159850 1159886 1160309 1160438
                        1160439 1164719 1167471 1167773 1170774 1171962 1172091 1172115
                        1172234 1172236 1172240 1172389 1172505 1172973 1172974 1173641
                        1173746 1174697 1175086 1175448 1175449 1176206 1176473 1176934
                        1176940 1178016 1178236 1178561 1179382 1179898 1179899 1179900
                        1179901 1179902 1179903 1180451 1180454 1180461 1181095 1181299
                        1181306 1181309 1181371 1181452 1181535 1181536 1181725 1182252
                        1182604 1183511 1183818 1184124 1184439 1184517 1184614 1184620
                        1184761 1184794 1184804 1184967 1184994 1184994 1185016 1185046
                        1185208 1185302 1185331 1185422 1185524 1185540 1185677 1185726
                        1185747 1185748 1185762 1185807 1185958 1186049 1186131 1186489
                        1186561 1186910 1187060 1187105 1187167 1187210 1187212 1187270
                        1187292 1187400 1187512 1187584 1187584 1187709 1187911 1188018
                        1188063 1188063 1188067 1188127 1188217 1188218 1188219 1188220
                        1188291 1188344 1188486 1188571 1188651 1188651 1188713 1188891
                        1188911 1188921 1188986 1189206 1189297 1189465 1189465 1189480
                        1189521 1189521 1189552 1189683 1189841 1189884 1189929 1189996
                        1190023 1190052 1190062 1190115 1190159 1190234 1190358 1190373
                        1190374 1190406 1190415 1190432 1190467 1190523 1190534 1190543
                        1190576 1190595 1190596 1190598 1190620 1190626 1190645 1190679
                        1190705 1190717 1190739 1190746 1190758 1190784 1190785 1190793
                        1190858 1190915 1190933 1191172 1191193 1191240 1191292 1191357
                        1191987 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244
                        CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880
                        CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959
                        CVE-2019-20218 CVE-2019-20838 CVE-2020-12049 CVE-2020-12400 CVE-2020-12401
                        CVE-2020-12403 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631
                        CVE-2020-13632 CVE-2020-13757 CVE-2020-14155 CVE-2020-15358 CVE-2020-16590
                        CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599
                        CVE-2020-24370 CVE-2020-24371 CVE-2020-25648 CVE-2020-35448 CVE-2020-35493
                        CVE-2020-35496 CVE-2020-35507 CVE-2020-35512 CVE-2020-3702 CVE-2020-6829
                        CVE-2020-9327 CVE-2021-20197 CVE-2021-20284 CVE-2021-22922 CVE-2021-22923
                        CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-33560
                        CVE-2021-33574 CVE-2021-33910 CVE-2021-33910 CVE-2021-3487 CVE-2021-3580
                        CVE-2021-35942 CVE-2021-36222 CVE-2021-3669 CVE-2021-3712 CVE-2021-3712
                        CVE-2021-3744 CVE-2021-3752 CVE-2021-37600 CVE-2021-3764 CVE-2021-37750
                        CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-40490 
-----------------------------------------------------------------

The container ses/6/ceph/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2008-1
Released:    Thu Jun 17 18:07:45 2021
Summary:     Security update for python-rsa
Type:        security
Severity:    important
References:  1172389,CVE-2020-13757
This update for python-rsa fixes the following issues:

- CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext (bsc#1172389)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2143-1
Released:    Wed Jun 23 16:27:04 2021
Summary:     Security update for libnettle
Type:        security
Severity:    important
References:  1187060,CVE-2021-3580
This update for libnettle fixes the following issues:

- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2157-1
Released:    Thu Jun 24 15:40:14 2021
Summary:     Security update for libgcrypt
Type:        security
Severity:    important
References:  1187212,CVE-2021-33560
This update for libgcrypt fixes the following issues:

- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2173-1
Released:    Mon Jun 28 14:59:45 2021
Summary:     Recommended update for automake
Type:        recommended
Severity:    moderate
References:  1040589,1047218,1182604,1185540,1186049
This update for automake fixes the following issues:

- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)

This update for pcre fixes the following issues:

- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)

This update for brp-check-suse fixes the following issues:

- Add fixes to support reproducible builds. (bsc#1186049) 


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2178-1
Released:    Mon Jun 28 15:56:15 2021
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
References:  1186561
This update for systemd-presets-common-SUSE fixes the following issues:

When installing the systemd-presets-common-SUSE package for the
first time in a new system, it might happen that some services
are installed before systemd so the %systemd_pre/post macros
would not work. This is handled by enabling all preset services
in this package's %posttrans section but it wasn't enabling
user services, just system services. Now it enables also the
user services installed before this package (bsc#1186561)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2179-1
Released:    Mon Jun 28 17:36:37 2021
Summary:     Recommended update for thin-provisioning-tools
Type:        recommended
Severity:    moderate
References:  1184124
This update for thin-provisioning-tools fixes the following issues:

- Link as position-independent executable (bsc#1184124)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2196-1
Released:    Tue Jun 29 09:41:39 2021
Summary:     Security update for lua53
Type:        security
Severity:    moderate
References:  1175448,1175449,CVE-2020-24370,CVE-2020-24371
This update for lua53 fixes the following issues:

Update to version 5.3.6:

- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2205-1
Released:    Wed Jun 30 09:17:41 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    important
References:  1187210
This update for openldap2 fixes the following issues:

- Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2224-1
Released:    Thu Jul  1 13:48:44 2021
Summary:     Recommended update for psmisc
Type:        recommended
Severity:    important
References:  1185208
This update for psmisc fixes the following issues:

- It does no longer list all processes from different private namespaces
  when fuser is run on an NFS mount. This led to an issue where the wrong
  processes were terminated in an SAP application cluster environment (bsc#1185208)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2246-1
Released:    Mon Jul  5 15:17:49 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400
This update for systemd fixes the following issues:

  cgroup: Parse infinity properly for memory protections. (bsc#1167471)
  cgroup: Make empty assignments reset to default. (bsc#1167471)
  cgroup: Support 0-value for memory protection directives. (bsc#1167471)
  core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935)
  bus-unit-util: Add proper 'MemorySwapMax' serialization.
  core: Accept MemorySwapMax= properties that are scaled.
  execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967)
  core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331)
  Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046)
  rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561)
  write_net_rules: Set execute bits. (bsc#1178561)
  udev: Rework network device renaming.
  Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available''
    
  mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
  core: fix output (logging) for mount units (#7603) (bsc#1187400)
  udev requires systemd in its %post (bsc#1185958)
  cgroup: Parse infinity properly for memory protections (bsc#1167471)
  cgroup: Make empty assignments reset to default (bsc#1167471)
  cgroup: Support 0-value for memory protection directives (bsc#1167471)
  Create /run/lock/subsys again (bsc#1187292)
  The creation of this directory was mistakenly dropped when
  'filesystem' package took the initialization of the generic paths
  over.
  Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
  
  

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2292-1
Released:    Mon Jul 12 08:25:20 2021
Summary:     Security update for dbus-1
Type:        security
Severity:    important
References:  1187105,CVE-2020-35512
This update for dbus-1 fixes the following issues:

- CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2320-1
Released:    Wed Jul 14 17:01:06 2021
Summary:     Security update for sqlite3
Type:        security
Severity:    important
References:  1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327
This update for sqlite3 fixes the following issues:

- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener
  optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in
  isAuxiliaryVtabOperator (bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling  of  certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer
  dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling  of certain errors during parsing  multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference
  (bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with
  a shadow table name (bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated
  columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views
  in conjunction with ALTER TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,
  which allows attackers to cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a
  sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2404-1
Released:    Tue Jul 20 14:21:30 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1184994,1188063,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063)
- Skip udev rules if 'elevator=' is used (bsc#1184994)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2440-1
Released:    Wed Jul 21 13:48:24 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925
This update for curl fixes the following issues:

- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released:    Thu Jul 29 14:21:52 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2689-1
Released:    Mon Aug 16 10:54:52 2021
Summary:     Security update for cpio
Type:        security
Severity:    important
References:  1189206,CVE-2021-38185
This update for cpio fixes the following issues:

It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2763-1
Released:    Tue Aug 17 17:16:22 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465
This update for cpio fixes the following issues:

- A regression in last update would cause builds to hang on various architectures(bsc#1189465)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2780-1
Released:    Thu Aug 19 16:09:15 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465,CVE-2021-38185
This update for cpio fixes the following issues:

- A regression in the previous update could lead to crashes (bsc#1189465)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2800-1
Released:    Fri Aug 20 10:43:04 2021
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1188571,CVE-2021-36222
This update for krb5 fixes the following issues:

- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2810-1
Released:    Mon Aug 23 12:14:30 2021
Summary:     Security update for dbus-1
Type:        security
Severity:    moderate
References:  1172505,CVE-2020-12049
This update for dbus-1 fixes the following issues:

- CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:2816-1
Released:    Mon Aug 23 14:17:09 2021
Summary:     Optional update for python-kubernetes
Type:        optional
Severity:    low
References:  
This patch provides the python3-kubernetes package to the following modules:

- Container Module for SUSE Linux Enterprise 15 SP2
- Container Module for SUSE Linux Enterprise 15 SP3

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2820-1
Released:    Tue Aug 24 10:38:27 2021
Summary:     Recommended update for ceph, deepsea
Type:        recommended
Severity:    moderate
References:  1175086,1178016,1181095,1181725,1184517,1185422,1186131,1187584,1188486
This update for ceph fixes the following issues:

- Update to 14.2.22-404-gf74e15c2e55:
  - Fix for an issue when scrub is not rescheduling. (bsc#1187584)

- Update to 14.2.22-403-g54cdaf6e510:
  - Fixed and isshe when dashboard shows partially deleted RBDs. (bsc#1175086)
  - Look for plain entries in non-ascii plain namespace too. (bsc#1184517)
  - Fix monitoring menu item in downstream branding


  This update for deepsea fixes the following issues:
- Version: 0.9.36
- Allow embedding of Grafana graphs (bsc#1186131)
- Wait for OSDs to be active after restarting (bsc#1185422)
- qa: functests/1node/restart: fix changed.any check
- mds/restart: only check MDS processes (not all processes)
- dg: include unavailable disks (bsc#1181725)
- upgrade: Add ability to specify registry credentials (bsc#1181095)
- Fix no UCST response after 1 second when validating time server
- osd: handle ceph osd ok-to-stop output from ceph v14.2.22
- monitoring: put node_exporter ARGS all on one line (bsc#1188486)
- Use correct pool when checking for rados config object (bsc#1178016)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2831-1
Released:    Tue Aug 24 16:20:45 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following security issue:

- CVE-2021-3712: a bug in the code for printing certificate details could
  lead to a buffer overrun that a malicious actor could exploit to crash
  the application, causing a denial-of-service attack. [bsc#1189521]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2863-1
Released:    Mon Aug 30 08:18:50 2021
Summary:     Recommended update for python-dbus-python
Type:        recommended
Severity:    moderate
References:  1183818
This update for python-dbus-python fixes the following issues:

- Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818)

- update to 1.2.16:
  * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present.

- Support builds with more than one python3 flavor
- Clean duplicate python flavor variables for configure

- Version update to version 1.2.14:
  * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions.
  * Disable -Winline.
  * Add clearer license information using SPDX-License-Identifier.
  * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx.
  * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types
  * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag
  * Silence '-Wcast-function-type' with gcc 8.
  * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall.
  * Consistently save and restore the exception indicator when called from C code.

- Add missing dependency for pkg-config files

- Version update to version 1.2.8:
  * Python 2.7 required or 3.4 respectively
  * Upstream dropped epydoc completely

- Add dbus-1-python3 package
- Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to
- When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon
- New package: dbus-1-python-devel

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2938-1
Released:    Fri Sep  3 09:19:36 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1184614

This update for openldap2 fixes the following issue:

- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2968-1
Released:    Tue Sep  7 09:53:00 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    low
References:  1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following issues:

- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. 
  Read buffer overruns processing ASN.1 strings (bsc#1189521).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3001-1
Released:    Thu Sep  9 15:08:13 2021
Summary:     Recommended update for netcfg
Type:        recommended
Severity:    moderate
References:  1189683
This update for netcfg fixes the following issues:

- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3034-1
Released:    Tue Sep 14 13:49:23 2021
Summary:     Recommended update for python-pytz
Type:        recommended
Severity:    moderate
References:  1185748
This update for python-pytz fixes the following issues:

- Add %pyunittest shim for platforms where it is missing.
- Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748)

- update to 2021.1:
  * update to IANA 2021a timezone release 

- update to 2020.5:
  * update to IANA 2020e timezone release 
  
- update to 2020.4:
  * update to IANA 2020d timezone release

- update to version 2020.1:
  * Test against Python 3.8 and Python 3.9
  * Bump version numbers to 2020.1/2020a
  * use .rst extension name
  * Make FixedOffset part of public API

- Update to 2019.3
  * IANA 2019c

- Add versioned dependency on timezone database to ensure the correct data is installed
- Add a symlink to the  system timezone database

- update to 2019.2
 *	IANA 2019b
 * 	Defer generating case-insensitive lookups


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3115-1
Released:    Thu Sep 16 14:04:26 2021
Summary:     Recommended update for mozilla-nspr, mozilla-nss
Type:        recommended
Severity:    moderate
References:  1029961,1174697,1176206,1176934,1179382,1188891,CVE-2020-12400,CVE-2020-12401,CVE-2020-12403,CVE-2020-25648,CVE-2020-6829
This update for mozilla-nspr fixes the following issues:

mozilla-nspr was updated to version 4.32:

* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
  size for DNS queries 
* Lock access to PRCallOnceType members in PR_CallOnce* for
  thread safety bmo#1686138
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
  information about the operating system build version.


Mozilla NSS was updated to version 3.68:

* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.

update to NSS 3.67

* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.

update to NSS 3.66

* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.

update to NSS 3.65

* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.

update to NSS 3.64

* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
		disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports('vsx') with
		ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
		acceleration.

Fixed in 3.63

* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
		initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
		scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
		initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
		scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
		profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
		with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
		of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
		'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
		from NSS.
* bmo#1687822 - Turn off Websites trust bit for the ???Staat der
		Nederlanden Root CA - G3??? root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
		Root - 2008' and 'Global Chambersign Root - 2008???.
* bmo#1694291 - Tracing fixes for ECH.

update to NSS 3.62

* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
		can corrupt 'cachedCertTable'
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07

update to NSS 3.61

* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
		values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
		with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.

Update to NSS 3.60.1:

Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
  has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
  implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
  to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
  for more information.

Update to NSS 3.59.1:

* bmo#1679290 - Fix potential deadlock with certain third-party
		PKCS11 modules

Update to NSS 3.59:

Notable changes:

* Exported two existing functions from libnss:
  CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData

Bugfixes

* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
		root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
		solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
		our CVE-2020-25648 fix that broke purple-discord
		(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
		CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
		ASN.1 decoder that affected decoding certain PKCS8
		private keys when using NSS debug builds
*  bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.

update to NSS 3.58

Bugs fixed:

* bmo#1641480 (CVE-2020-25648)
  Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
  (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
  (draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
  extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
  gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
  to TrustDomain::CheckRevocation instead of the notBefore value.

update to NSS 3.57

* The following CA certificates were Added:
  bmo#1663049 - CN=Trustwave Global Certification Authority
      SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
  bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
      SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
  bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
      SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
  bmo#1651211 - CN=EE Certification Centre Root CA
      SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
  bmo#1656077 - O=Government Root Certification Authority; C=TW
      SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
  bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
      Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes

update to NSS 3.56

Notable changes

* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
		detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
		lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
		fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
		cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting 'all' as the default
		makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
		commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28

update to NSS 3.55

Notable changes
* P384 and P521 elliptic curve implementations are replaced with
  verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
  can be queried with a DER-Encoded certificate, providing performance
  and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)

Relevant Bugfixes

* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
  P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
  ChaCha20 (which was not functioning correctly) and more strictly
  enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
  with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
  for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
  RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
  signature_algorithms extension.

update to NSS 3.54

Notable changes

* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
  (bmo#1528113)
* The following CA certificates were Added:
  bmo#1645186 - certSIGN Root CA G2.
  bmo#1645174 - e-Szigno Root CA 2017.
  bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
  bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
  bmo#1645199 - AddTrust Class 1 CA Root.
  bmo#1645199 - AddTrust External CA Root.
  bmo#1641718 - LuxTrust Global Root 2.
  bmo#1639987 - Staat der Nederlanden Root CA - G2.
  bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
  bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
  bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.

* A number of certificates had their Email trust bit disabled.
  See bmo#1618402 for a complete list.

Bugs fixed

* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
* bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for 'O=Government
	       Root Certification Authority; C=TW' root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate.
* bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root
		certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
		bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
		self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3182-1
Released:    Tue Sep 21 17:04:26 2021
Summary:     Recommended update for file
Type:        recommended
Severity:    moderate
References:  1189996
This update for file fixes the following issues:

- Fixes exception thrown by memory allocation problem (bsc#1189996)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3233-1
Released:    Mon Sep 27 15:02:21 2021
Summary:     Recommended update for xfsprogs
Type:        recommended
Severity:    moderate
References:  1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552
This update for xfsprogs fixes the following issues:

- Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299)
- xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency.
- mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536)
- mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535)
- xfs_growfs: Refactor geometry reporting. (bsc#1181306)
- xfs_growfs: Allow mounted device node as argument. (bsc#1181299)
- xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309)
- xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651)
- xfs_bmap: Remove '-c' from manpage. (bsc#1189552)
- xfs_bmap: Do not reject '-e'. (bsc#1189552)
- Implement 'libhandle1' through ECO. (jsc#SLE-20360)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3278-1
Released:    Mon Oct  4 09:30:10 2021
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    important
References:  1190858
This update for ca-certificates-mozilla fixes the following issues:

- remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires
  September 30th 2021 and openssl certificate chain handling does not handle
  this correctly in openssl 1.0.2 and older. (bsc#1190858)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3297-1
Released:    Wed Oct  6 16:53:29 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1190373,1190374,CVE-2021-22946,CVE-2021-22947
This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3318-1
Released:    Wed Oct  6 19:31:19 2021
Summary:     Recommended update for sudo
Type:        recommended
Severity:    moderate
References:  1176473,1181371
This update for sudo fixes the following issues:

- Update to sudo 1.8.27 (jsc#SLE-17083).
- Fixed special handling of ipa_hostname (bsc#1181371).
- Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED option is not set in /etc/ldap.conf (bsc#1176473).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3348-1
Released:    Tue Oct 12 13:08:06 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).

- logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).
- Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).
- Rules weren't applied to dm devices (multipath) (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234).
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).
- Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3385-1
Released:    Tue Oct 12 15:54:31 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:

- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)
- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3447-1
Released:    Fri Oct 15 09:05:12 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490


The SUSE Linux Enterprise 15 SP2 kernel was updated.


The following security bugs were fixed:

- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)

The following non-security bugs were fixed:

- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: Prevent probing virtual functions (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3454-1
Released:    Mon Oct 18 09:29:26 2021
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1189929,CVE-2021-37750
This update for krb5 fixes the following issues:

- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:08 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3523-1
Released:    Tue Oct 26 15:40:13 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1122417,1125886,1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921).
- agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
- mount: Fix 'mount' output for net file systems (bsc#1122417).
- ipcs: Avoid overflows (bsc#1178236)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3616-1
Released:    Thu Nov  4 12:29:15 2021
Summary:     Security update for binutils
Type:        security
Severity:    moderate
References:  1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487
This update for binutils fixes the following issues:

Update to binutils 2.37:

* The GNU Binutils sources now requires a C99 compiler and library to
  build.
* Support for Realm Management Extension (RME) for AArch64 has been
  added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
  has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
  special treatment of __start_*/__stop_* references when
  --gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
  cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
  specify how the numeric values of symbols are reported.
  --sym-base=0|8|10|16 tells readelf to display the values in base 8,
  base 10 or base 16.  A sym base of 0 represents the default action
  of displaying values under 10000 in base 10 and values above that in
  base 16.
* A new format has been added to the nm program.  Specifying
  '--format=just-symbols' (or just using -j) will tell the program to
  only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
  objcopy and strip.  This stops the removal of unused section symbols
  when the file is copied.  Removing these symbols saves space, but
  sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
  supported by objcopy now make undefined symbols weak on targets that
  support weak symbols. 
* Readelf and objdump can now display and use the contents of .debug_sup
  sections.
* Readelf and objdump will now follow links to separate debug info
  files by default.  This behaviour can be stopped via the use of the
  new '-wN' or '--debug-dump=no-follow-links' options for readelf and
  the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
  the old behaviour can be restored by the use of the
  '--enable-follow-debug-links=no' configure time option.

  The semantics of the =follow-links option have also been slightly
  changed.  When enabled, the option allows for the loading of symbol
  tables and string tables from the separate files which can be used
  to enhance the information displayed when dumping other sections,
  but it does not automatically imply that information from the
  separate files should be displayed.

  If other debug section display options are also enabled (eg
  '--debug-dump=info') then the contents of matching sections in both
  the main file and the separate debuginfo file *will* be displayed.
  This is because in most cases the debug section will only be present
  in one of the files.

  If however non-debug section display options are enabled (eg
  '--sections') then the contents of matching parts of the separate
  debuginfo file will *not* be displayed.  This is because in most
  cases the user probably only wanted to load the symbol information
  from the separate debuginfo file.  In order to change this behaviour
  a new command line option --process-links can be used.  This will
  allow di0pslay options to applied to both the main file and any
  separate debuginfo files.

* Nm has a new command line option: '--quiet'.  This suppresses 'no
  symbols' diagnostic.

Update to binutils 2.36:

New features in the Assembler:

- General:

   * When setting the link order attribute of ELF sections, it is now
     possible to use a numeric section index instead of symbol name.
   * Added a .nop directive to generate a single no-op instruction in
     a target neutral manner.  This instruction does have an effect on
     DWARF line number generation, if that is active.
   * Removed --reduce-memory-overheads and --hash-size as gas now
     uses hash tables that can be expand and shrink automatically.

- X86/x86_64:

   * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
     Locker instructions. 
   * Support non-absolute segment values for lcall and ljmp.
   * Add {disp16} pseudo prefix to x86 assembler.
   * Configure with --enable-x86-used-note by default for Linux/x86.

-  ARM/AArch64:

   * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
     Cortex-R82, Neoverse V1, and Neoverse N2 cores.
   * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
     Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
     Stack Recorder Extension) and BRBE (Branch Record Buffer
     Extension) system registers.
   * Add support for Armv8-R and Armv8.7-A ISA extensions.
   * Add support for DSB memory nXS barrier, WFET and WFIT
     instruction for Armv8.7.
   * Add support for +csre feature for -march. Add CSR PDEC
     instruction for CSRE feature in AArch64.
   * Add support for +flagm feature for -march in Armv8.4 AArch64.
   * Add support for +ls64 feature for -march in Armv8.7
     AArch64. Add atomic 64-byte load/store instructions for this
     feature. 
   * Add support for +pauth (Pointer Authentication) feature for
     -march in AArch64.

New features in the Linker:

  * Add --error-handling-script=<NAME> command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new 
     command-line option --ctf-share-types describes how to do this:
     its default value, share-unconflicted, produces the most compact
     output.
  * The linker now omits the 'variable section' from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.

New features in other binary tools:

  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=<style>,
    --no-demangle, --recurse-limit and --no-recurse-limit options
    are also now availale.

The following security fixes are addressed by the update:

- CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452).
- CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
- CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620).
- CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794).
- CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898).
- CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899).
- CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900).
- CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901).
- CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902).
- CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903)
- CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451).
- CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454).
- CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3618-1
Released:    Fri Nov  5 11:04:58 2021
Summary:     Recommended update for ceph
Type:        recommended
Severity:    moderate
References:  1185747,1187584,1187709,1188911,1190415,1191357
This update for ceph fixes the following issues:

- osd: move down peers out from peer_purged (bsc#1187709)
- osd: fix scrub reschedule bug (bsc#1187584) 
- osd marked down causes wrong backfill_toofull (bsc#1188911)
- osd panic occur repeatedly when recovering an object after disk replacement (bsc#1190415)
- rgw: allow to set ssl options and ciphers for beast frontend (bsc#1185747)
- bucket removal operation fails (bsc#1191357)
- pybind/mgr/insights: Don't persist report data
- os/bluestore: fix erroneous SharedBlob record removal during repair
- os/bluestore: Remove possibility of replay log and file inconsistency
- mgr/dashboard/api: set a UTF-8 locale when running pip
- common/options: Set osd_client_message_cap to 256
- mgr/DaemonServer: skip redundant update of pgp_num_actual
- pybind/ceph_volume_client: use cephfs mkdirs api


The following package changes have been done:

- binutils-2.37-7.21.2 updated
- ca-certificates-mozilla-2.44-4.32.1 updated
- ceph-base-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-common-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-fuse-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-grafana-dashboards-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mds-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-dashboard-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-diskprediction-local-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-rook-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mon-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-osd-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-radosgw-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-14.2.22.445+ga68959d39a6-3.40.1 updated
- cpio-2.12-3.9.1 updated
- dbus-1-1.12.2-8.11.2 updated
- file-magic-5.32-7.14.1 updated
- gawk-4.2.1-1.41 added
- glibc-locale-base-2.26-13.59.1 updated
- glibc-2.26-13.59.1 updated
- kmod-compat-25-6.10.1 updated
- kmod-25-6.10.1 updated
- krb5-1.16.3-3.24.1 updated
- libaugeas0-1.10.1-3.3.1 updated
- libblkid1-2.33.2-4.16.1 updated
- libcephfs2-14.2.22.445+ga68959d39a6-3.40.1 updated
- libctf-nobfd0-2.37-7.21.2 updated
- libctf0-2.37-7.21.2 updated
- libcurl4-7.60.0-25.1 updated
- libdbus-1-3-1.12.2-8.11.2 updated
- libfdisk1-2.33.2-4.16.1 updated
- libfreebl3-3.68-3.56.1 updated
- libgcrypt20-1.8.2-8.39.1 updated
- libhogweed4-3.4.1-4.18.1 updated
- libkmod2-25-6.10.1 updated
- libldap-2_4-2-2.4.46-9.58.1 updated
- libldap-data-2.4.46-9.58.1 updated
- liblua5_3-5-5.3.6-3.6.1 updated
- libmagic1-5.32-7.14.1 updated
- libmount1-2.33.2-4.16.1 updated
- libncurses6-6.1-5.9.1 updated
- libnettle6-3.4.1-4.18.1 updated
- libopenssl1_1-1.1.0i-14.21.2 updated
- libpcre1-8.45-20.10.1 updated
- librados2-14.2.22.445+ga68959d39a6-3.40.1 updated
- librbd1-14.2.22.445+ga68959d39a6-3.40.1 updated
- librgw2-14.2.22.445+ga68959d39a6-3.40.1 updated
- libsmartcols1-2.33.2-4.16.1 updated
- libsoftokn3-3.68-3.56.1 updated
- libsqlite3-0-3.36.0-3.12.1 updated
- libsystemd0-234-24.93.1 updated
- libudev1-234-24.93.1 updated
- libuuid1-2.33.2-4.16.1 updated
- mozilla-nspr-4.32-3.20.1 updated
- mozilla-nss-certs-3.68-3.56.1 updated
- mozilla-nss-3.68-3.56.1 updated
- ncurses-utils-6.1-5.9.1 updated
- netcfg-11.6-3.3.1 updated
- openssl-1_1-1.1.0i-14.21.2 updated
- pam-1.3.0-6.50.1 updated
- psmisc-23.0-6.16.1 updated
- python3-asn1crypto-0.24.0-3.2.1 updated
- python3-ceph-argparse-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-cephfs-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-dbus-python-1.2.16-6.3.1 updated
- python3-google-auth-1.5.1-3.4.1 updated
- python3-kubernetes-8.0.1-3.5.1 updated
- python3-oauth2client-gce-4.1.2-3.2.1 updated
- python3-oauth2client-4.1.2-3.2.1 updated
- python3-pyasn1-0.4.2-3.2.1 updated
- python3-pycparser-2.17-3.2.1 updated
- python3-pytz-2021.1-6.7.1 updated
- python3-rados-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-rbd-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-rgw-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-rsa-3.4.2-3.4.1 updated
- python3-urllib3-1.25.10-9.14.1 updated
- rbd-mirror-14.2.22.445+ga68959d39a6-3.40.1 updated
- rbd-nbd-14.2.22.445+ga68959d39a6-3.40.1 updated
- sudo-1.8.27-4.21.4 updated
- systemd-presets-common-SUSE-15-8.9.1 updated
- systemd-234-24.93.1 updated
- terminfo-base-6.1-5.9.1 updated
- thin-provisioning-tools-0.7.5-3.3.1 updated
- timezone-2021a-3.47.1 updated
- udev-234-24.93.1 updated
- util-linux-2.33.2-4.16.1 updated
- xfsprogs-4.15.0-4.40.1 updated
- container:sles15-image-15.0.0-6.2.527 updated
- dbus-1-glib-0.108-1.29 removed

From sle-updates at lists.suse.com  Tue Nov  9 07:33:09 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 08:33:09 +0100 (CET)
Subject: SUSE-CU-2021:496-1: Security update of ses/6/rook/ceph
Message-ID: <20211109073309.1B987FBAC@maintenance.suse.de>

SUSE Container Update Advisory: ses/6/rook/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:496-1
Container Tags        : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.486 , ses/6/rook/ceph:latest
Container Release     : 1.5.486
Severity              : critical
Type                  : security
References            : 1029961 1040589 1047218 1065729 1085917 1122417 1125886 1134353
                        1148868 1152489 1154353 1154935 1157818 1158812 1158958 1158959
                        1158960 1159491 1159715 1159847 1159850 1159886 1160309 1160438
                        1160439 1164719 1167471 1167773 1170774 1171962 1172091 1172115
                        1172234 1172236 1172240 1172389 1172505 1172973 1172974 1173641
                        1173746 1174697 1175086 1175448 1175449 1176206 1176473 1176934
                        1176940 1178016 1178236 1178561 1179382 1179898 1179899 1179900
                        1179901 1179902 1179903 1180451 1180454 1180461 1181095 1181299
                        1181306 1181309 1181371 1181452 1181535 1181536 1181725 1182252
                        1182604 1183511 1183818 1184124 1184439 1184517 1184614 1184620
                        1184761 1184794 1184804 1184967 1184994 1184994 1185016 1185046
                        1185208 1185302 1185331 1185422 1185524 1185540 1185677 1185726
                        1185747 1185748 1185762 1185807 1185958 1186049 1186131 1186489
                        1186561 1186910 1187060 1187105 1187167 1187210 1187212 1187270
                        1187292 1187400 1187512 1187584 1187584 1187709 1187911 1188018
                        1188063 1188063 1188067 1188127 1188217 1188218 1188219 1188220
                        1188291 1188344 1188486 1188571 1188651 1188651 1188713 1188891
                        1188911 1188921 1188986 1189206 1189297 1189465 1189465 1189480
                        1189521 1189521 1189552 1189683 1189841 1189884 1189929 1189996
                        1190023 1190052 1190062 1190115 1190159 1190234 1190358 1190373
                        1190374 1190406 1190415 1190432 1190467 1190523 1190534 1190543
                        1190576 1190595 1190596 1190598 1190620 1190626 1190645 1190679
                        1190705 1190717 1190739 1190746 1190758 1190784 1190785 1190793
                        1190858 1190915 1190933 1191172 1191193 1191240 1191292 1191357
                        1191987 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244
                        CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880
                        CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959
                        CVE-2019-20218 CVE-2019-20838 CVE-2020-12049 CVE-2020-12400 CVE-2020-12401
                        CVE-2020-12403 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631
                        CVE-2020-13632 CVE-2020-13757 CVE-2020-14155 CVE-2020-15358 CVE-2020-16590
                        CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599
                        CVE-2020-24370 CVE-2020-24371 CVE-2020-25648 CVE-2020-35448 CVE-2020-35493
                        CVE-2020-35496 CVE-2020-35507 CVE-2020-35512 CVE-2020-3702 CVE-2020-6829
                        CVE-2020-9327 CVE-2021-20197 CVE-2021-20284 CVE-2021-22922 CVE-2021-22923
                        CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-33560
                        CVE-2021-33574 CVE-2021-33910 CVE-2021-33910 CVE-2021-3487 CVE-2021-3580
                        CVE-2021-35942 CVE-2021-36222 CVE-2021-3669 CVE-2021-3712 CVE-2021-3712
                        CVE-2021-3744 CVE-2021-3752 CVE-2021-37600 CVE-2021-3764 CVE-2021-37750
                        CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-40490 
-----------------------------------------------------------------

The container ses/6/rook/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2008-1
Released:    Thu Jun 17 18:07:45 2021
Summary:     Security update for python-rsa
Type:        security
Severity:    important
References:  1172389,CVE-2020-13757
This update for python-rsa fixes the following issues:

- CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext (bsc#1172389)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2143-1
Released:    Wed Jun 23 16:27:04 2021
Summary:     Security update for libnettle
Type:        security
Severity:    important
References:  1187060,CVE-2021-3580
This update for libnettle fixes the following issues:

- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2157-1
Released:    Thu Jun 24 15:40:14 2021
Summary:     Security update for libgcrypt
Type:        security
Severity:    important
References:  1187212,CVE-2021-33560
This update for libgcrypt fixes the following issues:

- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2173-1
Released:    Mon Jun 28 14:59:45 2021
Summary:     Recommended update for automake
Type:        recommended
Severity:    moderate
References:  1040589,1047218,1182604,1185540,1186049
This update for automake fixes the following issues:

- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)

This update for pcre fixes the following issues:

- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)

This update for brp-check-suse fixes the following issues:

- Add fixes to support reproducible builds. (bsc#1186049) 


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2178-1
Released:    Mon Jun 28 15:56:15 2021
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
References:  1186561
This update for systemd-presets-common-SUSE fixes the following issues:

When installing the systemd-presets-common-SUSE package for the
first time in a new system, it might happen that some services
are installed before systemd so the %systemd_pre/post macros
would not work. This is handled by enabling all preset services
in this package's %posttrans section but it wasn't enabling
user services, just system services. Now it enables also the
user services installed before this package (bsc#1186561)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2179-1
Released:    Mon Jun 28 17:36:37 2021
Summary:     Recommended update for thin-provisioning-tools
Type:        recommended
Severity:    moderate
References:  1184124
This update for thin-provisioning-tools fixes the following issues:

- Link as position-independent executable (bsc#1184124)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2196-1
Released:    Tue Jun 29 09:41:39 2021
Summary:     Security update for lua53
Type:        security
Severity:    moderate
References:  1175448,1175449,CVE-2020-24370,CVE-2020-24371
This update for lua53 fixes the following issues:

Update to version 5.3.6:

- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2205-1
Released:    Wed Jun 30 09:17:41 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    important
References:  1187210
This update for openldap2 fixes the following issues:

- Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2224-1
Released:    Thu Jul  1 13:48:44 2021
Summary:     Recommended update for psmisc
Type:        recommended
Severity:    important
References:  1185208
This update for psmisc fixes the following issues:

- It does no longer list all processes from different private namespaces
  when fuser is run on an NFS mount. This led to an issue where the wrong
  processes were terminated in an SAP application cluster environment (bsc#1185208)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2246-1
Released:    Mon Jul  5 15:17:49 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400
This update for systemd fixes the following issues:

  cgroup: Parse infinity properly for memory protections. (bsc#1167471)
  cgroup: Make empty assignments reset to default. (bsc#1167471)
  cgroup: Support 0-value for memory protection directives. (bsc#1167471)
  core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935)
  bus-unit-util: Add proper 'MemorySwapMax' serialization.
  core: Accept MemorySwapMax= properties that are scaled.
  execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967)
  core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331)
  Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046)
  rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561)
  write_net_rules: Set execute bits. (bsc#1178561)
  udev: Rework network device renaming.
  Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available''
    
  mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
  core: fix output (logging) for mount units (#7603) (bsc#1187400)
  udev requires systemd in its %post (bsc#1185958)
  cgroup: Parse infinity properly for memory protections (bsc#1167471)
  cgroup: Make empty assignments reset to default (bsc#1167471)
  cgroup: Support 0-value for memory protection directives (bsc#1167471)
  Create /run/lock/subsys again (bsc#1187292)
  The creation of this directory was mistakenly dropped when
  'filesystem' package took the initialization of the generic paths
  over.
  Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
  
  

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2292-1
Released:    Mon Jul 12 08:25:20 2021
Summary:     Security update for dbus-1
Type:        security
Severity:    important
References:  1187105,CVE-2020-35512
This update for dbus-1 fixes the following issues:

- CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2320-1
Released:    Wed Jul 14 17:01:06 2021
Summary:     Security update for sqlite3
Type:        security
Severity:    important
References:  1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327
This update for sqlite3 fixes the following issues:

- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener
  optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in
  isAuxiliaryVtabOperator (bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling  of  certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer
  dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling  of certain errors during parsing  multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference
  (bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with
  a shadow table name (bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated
  columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views
  in conjunction with ALTER TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,
  which allows attackers to cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a
  sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2404-1
Released:    Tue Jul 20 14:21:30 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1184994,1188063,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063)
- Skip udev rules if 'elevator=' is used (bsc#1184994)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2440-1
Released:    Wed Jul 21 13:48:24 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925
This update for curl fixes the following issues:

- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released:    Thu Jul 29 14:21:52 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2689-1
Released:    Mon Aug 16 10:54:52 2021
Summary:     Security update for cpio
Type:        security
Severity:    important
References:  1189206,CVE-2021-38185
This update for cpio fixes the following issues:

It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2763-1
Released:    Tue Aug 17 17:16:22 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465
This update for cpio fixes the following issues:

- A regression in last update would cause builds to hang on various architectures(bsc#1189465)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2780-1
Released:    Thu Aug 19 16:09:15 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465,CVE-2021-38185
This update for cpio fixes the following issues:

- A regression in the previous update could lead to crashes (bsc#1189465)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2800-1
Released:    Fri Aug 20 10:43:04 2021
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1188571,CVE-2021-36222
This update for krb5 fixes the following issues:

- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2810-1
Released:    Mon Aug 23 12:14:30 2021
Summary:     Security update for dbus-1
Type:        security
Severity:    moderate
References:  1172505,CVE-2020-12049
This update for dbus-1 fixes the following issues:

- CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:2816-1
Released:    Mon Aug 23 14:17:09 2021
Summary:     Optional update for python-kubernetes
Type:        optional
Severity:    low
References:  
This patch provides the python3-kubernetes package to the following modules:

- Container Module for SUSE Linux Enterprise 15 SP2
- Container Module for SUSE Linux Enterprise 15 SP3

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2820-1
Released:    Tue Aug 24 10:38:27 2021
Summary:     Recommended update for ceph, deepsea
Type:        recommended
Severity:    moderate
References:  1175086,1178016,1181095,1181725,1184517,1185422,1186131,1187584,1188486
This update for ceph fixes the following issues:

- Update to 14.2.22-404-gf74e15c2e55:
  - Fix for an issue when scrub is not rescheduling. (bsc#1187584)

- Update to 14.2.22-403-g54cdaf6e510:
  - Fixed and isshe when dashboard shows partially deleted RBDs. (bsc#1175086)
  - Look for plain entries in non-ascii plain namespace too. (bsc#1184517)
  - Fix monitoring menu item in downstream branding


  This update for deepsea fixes the following issues:
- Version: 0.9.36
- Allow embedding of Grafana graphs (bsc#1186131)
- Wait for OSDs to be active after restarting (bsc#1185422)
- qa: functests/1node/restart: fix changed.any check
- mds/restart: only check MDS processes (not all processes)
- dg: include unavailable disks (bsc#1181725)
- upgrade: Add ability to specify registry credentials (bsc#1181095)
- Fix no UCST response after 1 second when validating time server
- osd: handle ceph osd ok-to-stop output from ceph v14.2.22
- monitoring: put node_exporter ARGS all on one line (bsc#1188486)
- Use correct pool when checking for rados config object (bsc#1178016)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2831-1
Released:    Tue Aug 24 16:20:45 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following security issue:

- CVE-2021-3712: a bug in the code for printing certificate details could
  lead to a buffer overrun that a malicious actor could exploit to crash
  the application, causing a denial-of-service attack. [bsc#1189521]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2863-1
Released:    Mon Aug 30 08:18:50 2021
Summary:     Recommended update for python-dbus-python
Type:        recommended
Severity:    moderate
References:  1183818
This update for python-dbus-python fixes the following issues:

- Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818)

- update to 1.2.16:
  * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present.

- Support builds with more than one python3 flavor
- Clean duplicate python flavor variables for configure

- Version update to version 1.2.14:
  * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions.
  * Disable -Winline.
  * Add clearer license information using SPDX-License-Identifier.
  * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx.
  * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types
  * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag
  * Silence '-Wcast-function-type' with gcc 8.
  * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall.
  * Consistently save and restore the exception indicator when called from C code.

- Add missing dependency for pkg-config files

- Version update to version 1.2.8:
  * Python 2.7 required or 3.4 respectively
  * Upstream dropped epydoc completely

- Add dbus-1-python3 package
- Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to
- When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon
- New package: dbus-1-python-devel

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2938-1
Released:    Fri Sep  3 09:19:36 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1184614

This update for openldap2 fixes the following issue:

- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2968-1
Released:    Tue Sep  7 09:53:00 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    low
References:  1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following issues:

- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. 
  Read buffer overruns processing ASN.1 strings (bsc#1189521).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3001-1
Released:    Thu Sep  9 15:08:13 2021
Summary:     Recommended update for netcfg
Type:        recommended
Severity:    moderate
References:  1189683
This update for netcfg fixes the following issues:

- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3034-1
Released:    Tue Sep 14 13:49:23 2021
Summary:     Recommended update for python-pytz
Type:        recommended
Severity:    moderate
References:  1185748
This update for python-pytz fixes the following issues:

- Add %pyunittest shim for platforms where it is missing.
- Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748)

- update to 2021.1:
  * update to IANA 2021a timezone release 

- update to 2020.5:
  * update to IANA 2020e timezone release 
  
- update to 2020.4:
  * update to IANA 2020d timezone release

- update to version 2020.1:
  * Test against Python 3.8 and Python 3.9
  * Bump version numbers to 2020.1/2020a
  * use .rst extension name
  * Make FixedOffset part of public API

- Update to 2019.3
  * IANA 2019c

- Add versioned dependency on timezone database to ensure the correct data is installed
- Add a symlink to the  system timezone database

- update to 2019.2
 *	IANA 2019b
 * 	Defer generating case-insensitive lookups


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3115-1
Released:    Thu Sep 16 14:04:26 2021
Summary:     Recommended update for mozilla-nspr, mozilla-nss
Type:        recommended
Severity:    moderate
References:  1029961,1174697,1176206,1176934,1179382,1188891,CVE-2020-12400,CVE-2020-12401,CVE-2020-12403,CVE-2020-25648,CVE-2020-6829
This update for mozilla-nspr fixes the following issues:

mozilla-nspr was updated to version 4.32:

* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
  size for DNS queries 
* Lock access to PRCallOnceType members in PR_CallOnce* for
  thread safety bmo#1686138
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
  information about the operating system build version.


Mozilla NSS was updated to version 3.68:

* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.

update to NSS 3.67

* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.

update to NSS 3.66

* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.

update to NSS 3.65

* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.

update to NSS 3.64

* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
		disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports('vsx') with
		ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
		acceleration.

Fixed in 3.63

* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
		initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
		scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
		initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
		scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
		profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
		with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
		of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
		'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
		from NSS.
* bmo#1687822 - Turn off Websites trust bit for the ???Staat der
		Nederlanden Root CA - G3??? root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
		Root - 2008' and 'Global Chambersign Root - 2008???.
* bmo#1694291 - Tracing fixes for ECH.

update to NSS 3.62

* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
		can corrupt 'cachedCertTable'
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07

update to NSS 3.61

* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
		values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
		with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.

Update to NSS 3.60.1:

Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
  has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
  implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
  to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
  for more information.

Update to NSS 3.59.1:

* bmo#1679290 - Fix potential deadlock with certain third-party
		PKCS11 modules

Update to NSS 3.59:

Notable changes:

* Exported two existing functions from libnss:
  CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData

Bugfixes

* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
		root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
		solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
		our CVE-2020-25648 fix that broke purple-discord
		(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
		CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
		ASN.1 decoder that affected decoding certain PKCS8
		private keys when using NSS debug builds
*  bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.

update to NSS 3.58

Bugs fixed:

* bmo#1641480 (CVE-2020-25648)
  Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
  (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
  (draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
  extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
  gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
  to TrustDomain::CheckRevocation instead of the notBefore value.

update to NSS 3.57

* The following CA certificates were Added:
  bmo#1663049 - CN=Trustwave Global Certification Authority
      SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
  bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
      SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
  bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
      SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
  bmo#1651211 - CN=EE Certification Centre Root CA
      SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
  bmo#1656077 - O=Government Root Certification Authority; C=TW
      SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
  bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
      Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes

update to NSS 3.56

Notable changes

* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
		detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
		lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
		fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
		cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting 'all' as the default
		makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
		commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28

update to NSS 3.55

Notable changes
* P384 and P521 elliptic curve implementations are replaced with
  verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
  can be queried with a DER-Encoded certificate, providing performance
  and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)

Relevant Bugfixes

* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
  P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
  ChaCha20 (which was not functioning correctly) and more strictly
  enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
  with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
  for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
  RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
  signature_algorithms extension.

update to NSS 3.54

Notable changes

* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
  (bmo#1528113)
* The following CA certificates were Added:
  bmo#1645186 - certSIGN Root CA G2.
  bmo#1645174 - e-Szigno Root CA 2017.
  bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
  bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
  bmo#1645199 - AddTrust Class 1 CA Root.
  bmo#1645199 - AddTrust External CA Root.
  bmo#1641718 - LuxTrust Global Root 2.
  bmo#1639987 - Staat der Nederlanden Root CA - G2.
  bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
  bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
  bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.

* A number of certificates had their Email trust bit disabled.
  See bmo#1618402 for a complete list.

Bugs fixed

* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
* bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for 'O=Government
	       Root Certification Authority; C=TW' root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate.
* bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root
		certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
		bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
		self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3182-1
Released:    Tue Sep 21 17:04:26 2021
Summary:     Recommended update for file
Type:        recommended
Severity:    moderate
References:  1189996
This update for file fixes the following issues:

- Fixes exception thrown by memory allocation problem (bsc#1189996)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3233-1
Released:    Mon Sep 27 15:02:21 2021
Summary:     Recommended update for xfsprogs
Type:        recommended
Severity:    moderate
References:  1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552
This update for xfsprogs fixes the following issues:

- Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299)
- xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency.
- mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536)
- mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535)
- xfs_growfs: Refactor geometry reporting. (bsc#1181306)
- xfs_growfs: Allow mounted device node as argument. (bsc#1181299)
- xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309)
- xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651)
- xfs_bmap: Remove '-c' from manpage. (bsc#1189552)
- xfs_bmap: Do not reject '-e'. (bsc#1189552)
- Implement 'libhandle1' through ECO. (jsc#SLE-20360)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3278-1
Released:    Mon Oct  4 09:30:10 2021
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    important
References:  1190858
This update for ca-certificates-mozilla fixes the following issues:

- remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires
  September 30th 2021 and openssl certificate chain handling does not handle
  this correctly in openssl 1.0.2 and older. (bsc#1190858)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3297-1
Released:    Wed Oct  6 16:53:29 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1190373,1190374,CVE-2021-22946,CVE-2021-22947
This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3318-1
Released:    Wed Oct  6 19:31:19 2021
Summary:     Recommended update for sudo
Type:        recommended
Severity:    moderate
References:  1176473,1181371
This update for sudo fixes the following issues:

- Update to sudo 1.8.27 (jsc#SLE-17083).
- Fixed special handling of ipa_hostname (bsc#1181371).
- Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED option is not set in /etc/ldap.conf (bsc#1176473).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3348-1
Released:    Tue Oct 12 13:08:06 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).

- logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).
- Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).
- Rules weren't applied to dm devices (multipath) (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234).
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).
- Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3385-1
Released:    Tue Oct 12 15:54:31 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:

- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)
- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3447-1
Released:    Fri Oct 15 09:05:12 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490


The SUSE Linux Enterprise 15 SP2 kernel was updated.


The following security bugs were fixed:

- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)

The following non-security bugs were fixed:

- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: Prevent probing virtual functions (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3454-1
Released:    Mon Oct 18 09:29:26 2021
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1189929,CVE-2021-37750
This update for krb5 fixes the following issues:

- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:08 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3523-1
Released:    Tue Oct 26 15:40:13 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1122417,1125886,1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921).
- agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
- mount: Fix 'mount' output for net file systems (bsc#1122417).
- ipcs: Avoid overflows (bsc#1178236)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3616-1
Released:    Thu Nov  4 12:29:15 2021
Summary:     Security update for binutils
Type:        security
Severity:    moderate
References:  1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487
This update for binutils fixes the following issues:

Update to binutils 2.37:

* The GNU Binutils sources now requires a C99 compiler and library to
  build.
* Support for Realm Management Extension (RME) for AArch64 has been
  added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
  has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
  special treatment of __start_*/__stop_* references when
  --gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
  cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
  specify how the numeric values of symbols are reported.
  --sym-base=0|8|10|16 tells readelf to display the values in base 8,
  base 10 or base 16.  A sym base of 0 represents the default action
  of displaying values under 10000 in base 10 and values above that in
  base 16.
* A new format has been added to the nm program.  Specifying
  '--format=just-symbols' (or just using -j) will tell the program to
  only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
  objcopy and strip.  This stops the removal of unused section symbols
  when the file is copied.  Removing these symbols saves space, but
  sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
  supported by objcopy now make undefined symbols weak on targets that
  support weak symbols. 
* Readelf and objdump can now display and use the contents of .debug_sup
  sections.
* Readelf and objdump will now follow links to separate debug info
  files by default.  This behaviour can be stopped via the use of the
  new '-wN' or '--debug-dump=no-follow-links' options for readelf and
  the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
  the old behaviour can be restored by the use of the
  '--enable-follow-debug-links=no' configure time option.

  The semantics of the =follow-links option have also been slightly
  changed.  When enabled, the option allows for the loading of symbol
  tables and string tables from the separate files which can be used
  to enhance the information displayed when dumping other sections,
  but it does not automatically imply that information from the
  separate files should be displayed.

  If other debug section display options are also enabled (eg
  '--debug-dump=info') then the contents of matching sections in both
  the main file and the separate debuginfo file *will* be displayed.
  This is because in most cases the debug section will only be present
  in one of the files.

  If however non-debug section display options are enabled (eg
  '--sections') then the contents of matching parts of the separate
  debuginfo file will *not* be displayed.  This is because in most
  cases the user probably only wanted to load the symbol information
  from the separate debuginfo file.  In order to change this behaviour
  a new command line option --process-links can be used.  This will
  allow di0pslay options to applied to both the main file and any
  separate debuginfo files.

* Nm has a new command line option: '--quiet'.  This suppresses 'no
  symbols' diagnostic.

Update to binutils 2.36:

New features in the Assembler:

- General:

   * When setting the link order attribute of ELF sections, it is now
     possible to use a numeric section index instead of symbol name.
   * Added a .nop directive to generate a single no-op instruction in
     a target neutral manner.  This instruction does have an effect on
     DWARF line number generation, if that is active.
   * Removed --reduce-memory-overheads and --hash-size as gas now
     uses hash tables that can be expand and shrink automatically.

- X86/x86_64:

   * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
     Locker instructions. 
   * Support non-absolute segment values for lcall and ljmp.
   * Add {disp16} pseudo prefix to x86 assembler.
   * Configure with --enable-x86-used-note by default for Linux/x86.

-  ARM/AArch64:

   * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
     Cortex-R82, Neoverse V1, and Neoverse N2 cores.
   * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
     Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
     Stack Recorder Extension) and BRBE (Branch Record Buffer
     Extension) system registers.
   * Add support for Armv8-R and Armv8.7-A ISA extensions.
   * Add support for DSB memory nXS barrier, WFET and WFIT
     instruction for Armv8.7.
   * Add support for +csre feature for -march. Add CSR PDEC
     instruction for CSRE feature in AArch64.
   * Add support for +flagm feature for -march in Armv8.4 AArch64.
   * Add support for +ls64 feature for -march in Armv8.7
     AArch64. Add atomic 64-byte load/store instructions for this
     feature. 
   * Add support for +pauth (Pointer Authentication) feature for
     -march in AArch64.

New features in the Linker:

  * Add --error-handling-script=<NAME> command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new 
     command-line option --ctf-share-types describes how to do this:
     its default value, share-unconflicted, produces the most compact
     output.
  * The linker now omits the 'variable section' from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.

New features in other binary tools:

  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=<style>,
    --no-demangle, --recurse-limit and --no-recurse-limit options
    are also now availale.

The following security fixes are addressed by the update:

- CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452).
- CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
- CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620).
- CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794).
- CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898).
- CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899).
- CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900).
- CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901).
- CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902).
- CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903)
- CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451).
- CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454).
- CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3618-1
Released:    Fri Nov  5 11:04:58 2021
Summary:     Recommended update for ceph
Type:        recommended
Severity:    moderate
References:  1185747,1187584,1187709,1188911,1190415,1191357
This update for ceph fixes the following issues:

- osd: move down peers out from peer_purged (bsc#1187709)
- osd: fix scrub reschedule bug (bsc#1187584) 
- osd marked down causes wrong backfill_toofull (bsc#1188911)
- osd panic occur repeatedly when recovering an object after disk replacement (bsc#1190415)
- rgw: allow to set ssl options and ciphers for beast frontend (bsc#1185747)
- bucket removal operation fails (bsc#1191357)
- pybind/mgr/insights: Don't persist report data
- os/bluestore: fix erroneous SharedBlob record removal during repair
- os/bluestore: Remove possibility of replay log and file inconsistency
- mgr/dashboard/api: set a UTF-8 locale when running pip
- common/options: Set osd_client_message_cap to 256
- mgr/DaemonServer: skip redundant update of pgp_num_actual
- pybind/ceph_volume_client: use cephfs mkdirs api


The following package changes have been done:

- binutils-2.37-7.21.2 updated
- ca-certificates-mozilla-2.44-4.32.1 updated
- ceph-base-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-common-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-fuse-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-grafana-dashboards-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mds-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-dashboard-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-diskprediction-local-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-rook-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mgr-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-mon-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-osd-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-radosgw-14.2.22.445+ga68959d39a6-3.40.1 updated
- ceph-14.2.22.445+ga68959d39a6-3.40.1 updated
- cpio-2.12-3.9.1 updated
- dbus-1-1.12.2-8.11.2 updated
- file-magic-5.32-7.14.1 updated
- gawk-4.2.1-1.41 added
- glibc-locale-base-2.26-13.59.1 updated
- glibc-2.26-13.59.1 updated
- kmod-compat-25-6.10.1 updated
- kmod-25-6.10.1 updated
- krb5-1.16.3-3.24.1 updated
- libaugeas0-1.10.1-3.3.1 updated
- libblkid1-2.33.2-4.16.1 updated
- libcephfs2-14.2.22.445+ga68959d39a6-3.40.1 updated
- libctf-nobfd0-2.37-7.21.2 updated
- libctf0-2.37-7.21.2 updated
- libcurl4-7.60.0-25.1 updated
- libdbus-1-3-1.12.2-8.11.2 updated
- libfdisk1-2.33.2-4.16.1 updated
- libfreebl3-3.68-3.56.1 updated
- libgcrypt20-1.8.2-8.39.1 updated
- libhogweed4-3.4.1-4.18.1 updated
- libkmod2-25-6.10.1 updated
- libldap-2_4-2-2.4.46-9.58.1 updated
- libldap-data-2.4.46-9.58.1 updated
- liblua5_3-5-5.3.6-3.6.1 updated
- libmagic1-5.32-7.14.1 updated
- libmount1-2.33.2-4.16.1 updated
- libncurses6-6.1-5.9.1 updated
- libnettle6-3.4.1-4.18.1 updated
- libopenssl1_1-1.1.0i-14.21.2 updated
- libpcre1-8.45-20.10.1 updated
- librados2-14.2.22.445+ga68959d39a6-3.40.1 updated
- librbd1-14.2.22.445+ga68959d39a6-3.40.1 updated
- librgw2-14.2.22.445+ga68959d39a6-3.40.1 updated
- libsmartcols1-2.33.2-4.16.1 updated
- libsoftokn3-3.68-3.56.1 updated
- libsqlite3-0-3.36.0-3.12.1 updated
- libsystemd0-234-24.93.1 updated
- libudev1-234-24.93.1 updated
- libuuid1-2.33.2-4.16.1 updated
- mozilla-nspr-4.32-3.20.1 updated
- mozilla-nss-certs-3.68-3.56.1 updated
- mozilla-nss-3.68-3.56.1 updated
- ncurses-utils-6.1-5.9.1 updated
- netcfg-11.6-3.3.1 updated
- openssl-1_1-1.1.0i-14.21.2 updated
- pam-1.3.0-6.50.1 updated
- psmisc-23.0-6.16.1 updated
- python3-asn1crypto-0.24.0-3.2.1 updated
- python3-ceph-argparse-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-cephfs-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-dbus-python-1.2.16-6.3.1 updated
- python3-google-auth-1.5.1-3.4.1 updated
- python3-kubernetes-8.0.1-3.5.1 updated
- python3-oauth2client-gce-4.1.2-3.2.1 updated
- python3-oauth2client-4.1.2-3.2.1 updated
- python3-pyasn1-0.4.2-3.2.1 updated
- python3-pycparser-2.17-3.2.1 updated
- python3-pytz-2021.1-6.7.1 updated
- python3-rados-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-rbd-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-rgw-14.2.22.445+ga68959d39a6-3.40.1 updated
- python3-rsa-3.4.2-3.4.1 updated
- python3-urllib3-1.25.10-9.14.1 updated
- rbd-mirror-14.2.22.445+ga68959d39a6-3.40.1 updated
- rbd-nbd-14.2.22.445+ga68959d39a6-3.40.1 updated
- sudo-1.8.27-4.21.4 updated
- systemd-presets-common-SUSE-15-8.9.1 updated
- systemd-234-24.93.1 updated
- terminfo-base-6.1-5.9.1 updated
- thin-provisioning-tools-0.7.5-3.3.1 updated
- timezone-2021a-3.47.1 updated
- udev-234-24.93.1 updated
- util-linux-2.33.2-4.16.1 updated
- xfsprogs-4.15.0-4.40.1 updated
- container:sles15-image-15.0.0-6.2.526 updated
- dbus-1-glib-0.108-1.29 removed

From sle-updates at lists.suse.com  Tue Nov  9 08:16:38 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 09:16:38 +0100 (CET)
Subject: SUSE-RU-2021:3627-1: important: Recommended update for
 gnome-control-center
Message-ID: <20211109081638.3E26CFBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for gnome-control-center
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3627-1
Rating:             important
References:         #1190875 
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15-SP2
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP2
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for gnome-control-center fixes the following issues:

   - Restore patch that prompts error messages when wicked is used as network
     manager (bsc#1190875)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15-SP2:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3627=1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3627=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):

      gnome-control-center-color-3.34.6-3.10.1
      gnome-control-center-debuginfo-3.34.6-3.10.1
      gnome-control-center-debugsource-3.34.6-3.10.1
      gnome-control-center-goa-3.34.6-3.10.1
      gnome-control-center-user-faces-3.34.6-3.10.1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64):

      gnome-control-center-3.34.6-3.10.1
      gnome-control-center-debuginfo-3.34.6-3.10.1
      gnome-control-center-debugsource-3.34.6-3.10.1
      gnome-control-center-devel-3.34.6-3.10.1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch):

      gnome-control-center-lang-3.34.6-3.10.1


References:

   https://bugzilla.suse.com/1190875


From sle-updates at lists.suse.com  Tue Nov  9 14:17:50 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 15:17:50 +0100 (CET)
Subject: SUSE-SU-2021:3635-1: important: Security update for qemu
Message-ID: <20211109141750.2D1CBFCC9@maintenance.suse.de>


   SUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3635-1
Rating:             important
References:         #1180432 #1180433 #1180434 #1180435 #1182651 
                    #1186012 #1189145 #1189702 #1189938 
Cross-References:   CVE-2020-35503 CVE-2020-35504 CVE-2020-35505
                    CVE-2020-35506 CVE-2021-20255 CVE-2021-3527
                    CVE-2021-3682 CVE-2021-3713 CVE-2021-3748
                   
CVSS scores:
                    CVE-2020-35503 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
                    CVE-2020-35503 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35504 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
                    CVE-2020-35504 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35505 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35505 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-35506 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-35506 (SUSE): 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
                    CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
                    CVE-2021-3527 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3527 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
                    CVE-2021-3682 (SUSE): 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
                    CVE-2021-3713 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-3748 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud 9
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server 12-SP4-LTSS
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:

   This update for qemu fixes the following issues:

   Security issues fixed:

   - Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938,
     CVE-2021-3748)
   - Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation
     (bsc#1189702, CVE-2021-3713)
   - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145,
     CVE-2021-3682)
   - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504)
     (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506)
   - NULL pointer dereference issue in megasas-gen2 host bus adapter
     (bsc#1180432, CVE-2020-35503)
   - eepro100: stack overflow via infinite recursion (bsc#1182651,
     CVE-2021-20255)
   - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3635=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3635=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3635=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3635=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      qemu-2.11.2-5.40.2
      qemu-block-curl-2.11.2-5.40.2
      qemu-block-curl-debuginfo-2.11.2-5.40.2
      qemu-block-iscsi-2.11.2-5.40.2
      qemu-block-iscsi-debuginfo-2.11.2-5.40.2
      qemu-block-rbd-2.11.2-5.40.2
      qemu-block-rbd-debuginfo-2.11.2-5.40.2
      qemu-block-ssh-2.11.2-5.40.2
      qemu-block-ssh-debuginfo-2.11.2-5.40.2
      qemu-debugsource-2.11.2-5.40.2
      qemu-guest-agent-2.11.2-5.40.2
      qemu-guest-agent-debuginfo-2.11.2-5.40.2
      qemu-kvm-2.11.2-5.40.2
      qemu-lang-2.11.2-5.40.2
      qemu-tools-2.11.2-5.40.2
      qemu-tools-debuginfo-2.11.2-5.40.2
      qemu-x86-2.11.2-5.40.2

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      qemu-ipxe-1.0.0+-5.40.2
      qemu-seabios-1.11.0_0_g63451fc-5.40.2
      qemu-sgabios-8-5.40.2
      qemu-vgabios-1.11.0_0_g63451fc-5.40.2

   - SUSE OpenStack Cloud 9 (x86_64):

      qemu-2.11.2-5.40.2
      qemu-block-curl-2.11.2-5.40.2
      qemu-block-curl-debuginfo-2.11.2-5.40.2
      qemu-block-iscsi-2.11.2-5.40.2
      qemu-block-iscsi-debuginfo-2.11.2-5.40.2
      qemu-block-rbd-2.11.2-5.40.2
      qemu-block-rbd-debuginfo-2.11.2-5.40.2
      qemu-block-ssh-2.11.2-5.40.2
      qemu-block-ssh-debuginfo-2.11.2-5.40.2
      qemu-debugsource-2.11.2-5.40.2
      qemu-guest-agent-2.11.2-5.40.2
      qemu-guest-agent-debuginfo-2.11.2-5.40.2
      qemu-kvm-2.11.2-5.40.2
      qemu-lang-2.11.2-5.40.2
      qemu-tools-2.11.2-5.40.2
      qemu-tools-debuginfo-2.11.2-5.40.2
      qemu-x86-2.11.2-5.40.2

   - SUSE OpenStack Cloud 9 (noarch):

      qemu-ipxe-1.0.0+-5.40.2
      qemu-seabios-1.11.0_0_g63451fc-5.40.2
      qemu-sgabios-8-5.40.2
      qemu-vgabios-1.11.0_0_g63451fc-5.40.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      qemu-2.11.2-5.40.2
      qemu-block-curl-2.11.2-5.40.2
      qemu-block-curl-debuginfo-2.11.2-5.40.2
      qemu-block-iscsi-2.11.2-5.40.2
      qemu-block-iscsi-debuginfo-2.11.2-5.40.2
      qemu-block-ssh-2.11.2-5.40.2
      qemu-block-ssh-debuginfo-2.11.2-5.40.2
      qemu-debugsource-2.11.2-5.40.2
      qemu-guest-agent-2.11.2-5.40.2
      qemu-guest-agent-debuginfo-2.11.2-5.40.2
      qemu-lang-2.11.2-5.40.2
      qemu-tools-2.11.2-5.40.2
      qemu-tools-debuginfo-2.11.2-5.40.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le):

      qemu-ppc-2.11.2-5.40.2
      qemu-ppc-debuginfo-2.11.2-5.40.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):

      qemu-ipxe-1.0.0+-5.40.2
      qemu-seabios-1.11.0_0_g63451fc-5.40.2
      qemu-sgabios-8-5.40.2
      qemu-vgabios-1.11.0_0_g63451fc-5.40.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):

      qemu-block-rbd-2.11.2-5.40.2
      qemu-block-rbd-debuginfo-2.11.2-5.40.2
      qemu-kvm-2.11.2-5.40.2
      qemu-x86-2.11.2-5.40.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      qemu-2.11.2-5.40.2
      qemu-block-curl-2.11.2-5.40.2
      qemu-block-curl-debuginfo-2.11.2-5.40.2
      qemu-block-iscsi-2.11.2-5.40.2
      qemu-block-iscsi-debuginfo-2.11.2-5.40.2
      qemu-block-ssh-2.11.2-5.40.2
      qemu-block-ssh-debuginfo-2.11.2-5.40.2
      qemu-debugsource-2.11.2-5.40.2
      qemu-guest-agent-2.11.2-5.40.2
      qemu-guest-agent-debuginfo-2.11.2-5.40.2
      qemu-lang-2.11.2-5.40.2
      qemu-tools-2.11.2-5.40.2
      qemu-tools-debuginfo-2.11.2-5.40.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 x86_64):

      qemu-block-rbd-2.11.2-5.40.2
      qemu-block-rbd-debuginfo-2.11.2-5.40.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):

      qemu-kvm-2.11.2-5.40.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le):

      qemu-ppc-2.11.2-5.40.2
      qemu-ppc-debuginfo-2.11.2-5.40.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64):

      qemu-arm-2.11.2-5.40.2
      qemu-arm-debuginfo-2.11.2-5.40.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64):

      qemu-x86-2.11.2-5.40.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):

      qemu-ipxe-1.0.0+-5.40.2
      qemu-seabios-1.11.0_0_g63451fc-5.40.2
      qemu-sgabios-8-5.40.2
      qemu-vgabios-1.11.0_0_g63451fc-5.40.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x):

      qemu-s390-2.11.2-5.40.2
      qemu-s390-debuginfo-2.11.2-5.40.2


References:

   https://www.suse.com/security/cve/CVE-2020-35503.html
   https://www.suse.com/security/cve/CVE-2020-35504.html
   https://www.suse.com/security/cve/CVE-2020-35505.html
   https://www.suse.com/security/cve/CVE-2020-35506.html
   https://www.suse.com/security/cve/CVE-2021-20255.html
   https://www.suse.com/security/cve/CVE-2021-3527.html
   https://www.suse.com/security/cve/CVE-2021-3682.html
   https://www.suse.com/security/cve/CVE-2021-3713.html
   https://www.suse.com/security/cve/CVE-2021-3748.html
   https://bugzilla.suse.com/1180432
   https://bugzilla.suse.com/1180433
   https://bugzilla.suse.com/1180434
   https://bugzilla.suse.com/1180435
   https://bugzilla.suse.com/1182651
   https://bugzilla.suse.com/1186012
   https://bugzilla.suse.com/1189145
   https://bugzilla.suse.com/1189702
   https://bugzilla.suse.com/1189938


From sle-updates at lists.suse.com  Tue Nov  9 14:19:53 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 15:19:53 +0100 (CET)
Subject: SUSE-SU-2021:3634-1: moderate: Security update for
 rubygem-activerecord-5_1
Message-ID: <20211109141953.6AF22FCC9@maintenance.suse.de>


   SUSE Security Update: Security update for rubygem-activerecord-5_1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3634-1
Rating:             moderate
References:         #1182169 
Cross-References:   CVE-2021-22880
CVSS scores:
                    CVE-2021-22880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-22880 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise High Availability 15-SP3
                    SUSE Linux Enterprise High Availability 15-SP2
                    SUSE Linux Enterprise High Availability 15-SP1
                    SUSE Linux Enterprise High Availability 15
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for rubygem-activerecord-5_1 fixes the following issues:

   - CVE-2021-22880: Fixed possible DoS vector in PostgreSQL money type
     (bsc#1182169).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3634=1

   - SUSE Linux Enterprise High Availability 15-SP2:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3634=1

   - SUSE Linux Enterprise High Availability 15-SP1:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-3634=1

   - SUSE Linux Enterprise High Availability 15:

      zypper in -t patch SUSE-SLE-Product-HA-15-2021-3634=1



Package List:

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      ruby2.5-rubygem-activerecord-5_1-5.1.4-5.3.3

   - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):

      ruby2.5-rubygem-activerecord-5_1-5.1.4-5.3.3

   - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):

      ruby2.5-rubygem-activerecord-5_1-5.1.4-5.3.3

   - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):

      ruby2.5-rubygem-activerecord-5_1-5.1.4-5.3.3


References:

   https://www.suse.com/security/cve/CVE-2021-22880.html
   https://bugzilla.suse.com/1182169


From sle-updates at lists.suse.com  Tue Nov  9 14:21:06 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 15:21:06 +0100 (CET)
Subject: SUSE-RU-2021:3629-1: important: Recommended update for
 suse-migration-sle15-activation
Message-ID: <20211109142106.82968FCC9@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for suse-migration-sle15-activation
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3629-1
Rating:             important
References:         #1191195 
Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for suse-migration-sle15-activation fixes the following issues:

   - Fixed an issue when upgrading from SUSE Linux Enterprise 12 SP5 to SUSE
     Linux Enterprise 15 SP2 through SUSE Manager where the root device
     failed to mount (bsc#1191195)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-3629=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 12 (noarch):

      suse-migration-sle15-activation-2.0.32-6.27.1


References:

   https://bugzilla.suse.com/1191195


From sle-updates at lists.suse.com  Tue Nov  9 17:17:55 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 18:17:55 +0100 (CET)
Subject: SUSE-SU-2021:3637-1: moderate: Security update for binutils
Message-ID: <20211109171755.045C5FBAC@maintenance.suse.de>


   SUSE Security Update: Security update for binutils
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3637-1
Rating:             moderate
References:         #1183909 #1184519 #1188941 #1191473 #1192267 
                    
Cross-References:   CVE-2021-20294
CVSS scores:
                    CVE-2021-20294 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-20294 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that solves one vulnerability and has four fixes
   is now available.

Description:

   This update for binutils fixes the following issues:

   - For compatibility on old code stream that expect 'brcl 0,label' to not
     be disassembled as 'jgnop label' on s390x.  (bsc#1192267) This reverts
     IBM zSeries HLASM support for now.
   - Fixed that ppc64 optflags did not enable LTO (bsc#1188941).
   - Fix empty man-pages from broken release tarball
   - Fixed a memory corruption with rpath option (bsc#1191473).

   - Fixed slow performance of stripping some binaries (bsc#1183909).

   Security issue fixed:

   - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in
     readelf (bnc#1184519)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3637=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3637=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3637=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3637=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3637=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3637=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3637=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3637=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3637=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3637=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3637=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3637=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3637=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1

   - SUSE OpenStack Cloud 9 (x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1

   - SUSE OpenStack Cloud 8 (x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      binutils-gold-2.37-9.44.1
      binutils-gold-debuginfo-2.37-9.44.1
      cross-ppc-binutils-2.37-9.44.1
      cross-ppc-binutils-debuginfo-2.37-9.44.1
      cross-ppc-binutils-debugsource-2.37-9.44.1
      cross-spu-binutils-2.37-9.44.1
      cross-spu-binutils-debuginfo-2.37-9.44.1
      cross-spu-binutils-debugsource-2.37-9.44.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1

   - HPE Helion Openstack 8 (x86_64):

      binutils-2.37-9.44.1
      binutils-debuginfo-2.37-9.44.1
      binutils-debugsource-2.37-9.44.1
      binutils-devel-2.37-9.44.1
      libctf-nobfd0-2.37-9.44.1
      libctf-nobfd0-debuginfo-2.37-9.44.1
      libctf0-2.37-9.44.1
      libctf0-debuginfo-2.37-9.44.1


References:

   https://www.suse.com/security/cve/CVE-2021-20294.html
   https://bugzilla.suse.com/1183909
   https://bugzilla.suse.com/1184519
   https://bugzilla.suse.com/1188941
   https://bugzilla.suse.com/1191473
   https://bugzilla.suse.com/1192267


From sle-updates at lists.suse.com  Tue Nov  9 17:19:40 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 18:19:40 +0100 (CET)
Subject: SUSE-RU-2021:3638-1: important: Recommended update for samba
Message-ID: <20211109171940.136DCFBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for samba
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3638-1
Rating:             important
References:         #1188727 #1189017 #14571 SLE-18456 
Affected Products:
                    SUSE Linux Enterprise Module for Python2 15-SP3
                    SUSE Linux Enterprise Module for Public Cloud 15-SP3
                    SUSE Linux Enterprise Module for Public Cloud 15-SP2
                    SUSE Linux Enterprise Module for Public Cloud 15-SP1
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise High Availability 15-SP3
______________________________________________________________________________

   An update that has three recommended fixes and contains one
   feature can now be installed.

Description:

   This update for samba fixes the following issues:

   Features added:

   - Add Certificate Auto Enrollment Policy. (jsc#SLE-18456)

   Bugs fixed:

   - Fix wrong kvno exported to keytab after net ads changetrustpw due to
     replication delay. (bsc#1188727)
   - Fix 'net rpc' authentication when using the machine account.
     (bsc#1189017)

   Samba was updated to 4.13.10

   * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL
     for directory handles; (bso#14708);
   * Take a copy to make sure we don't reference free'd memory; (bso#14721);
   * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722);
   * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
     change_file_owner_to_parent() error path; (bso#14736);
   * samba-tool: Give better error information when the 'domain backup
     restore' fails with a duplicate SID; (bso#14575);
   * smbd: Correctly initialize close timestamp fields; (bso#14714);
   * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740);
   * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
   * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750);
   * smbXsrv_{open,session,tcon}: Protect
     smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records;
     (bso#14752);
   * samba-tool domain backup offline doesn't work against bind DLZ backend;
     (bso#14027);
   * netcmd: Use next_free_rid() function to calculate a SID for restoring a
     backup; (bso#14669);

   Samba was updated to 4.13.9:

   * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success;
     (bso#14696);
   * Add documentation for dsdb_group_audit and dsdb_group_json_audit to "log
     level", synchronise "log level" in smb.conf with the code; (bso#14689);
   * Fix smbd panic when two clients open same file; (bso#14672);
   * Fix memory leak in the RPC server; (bso#14675);
   * s3: smbd: Fix deferred renames; (bso#14679);
   * s3-iremotewinspool: Set the per-request memory context; (bso#14675);
   * rpc_server3: Fix a memleak for internal pipes; (bso#14675);
   * third_party: Update socket_wrapper to version 1.3.2; (bso#11899);
   * third_party: Update socket_wrapper to version 1.3.3; (bso#14639);
   * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict;
     (bso#14663);
   * Fix the build on OmniOS; (bso#14288);

   Update to 4.13.7

   * Release with dependency on ldb version 2.2.1.
   - Fix wrong kvno exported to keytab after net ads changetrustpw due to
     replication delay (bsc#1188727)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Python2 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-3638=1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-3638=1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-3638=1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-3638=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3638=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3638=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3638=1

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3638=1



Package List:

   - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64):

      samba-ad-dc-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-ad-dc-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-debugsource-4.13.10+git.236.0517d0e6bdf-3.7.12

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64):

      python-pykerberos-debuginfo-1.2.1-3.5.1
      python-pykerberos-debugsource-1.2.1-3.5.1
      python3-pykerberos-1.2.1-3.5.1
      python3-pykerberos-debuginfo-1.2.1-3.5.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):

      python3-requests-kerberos-0.12.0-3.3.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64):

      python-pykerberos-debuginfo-1.2.1-3.5.1
      python-pykerberos-debugsource-1.2.1-3.5.1
      python3-pykerberos-1.2.1-3.5.1
      python3-pykerberos-debuginfo-1.2.1-3.5.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):

      python3-requests-kerberos-0.12.0-3.3.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64):

      python-pykerberos-debuginfo-1.2.1-3.5.1
      python-pykerberos-debugsource-1.2.1-3.5.1
      python3-pykerberos-1.2.1-3.5.1
      python3-pykerberos-debuginfo-1.2.1-3.5.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch):

      python3-requests-kerberos-0.12.0-3.3.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):

      python-pykerberos-debuginfo-1.2.1-3.5.1
      python-pykerberos-debugsource-1.2.1-3.5.1
      python2-pykerberos-1.2.1-3.5.1
      python2-pykerberos-debuginfo-1.2.1-3.5.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):

      python2-requests-kerberos-0.12.0-3.3.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64):

      python-pykerberos-debuginfo-1.2.1-3.5.1
      python-pykerberos-debugsource-1.2.1-3.5.1
      python2-pykerberos-1.2.1-3.5.1
      python2-pykerberos-debuginfo-1.2.1-3.5.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch):

      python2-requests-kerberos-0.12.0-3.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      certmonger-0.79.13-7.3.1
      certmonger-debuginfo-0.79.13-7.3.1
      certmonger-debugsource-0.79.13-7.3.1
      libdcerpc-binding0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libdcerpc-binding0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libdcerpc-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libdcerpc-samr-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libdcerpc-samr0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libdcerpc-samr0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libdcerpc0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libdcerpc0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-krb5pac-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-krb5pac0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-krb5pac0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-nbt-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-nbt0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-nbt0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-standard-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-standard0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-standard0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr1-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr1-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libnetapi-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libnetapi0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libnetapi0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-credentials-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-credentials0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-credentials0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-errors-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-errors0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-errors0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-hostconfig-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-hostconfig0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-hostconfig0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-passdb-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-passdb0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-passdb0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-policy-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-policy-python3-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-policy0-python3-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-policy0-python3-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-util-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-util0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-util0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamdb-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamdb0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamdb0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbclient-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbclient0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbclient0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbconf-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbconf0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbconf0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbldap-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbldap2-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbldap2-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libtevent-util-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libtevent-util0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libtevent-util0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libwbclient-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      libwbclient0-4.13.10+git.236.0517d0e6bdf-3.7.12
      libwbclient0-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libxmlrpc++8-1.51.07-7.3.1
      libxmlrpc++8-debuginfo-1.51.07-7.3.1
      libxmlrpc3-1.51.07-7.3.1
      libxmlrpc3-debuginfo-1.51.07-7.3.1
      libxmlrpc_abyss++8-1.51.07-7.3.1
      libxmlrpc_abyss++8-debuginfo-1.51.07-7.3.1
      libxmlrpc_abyss3-1.51.07-7.3.1
      libxmlrpc_abyss3-debuginfo-1.51.07-7.3.1
      libxmlrpc_client++8-1.51.07-7.3.1
      libxmlrpc_client++8-debuginfo-1.51.07-7.3.1
      libxmlrpc_client3-1.51.07-7.3.1
      libxmlrpc_client3-debuginfo-1.51.07-7.3.1
      libxmlrpc_cpp8-1.51.07-7.3.1
      libxmlrpc_cpp8-debuginfo-1.51.07-7.3.1
      libxmlrpc_packetsocket8-1.51.07-7.3.1
      libxmlrpc_packetsocket8-debuginfo-1.51.07-7.3.1
      libxmlrpc_server++8-1.51.07-7.3.1
      libxmlrpc_server++8-debuginfo-1.51.07-7.3.1
      libxmlrpc_server3-1.51.07-7.3.1
      libxmlrpc_server3-debuginfo-1.51.07-7.3.1
      libxmlrpc_server_abyss++8-1.51.07-7.3.1
      libxmlrpc_server_abyss++8-debuginfo-1.51.07-7.3.1
      libxmlrpc_server_abyss3-1.51.07-7.3.1
      libxmlrpc_server_abyss3-debuginfo-1.51.07-7.3.1
      libxmlrpc_server_cgi++8-1.51.07-7.3.1
      libxmlrpc_server_cgi++8-debuginfo-1.51.07-7.3.1
      libxmlrpc_server_cgi3-1.51.07-7.3.1
      libxmlrpc_server_cgi3-debuginfo-1.51.07-7.3.1
      libxmlrpc_server_pstream++8-1.51.07-7.3.1
      libxmlrpc_server_pstream++8-debuginfo-1.51.07-7.3.1
      libxmlrpc_util++8-1.51.07-7.3.1
      libxmlrpc_util++8-debuginfo-1.51.07-7.3.1
      libxmlrpc_util4-1.51.07-7.3.1
      libxmlrpc_util4-debuginfo-1.51.07-7.3.1
      python-pykerberos-debuginfo-1.2.1-3.5.1
      python-pykerberos-debugsource-1.2.1-3.5.1
      python3-pykerberos-1.2.1-3.5.1
      python3-pykerberos-debuginfo-1.2.1-3.5.1
      samba-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-client-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-client-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-core-devel-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-debugsource-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-dsdb-modules-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-dsdb-modules-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-gpupdate-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-ldb-ldap-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-ldb-ldap-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-libs-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-libs-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-libs-python3-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-libs-python3-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-python3-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-python3-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-winbind-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-winbind-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      sscep-0.7.0-7.3.1
      sscep-debuginfo-0.7.0-7.3.1
      sscep-debugsource-0.7.0-7.3.1
      xmlrpc-c-debuginfo-1.51.07-7.3.1
      xmlrpc-c-debugsource-1.51.07-7.3.1
      xmlrpc-c-devel-1.51.07-7.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):

      samba-ceph-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-ceph-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      cepces-0.3.4-7.3.1
      cepces-certmonger-0.3.4-7.3.1
      python3-cepces-0.3.4-7.3.1
      python3-requests-kerberos-0.12.0-3.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):

      libdcerpc-binding0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libdcerpc-binding0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libdcerpc0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libdcerpc0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-krb5pac0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-krb5pac0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-nbt0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-nbt0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-standard0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr-standard0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr1-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libndr1-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libnetapi0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libnetapi0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-credentials0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-credentials0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-errors0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-errors0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-hostconfig0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-hostconfig0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-passdb0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-passdb0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-util0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamba-util0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamdb0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsamdb0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbconf0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbconf0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbldap2-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libsmbldap2-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libtevent-util0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libtevent-util0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      libwbclient0-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      libwbclient0-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-libs-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-libs-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-winbind-32bit-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-winbind-32bit-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      ctdb-4.13.10+git.236.0517d0e6bdf-3.7.12
      ctdb-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-debuginfo-4.13.10+git.236.0517d0e6bdf-3.7.12
      samba-debugsource-4.13.10+git.236.0517d0e6bdf-3.7.12


References:

   https://bugzilla.suse.com/1188727
   https://bugzilla.suse.com/1189017
   https://bugzilla.suse.com/14571


From sle-updates at lists.suse.com  Tue Nov  9 17:22:18 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 18:22:18 +0100 (CET)
Subject: SUSE-RU-2021:3636-1: important: Recommended update for SUSEConnect
Message-ID: <20211109172218.41CC5FCC9@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for SUSEConnect
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3636-1
Rating:             important
References:         
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

   An update that has 0 recommended fixes can now be installed.

Description:

   This update for SUSEConnect contains the following fix:

   - Update to 0.3.32:
     - Allow --regcode and --instance-data attributes at the same time.
       (jsc#PCT-164)
     - Document that 'debug' can also get set in the config file.
     - --status will also print the subscription name.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3636=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3636=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3636=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3636=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      SUSEConnect-0.3.32-3.40.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      SUSEConnect-0.3.32-3.40.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      SUSEConnect-0.3.32-3.40.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      SUSEConnect-0.3.32-3.40.1


References:



From sle-updates at lists.suse.com  Tue Nov  9 20:16:35 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 21:16:35 +0100 (CET)
Subject: SUSE-SU-2021:3642-1: important: Security update for the Linux Kernel
Message-ID: <20211109201635.A7A12FBAC@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3642-1
Rating:             important
References:         #1065729 #1085030 #1152472 #1152489 #1156395 
                    #1172073 #1173604 #1176447 #1176774 #1176914 
                    #1178134 #1180100 #1181147 #1184673 #1185762 
                    #1186063 #1186109 #1187167 #1188563 #1189841 
                    #1190006 #1190067 #1190349 #1190351 #1190479 
                    #1190620 #1190642 #1190795 #1190801 #1190941 
                    #1191229 #1191240 #1191241 #1191315 #1191317 
                    #1191349 #1191384 #1191449 #1191450 #1191451 
                    #1191452 #1191455 #1191456 #1191628 #1191645 
                    #1191663 #1191731 #1191800 #1191867 #1191934 
                    #1191958 #1192040 #1192041 #1192074 #1192107 
                    #1192145 
Cross-References:   CVE-2021-33033 CVE-2021-34866 CVE-2021-3542
                    CVE-2021-3655 CVE-2021-3715 CVE-2021-3760
                    CVE-2021-3772 CVE-2021-3896 CVE-2021-41864
                    CVE-2021-42008 CVE-2021-42252 CVE-2021-42739
                    CVE-2021-43056
CVSS scores:
                    CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-34866 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Module for Realtime 15-SP3
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has 43 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP3 Real Time kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
     (bsc#1188563).
   - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
     Power8 (bnc#1192107).
   - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
     drivers/isdn/capi/kcapi.c (bsc#1191958).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
     (bsc#1186063).
   - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in
     net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the
     DOI definitions is mishandled (bsc#1186109).
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation
     Vulnerability (bsc#1191645).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
     (bnc#1190479).
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access
     (bsc#1191315).

   The following non-security bugs were fixed:

   - ACPI: NFIT: Use fallback node id when numa info in NFIT table is
     incorrect (git-fixes).
   - ACPI: bgrt: Fix CFI violation (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
     (git-fixes).
   - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
   - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
   - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
     (git-fixes).
   - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560
     laptop (git-fixes).
   - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo
     13s Gen2 (git-fixes).
   - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
     (git-fixes).
   - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i
     15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).
   - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
   - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors
     (bsc#1190801).
   - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
     (git-fixes).
   - ALSA: seq: Fix a potential UAF by wrong private_free call order
     (git-fixes).
   - ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
   - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
   - ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
   - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
     (git-fixes).
   - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).
   - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for
     the matching in-/output (git-fixes).
   - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).
   - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types
     (git-fixes).
   - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types
     (git-fixes).
   - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
     (git-fixes).
   - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).
   - ASoC: dapm: use component prefix when checking widget names (git-fixes).
   - ASoC: fsl_spdif: register platform component before registering cpu dai
     (git-fixes).
   - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
   - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
   - Configure mpi3mr as currently unsupported (jsc#SLE-18120)
   - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
     (git-fixes).
   - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
   - HID: u2fzero: ignore incomplete packets without data (git-fixes).
   - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
   - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
     (git-fixes).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - Input: snvs_pwrkey - add clk handling (git-fixes).
   - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
   - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
     SPRs are live (bsc#1156395).
   - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
     (bsc#1156395).
   - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936
     git-fixes).
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
     registers (bsc#1156395).
   - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
   - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
   - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
     (git-fixes).
   - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
     (git-fixes).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
   - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
   - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails
     (git-fixes).
   - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent
     (git-fixes).
   - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
   - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
   - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147).
   - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
     (bsc#1181147).
   - USB: cdc-acm: clean up probe error labels (git-fixes).
   - USB: cdc-acm: fix minor-number release (git-fixes).
   - USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
   - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
   - USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
   - USB: serial: qcserial: add EM9191 QDL support (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - ata: ahci_platform: fix null-ptr-deref in
     ahci_platform_enable_regulators() (git-fixes).
   - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
     (git-fixes).
   - audit: fix possible null-pointer dereference in audit_filter_rules
     (git-fixes).
   - bfq: Remove merged request already in bfq_requests_merged()
     (bsc#1191456).
   - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
     (bsc#1191452).
   - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
   - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem()
     (jsc#SLE-16649).
   - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
     (git-fixes).
   - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
   - bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
   - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
   - can: dev: can_restart: fix use after free bug (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: fix use after free bugs (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
     error path (git-fixes).
   - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
   - cb710: avoid NULL pointer subtraction (git-fixes).
   - ceph: fix handling of "meta" errors (bsc#1192041).
   - ceph: skip existing superblocks that are blocklisted or shut down when
     mounting (bsc#1192040).
   - cfg80211: correct bridge/4addr mode check (git-fixes).
   - cfg80211: fix management registrations locking (git-fixes).
   - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
   - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614
     bsc#1176914 ltc#186394 git-fixes).
   - drm/amd/display: Pass PCI deviceid into DC (git-fixes).
   - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
   - drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
   - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read
     (git-fixes).
   - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: 	*
     context changes in intel_timeline_fini()
   - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
   - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
     (git-fixes).
   - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes).
   - drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
   - drm/nouveau/debugfs: fix file release memory leak (git-fixes).
   - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
   - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows
     (git-fixes).
   - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
   - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
   - drm/panfrost: Make sure MMU context lifetime is not bound to
     (bsc#1152472)
   - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
   - e1000e: Drop patch to avoid regressions until real fix is available
     (bsc#1191663).
   - e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - e100: handle eeprom as little endian (git-fixes).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - ext4: report correct st_size for encrypted symlinks (bsc#1191449).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - fscrypt: add fscrypt_symlink_getattr() for computing st_size
     (bsc#1191449).
   - gpio: pca953x: Improve bias setting (git-fixes).
   - hso: fix bailout in error case of probe (git-fixes).
   - i2c: acpi: fix resource leak in reconfiguration device addition
     (git-fixes).
   - ice: fix getting UDP tunnel entry (jsc#SLE-12878).
   - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
     (git-fixes).
   - iio: adc: aspeed: set driver data when adc probe (git-fixes).
   - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
   - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
   - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
   - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
     (git-fixes).
   - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
   - isdn: mISDN: Fix sleeping function called from invalid context
     (git-fixes).
   - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15
     (git-fixes).
   - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
   - kABI workaround for HD-audio probe retry changes (bsc#1190801).
   - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes).
   - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
   - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167
     bsc#1191240 ltc#194716).
   - kernel-binary.spec: Do not sign kernel when no key provided
     (bsc#1187167).
   - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
     well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating
     (bsc#1189841).")
   - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
   - lan78xx: select CRC32 (git-fixes).
   - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
     (git-fixes).
   - mac80211: Drop frames from invalid MAC address in ad-hoc mode
     (git-fixes).
   - mac80211: check return value of rhashtable_init (git-fixes).
   - mei: me: add Ice Lake-N device id (git-fixes).
   - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
   - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
     (git-fixes).
   - mmc: vub300: fix control-message timeouts (git-fixes).
   - net/mlx5: E-Switch, Fix double allocation of acl flow counter
     (jsc#SLE-15172).
   - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
   - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and
     LRO combined (jsc#SLE-15172).
   - net/sched: ets: fix crash when flipping from 'strict' to 'quantum'
     (bsc#1176774).
   - net: batman-adv: fix error handling (git-fixes).
   - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
     (git-fixes).
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - net: hns3: check queue id range before using (jsc#SLE-14777).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
     (git-fixes).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: lan78xx: fix division by zero in send path (git-fixes).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
     bsc#1191800).
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
     (git-fixes).
   - netfilter: Drop fragmented ndisc packets assembled in netfilter
     (git-fixes).
   - netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
   - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has
     garbage value (bsc#1176447).
   - nfc: fix error handling of nfc_proto_register() (git-fixes).
   - nfc: port100: fix using -ERRNO as command type mask (git-fixes).
   - nvme-fc: avoid race between time out and tear down (bsc#1185762).
   - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
   - nvme-fc: update hardware queues before using them (bsc#1185762).
   - nvme-pci: Fix abort command id (git-fixes).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme: add command id quirk for apple controllers (git-fixes).
   - ocfs2: fix data corruption after conversion from inline format
     (bsc#1190795).
   - pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
     (git-fixes).
   - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes
     (git-fixes).
   - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
     run_smbios_call (git-fixes).
   - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes).
   - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847
     git-fixes).
   - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash
     (jsc#SLE-13847 git-fixes).
   - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time()
     (jsc#SLE-9246 git-fixes).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable
     code in tests (jsc#SLE-13847 git-fixes).
   - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static
     (jsc#SLE-13847 git-fixes).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
     git-fixes).
   - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100
     ltc#190257 git-fixes).
   - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2
     (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847
     git-fixes).
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe,
     code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
   - powerpc: Do not use 'struct ppc_inst' to reference instruction location
     (jsc#SLE-13847 git-fixes).
   - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100
     ltc#190257 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
     (git-fixes).
   - ptp_pch: Load module automatically if ID matches (git-fixes).
   - ptp_pch: Restore dependency on PCI (git-fixes).
   - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
   - rpm: fix kmp install path
   - rpm: use _rpmmacrodir (boo#1191384)
   - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867
     ltc#194757).
   - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim
     (git-fixes).
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
     (bsc#1192145).
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
     (bsc#1192145).
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
     (bsc#1191349).
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
   - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120).
   - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
   - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
   - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for device add/remove event handling
     (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for timestamp sync with firmware
     (jsc#SLE-18120).
   - scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
   - scsi: mpi3mr: Allow certain commands during pci-remove hook
     (jsc#SLE-18120).
   - scsi: mpi3mr: Base driver code (jsc#SLE-18120).
   - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
   - scsi: mpi3mr: Create operational request and reply queue pair
     (jsc#SLE-18120).
   - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes).
   - scsi: mpi3mr: Fix missing unlock on error (git-fixes).
   - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives
     (jsc#SLE-18120).
   - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120).
   - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
   - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120).
   - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
   - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (jsc#SLE-18120).
   - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI
     (jsc#SLE-18120).
   - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O
     timeout (jsc#SLE-18120).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
     (bsc#1190941).
   - scsi: qla2xxx: Check for firmware capability before creating QPair
     (bsc#1190941).
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
     (bsc#1190941).
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
     (bsc#1190941).
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
     (bsc#1190941).
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
     (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
     (bsc#1190941).
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
     (bsc#1190941).
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190941).
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
     (bsc#1190941).
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - scsi: target: Fix the pgr/alua_support_store functions (git-fixes).
   - sctp: check asoc peer.asconf_capable before processing asconf
     (bsc#1190351).
   - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
   - spi: spi-nxp-fspi: do not depend on a specific node name erratum
     workaround (git-fixes).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
     (bsc#1065729).
   - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes).
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: hso: remove the bailout parameter (git-fixes).
   - usb: musb: dsps: Fix the probe error path (git-fixes).
   - video: fbdev: gbefb: Only instantiate device when built for IP32
     (git-fixes).
   - virtio: write back F_VERSION_1 before validate (git-fixes).
   - watchdog: orion: use 0 for unset heartbeat (git-fixes).
   - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
     (bsc#1152489).
   - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0]
     (bsc#1178134).
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: ensure that the inode uid/gid match values match the icdinode ones
     (bsc#1190006).
   - xfs: fix I_DONTCACHE (bsc#1192074).
   - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
     (bsc#1190642).
   - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
   - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
   - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
     (git-fixes).
   - xhci: Fix command ring pointer corruption while aborting a command
     (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3642=1

   - SUSE Linux Enterprise Module for Realtime 15-SP3:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2021-3642=1



Package List:

   - SUSE MicroOS 5.1 (x86_64):

      kernel-rt-5.3.18-60.1
      kernel-rt-debuginfo-5.3.18-60.1
      kernel-rt-debugsource-5.3.18-60.1

   - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64):

      cluster-md-kmp-rt-5.3.18-60.1
      cluster-md-kmp-rt-debuginfo-5.3.18-60.1
      dlm-kmp-rt-5.3.18-60.1
      dlm-kmp-rt-debuginfo-5.3.18-60.1
      gfs2-kmp-rt-5.3.18-60.1
      gfs2-kmp-rt-debuginfo-5.3.18-60.1
      kernel-rt-5.3.18-60.1
      kernel-rt-debuginfo-5.3.18-60.1
      kernel-rt-debugsource-5.3.18-60.1
      kernel-rt-devel-5.3.18-60.1
      kernel-rt-devel-debuginfo-5.3.18-60.1
      kernel-rt_debug-debuginfo-5.3.18-60.1
      kernel-rt_debug-debugsource-5.3.18-60.1
      kernel-rt_debug-devel-5.3.18-60.1
      kernel-rt_debug-devel-debuginfo-5.3.18-60.1
      kernel-syms-rt-5.3.18-60.1
      ocfs2-kmp-rt-5.3.18-60.1
      ocfs2-kmp-rt-debuginfo-5.3.18-60.1

   - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch):

      kernel-devel-rt-5.3.18-60.1
      kernel-source-rt-5.3.18-60.1


References:

   https://www.suse.com/security/cve/CVE-2021-33033.html
   https://www.suse.com/security/cve/CVE-2021-34866.html
   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3715.html
   https://www.suse.com/security/cve/CVE-2021-3760.html
   https://www.suse.com/security/cve/CVE-2021-3772.html
   https://www.suse.com/security/cve/CVE-2021-3896.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42252.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://www.suse.com/security/cve/CVE-2021-43056.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1152472
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1172073
   https://bugzilla.suse.com/1173604
   https://bugzilla.suse.com/1176447
   https://bugzilla.suse.com/1176774
   https://bugzilla.suse.com/1176914
   https://bugzilla.suse.com/1178134
   https://bugzilla.suse.com/1180100
   https://bugzilla.suse.com/1181147
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1185762
   https://bugzilla.suse.com/1186063
   https://bugzilla.suse.com/1186109
   https://bugzilla.suse.com/1187167
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1189841
   https://bugzilla.suse.com/1190006
   https://bugzilla.suse.com/1190067
   https://bugzilla.suse.com/1190349
   https://bugzilla.suse.com/1190351
   https://bugzilla.suse.com/1190479
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190642
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1190801
   https://bugzilla.suse.com/1190941
   https://bugzilla.suse.com/1191229
   https://bugzilla.suse.com/1191240
   https://bugzilla.suse.com/1191241
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191317
   https://bugzilla.suse.com/1191349
   https://bugzilla.suse.com/1191384
   https://bugzilla.suse.com/1191449
   https://bugzilla.suse.com/1191450
   https://bugzilla.suse.com/1191451
   https://bugzilla.suse.com/1191452
   https://bugzilla.suse.com/1191455
   https://bugzilla.suse.com/1191456
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191645
   https://bugzilla.suse.com/1191663
   https://bugzilla.suse.com/1191731
   https://bugzilla.suse.com/1191800
   https://bugzilla.suse.com/1191867
   https://bugzilla.suse.com/1191934
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1192040
   https://bugzilla.suse.com/1192041
   https://bugzilla.suse.com/1192074
   https://bugzilla.suse.com/1192107
   https://bugzilla.suse.com/1192145


From sle-updates at lists.suse.com  Tue Nov  9 20:23:08 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 21:23:08 +0100 (CET)
Subject: SUSE-SU-2021:3641-1: important: Security update for the Linux Kernel
Message-ID: <20211109202308.27BECFBAC@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3641-1
Rating:             important
References:         #1065729 #1085030 #1152472 #1152489 #1156395 
                    #1172073 #1173604 #1176447 #1176774 #1176914 
                    #1178134 #1180100 #1181147 #1184673 #1185762 
                    #1186063 #1186109 #1187167 #1188563 #1189841 
                    #1190006 #1190067 #1190349 #1190351 #1190479 
                    #1190620 #1190642 #1190795 #1190801 #1190941 
                    #1191229 #1191240 #1191241 #1191315 #1191317 
                    #1191349 #1191384 #1191449 #1191450 #1191451 
                    #1191452 #1191455 #1191456 #1191628 #1191645 
                    #1191663 #1191731 #1191800 #1191867 #1191934 
                    #1191958 #1192040 #1192041 #1192074 #1192107 
                    #1192145 
Cross-References:   CVE-2021-33033 CVE-2021-34866 CVE-2021-3542
                    CVE-2021-3655 CVE-2021-3715 CVE-2021-3760
                    CVE-2021-3772 CVE-2021-3896 CVE-2021-41864
                    CVE-2021-42008 CVE-2021-42252 CVE-2021-42739
                    CVE-2021-43056
CVSS scores:
                    CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-34866 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 15-SP3
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has 43 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
     (bsc#1188563).
   - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
     Power8 (bnc#1192107).
   - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
     drivers/isdn/capi/kcapi.c (bsc#1191958).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
     (bsc#1186063).
   - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in
     net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the
     DOI definitions is mishandled (bsc#1186109).
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation
     Vulnerability (bsc#1191645).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
     (bnc#1190479).
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access
     (bsc#1191315).

   The following non-security bugs were fixed:

   - ACPI: NFIT: Use fallback node id when numa info in NFIT table is
     incorrect (git-fixes).
   - ACPI: bgrt: Fix CFI violation (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
     (git-fixes).
   - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
   - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
   - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
     (git-fixes).
   - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560
     laptop (git-fixes).
   - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo
     13s Gen2 (git-fixes).
   - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
     (git-fixes).
   - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i
     15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).
   - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
   - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors
     (bsc#1190801).
   - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
     (git-fixes).
   - ALSA: seq: Fix a potential UAF by wrong private_free call order
     (git-fixes).
   - ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
   - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
   - ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
   - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
     (git-fixes).
   - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).
   - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for
     the matching in-/output (git-fixes).
   - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).
   - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types
     (git-fixes).
   - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types
     (git-fixes).
   - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
     (git-fixes).
   - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).
   - ASoC: dapm: use component prefix when checking widget names (git-fixes).
   - ASoC: fsl_spdif: register platform component before registering cpu dai
     (git-fixes).
   - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
   - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
   - Configure mpi3mr as currently unsupported (jsc#SLE-18120)
   - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
     (git-fixes).
   - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
   - HID: u2fzero: ignore incomplete packets without data (git-fixes).
   - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
   - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
     (git-fixes).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - Input: snvs_pwrkey - add clk handling (git-fixes).
   - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
   - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
     SPRs are live (bsc#1156395).
   - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
     (bsc#1156395).
   - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936
     git-fixes).
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
     registers (bsc#1156395).
   - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
   - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
   - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
     (git-fixes).
   - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
     (git-fixes).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
   - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
   - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails
     (git-fixes).
   - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent
     (git-fixes).
   - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
   - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
   - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147).
   - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
     (bsc#1181147).
   - USB: cdc-acm: clean up probe error labels (git-fixes).
   - USB: cdc-acm: fix minor-number release (git-fixes).
   - USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
   - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
   - USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
   - USB: serial: qcserial: add EM9191 QDL support (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - ata: ahci_platform: fix null-ptr-deref in
     ahci_platform_enable_regulators() (git-fixes).
   - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
     (git-fixes).
   - audit: fix possible null-pointer dereference in audit_filter_rules
     (git-fixes).
   - bfq: Remove merged request already in bfq_requests_merged()
     (bsc#1191456).
   - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
     (bsc#1191452).
   - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
   - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem()
     (jsc#SLE-16649).
   - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
     (git-fixes).
   - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
   - bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
   - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
   - can: dev: can_restart: fix use after free bug (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: fix use after free bugs (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
     error path (git-fixes).
   - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
   - cb710: avoid NULL pointer subtraction (git-fixes).
   - ceph: fix handling of "meta" errors (bsc#1192041).
   - ceph: skip existing superblocks that are blocklisted or shut down when
     mounting (bsc#1192040).
   - cfg80211: correct bridge/4addr mode check (git-fixes).
   - cfg80211: fix management registrations locking (git-fixes).
   - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
   - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614
     bsc#1176914 ltc#186394 git-fixes).
   - drm/amd/display: Pass PCI deviceid into DC (git-fixes).
   - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
   - drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
   - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read
     (git-fixes).
   - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: 	*
     context changes in intel_timeline_fini()
   - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
   - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
     (git-fixes).
   - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes).
   - drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
   - drm/nouveau/debugfs: fix file release memory leak (git-fixes).
   - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
   - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows
     (git-fixes).
   - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
   - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
   - drm/panfrost: Make sure MMU context lifetime is not bound to
     (bsc#1152472)
   - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
   - e1000e: Drop patch to avoid regressions until real fix is available
     (bsc#1191663).
   - e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - e100: handle eeprom as little endian (git-fixes).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - ext4: report correct st_size for encrypted symlinks (bsc#1191449).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - fscrypt: add fscrypt_symlink_getattr() for computing st_size
     (bsc#1191449).
   - gpio: pca953x: Improve bias setting (git-fixes).
   - hso: fix bailout in error case of probe (git-fixes).
   - i2c: acpi: fix resource leak in reconfiguration device addition
     (git-fixes).
   - ice: fix getting UDP tunnel entry (jsc#SLE-12878).
   - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
     (git-fixes).
   - iio: adc: aspeed: set driver data when adc probe (git-fixes).
   - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
   - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
   - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
   - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
     (git-fixes).
   - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
   - isdn: mISDN: Fix sleeping function called from invalid context
     (git-fixes).
   - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15
     (git-fixes).
   - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
   - kABI workaround for HD-audio probe retry changes (bsc#1190801).
   - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes).
   - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
   - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167
     bsc#1191240 ltc#194716).
   - kernel-binary.spec: Do not sign kernel when no key provided
     (bsc#1187167).
   - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
     well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating
     (bsc#1189841).")
   - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
   - lan78xx: select CRC32 (git-fixes).
   - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
     (git-fixes).
   - mac80211: Drop frames from invalid MAC address in ad-hoc mode
     (git-fixes).
   - mac80211: check return value of rhashtable_init (git-fixes).
   - mei: me: add Ice Lake-N device id (git-fixes).
   - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
   - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
     (git-fixes).
   - mmc: vub300: fix control-message timeouts (git-fixes).
   - net/mlx5: E-Switch, Fix double allocation of acl flow counter
     (jsc#SLE-15172).
   - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
   - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and
     LRO combined (jsc#SLE-15172).
   - net/sched: ets: fix crash when flipping from 'strict' to 'quantum'
     (bsc#1176774).
   - net: batman-adv: fix error handling (git-fixes).
   - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
     (git-fixes).
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - net: hns3: check queue id range before using (jsc#SLE-14777).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
     (git-fixes).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: lan78xx: fix division by zero in send path (git-fixes).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
     bsc#1191800).
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
     (git-fixes).
   - netfilter: Drop fragmented ndisc packets assembled in netfilter
     (git-fixes).
   - netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
   - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has
     garbage value (bsc#1176447).
   - nfc: fix error handling of nfc_proto_register() (git-fixes).
   - nfc: port100: fix using -ERRNO as command type mask (git-fixes).
   - nvme-fc: avoid race between time out and tear down (bsc#1185762).
   - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
   - nvme-fc: update hardware queues before using them (bsc#1185762).
   - nvme-pci: Fix abort command id (git-fixes).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme: add command id quirk for apple controllers (git-fixes).
   - ocfs2: fix data corruption after conversion from inline format
     (bsc#1190795).
   - pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
     (git-fixes).
   - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes
     (git-fixes).
   - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
     run_smbios_call (git-fixes).
   - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes).
   - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847
     git-fixes).
   - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash
     (jsc#SLE-13847 git-fixes).
   - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time()
     (jsc#SLE-9246 git-fixes).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable
     code in tests (jsc#SLE-13847 git-fixes).
   - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static
     (jsc#SLE-13847 git-fixes).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
     git-fixes).
   - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100
     ltc#190257 git-fixes).
   - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2
     (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847
     git-fixes).
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe,
     code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
   - powerpc: Do not use 'struct ppc_inst' to reference instruction location
     (jsc#SLE-13847 git-fixes).
   - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100
     ltc#190257 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
     (git-fixes).
   - ptp_pch: Load module automatically if ID matches (git-fixes).
   - ptp_pch: Restore dependency on PCI (git-fixes).
   - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
   - rpm: fix kmp install path
   - rpm: use _rpmmacrodir (boo#1191384)
   - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867
     ltc#194757).
   - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim
     (git-fixes).
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
     (bsc#1192145).
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
     (bsc#1192145).
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
     (bsc#1191349).
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
   - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120).
   - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
   - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
   - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for device add/remove event handling
     (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for timestamp sync with firmware
     (jsc#SLE-18120).
   - scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
   - scsi: mpi3mr: Allow certain commands during pci-remove hook
     (jsc#SLE-18120).
   - scsi: mpi3mr: Base driver code (jsc#SLE-18120).
   - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
   - scsi: mpi3mr: Create operational request and reply queue pair
     (jsc#SLE-18120).
   - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes).
   - scsi: mpi3mr: Fix missing unlock on error (git-fixes).
   - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives
     (jsc#SLE-18120).
   - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120).
   - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
   - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120).
   - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
   - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (jsc#SLE-18120).
   - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI
     (jsc#SLE-18120).
   - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O
     timeout (jsc#SLE-18120).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
     (bsc#1190941).
   - scsi: qla2xxx: Check for firmware capability before creating QPair
     (bsc#1190941).
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
     (bsc#1190941).
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
     (bsc#1190941).
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
     (bsc#1190941).
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
     (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
     (bsc#1190941).
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
     (bsc#1190941).
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190941).
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
     (bsc#1190941).
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - scsi: target: Fix the pgr/alua_support_store functions (git-fixes).
   - sctp: check asoc peer.asconf_capable before processing asconf
     (bsc#1190351).
   - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
   - spi: spi-nxp-fspi: do not depend on a specific node name erratum
     workaround (git-fixes).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
     (bsc#1065729).
   - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes).
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: hso: remove the bailout parameter (git-fixes).
   - usb: musb: dsps: Fix the probe error path (git-fixes).
   - video: fbdev: gbefb: Only instantiate device when built for IP32
     (git-fixes).
   - virtio: write back F_VERSION_1 before validate (git-fixes).
   - watchdog: orion: use 0 for unset heartbeat (git-fixes).
   - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
     (bsc#1152489).
   - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0]
     (bsc#1178134).
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: ensure that the inode uid/gid match values match the icdinode ones
     (bsc#1190006).
   - xfs: fix I_DONTCACHE (bsc#1192074).
   - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
     (bsc#1190642).
   - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
   - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
   - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
     (git-fixes).
   - xhci: Fix command ring pointer corruption while aborting a command
     (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-3641=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):

      kernel-devel-azure-5.3.18-38.28.2
      kernel-source-azure-5.3.18-38.28.2

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):

      kernel-azure-5.3.18-38.28.2
      kernel-azure-debuginfo-5.3.18-38.28.2
      kernel-azure-debugsource-5.3.18-38.28.2
      kernel-azure-devel-5.3.18-38.28.2
      kernel-azure-devel-debuginfo-5.3.18-38.28.2
      kernel-syms-azure-5.3.18-38.28.1


References:

   https://www.suse.com/security/cve/CVE-2021-33033.html
   https://www.suse.com/security/cve/CVE-2021-34866.html
   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3715.html
   https://www.suse.com/security/cve/CVE-2021-3760.html
   https://www.suse.com/security/cve/CVE-2021-3772.html
   https://www.suse.com/security/cve/CVE-2021-3896.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42252.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://www.suse.com/security/cve/CVE-2021-43056.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1152472
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1172073
   https://bugzilla.suse.com/1173604
   https://bugzilla.suse.com/1176447
   https://bugzilla.suse.com/1176774
   https://bugzilla.suse.com/1176914
   https://bugzilla.suse.com/1178134
   https://bugzilla.suse.com/1180100
   https://bugzilla.suse.com/1181147
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1185762
   https://bugzilla.suse.com/1186063
   https://bugzilla.suse.com/1186109
   https://bugzilla.suse.com/1187167
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1189841
   https://bugzilla.suse.com/1190006
   https://bugzilla.suse.com/1190067
   https://bugzilla.suse.com/1190349
   https://bugzilla.suse.com/1190351
   https://bugzilla.suse.com/1190479
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190642
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1190801
   https://bugzilla.suse.com/1190941
   https://bugzilla.suse.com/1191229
   https://bugzilla.suse.com/1191240
   https://bugzilla.suse.com/1191241
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191317
   https://bugzilla.suse.com/1191349
   https://bugzilla.suse.com/1191384
   https://bugzilla.suse.com/1191449
   https://bugzilla.suse.com/1191450
   https://bugzilla.suse.com/1191451
   https://bugzilla.suse.com/1191452
   https://bugzilla.suse.com/1191455
   https://bugzilla.suse.com/1191456
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191645
   https://bugzilla.suse.com/1191663
   https://bugzilla.suse.com/1191731
   https://bugzilla.suse.com/1191800
   https://bugzilla.suse.com/1191867
   https://bugzilla.suse.com/1191934
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1192040
   https://bugzilla.suse.com/1192041
   https://bugzilla.suse.com/1192074
   https://bugzilla.suse.com/1192107
   https://bugzilla.suse.com/1192145


From sle-updates at lists.suse.com  Tue Nov  9 20:35:50 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue,  9 Nov 2021 21:35:50 +0100 (CET)
Subject: SUSE-SU-2021:3640-1: important: Security update for the Linux Kernel
Message-ID: <20211109203550.22594FBAC@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3640-1
Rating:             important
References:         #1065729 #1085030 #1133021 #1152489 #1154353 
                    #1156395 #1157177 #1167773 #1172073 #1173604 
                    #1176940 #1184673 #1185762 #1186063 #1187167 
                    #1188563 #1189841 #1190006 #1190067 #1190349 
                    #1190351 #1190479 #1190620 #1190642 #1190795 
                    #1190941 #1191229 #1191241 #1191315 #1191317 
                    #1191384 #1191449 #1191450 #1191451 #1191452 
                    #1191455 #1191456 #1191628 #1191731 #1191800 
                    #1191934 #1191958 #1192040 #1192041 #1192107 
                    #1192145 
Cross-References:   CVE-2021-3542 CVE-2021-3655 CVE-2021-3715
                    CVE-2021-3760 CVE-2021-3772 CVE-2021-3896
                    CVE-2021-41864 CVE-2021-42008 CVE-2021-42252
                    CVE-2021-42739 CVE-2021-43056
CVSS scores:
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 15-SP2
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 35 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
     (bsc#1188563).
   - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
     Power8 (bnc#1192107).
   - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
     drivers/isdn/capi/kcapi.c (bsc#1191958).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
     (bsc#1186063).
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
     (bnc#1190479).
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access
     (bsc#1191315).

   The following non-security bugs were fixed:

   - ACPI: bgrt: Fix CFI violation (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
   - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
     (git-fixes).
   - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
     (git-fixes).
   - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
   - ALSA: seq: Fix a potential UAF by wrong private_free call order
     (git-fixes).
   - ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
   - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
   - ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
   - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
   - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
   - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
     (git-fixes).
   - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
   - HID: u2fzero: ignore incomplete packets without data (git-fixes).
   - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
   - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
     (git-fixes).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - Input: snvs_pwrkey - add clk handling (git-fixes).
   - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
   - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
     SPRs are live (bsc#1156395).
   - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
     (bsc#1156395).
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
     registers (bsc#1156395).
   - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
   - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
   - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
   - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021).
   - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer
     (bsc#1133021).
   - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
   - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
     (git-fixes).
   - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
     (git-fixes).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
   - USB: cdc-acm: clean up probe error labels (git-fixes).
   - USB: cdc-acm: fix minor-number release (git-fixes).
   - USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
   - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
   - USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
   - USB: serial: qcserial: add EM9191 QDL support (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - ata: ahci_platform: fix null-ptr-deref in
     ahci_platform_enable_regulators() (git-fixes).
   - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
     (git-fixes).
   - audit: fix possible null-pointer dereference in audit_filter_rules
     (git-fixes).
   - bfq: Remove merged request already in bfq_requests_merged()
     (bsc#1191456).
   - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
     (bsc#1191452).
   - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
   - bnxt_en: Fix TX timeout when TX ring size is set to the smallest
     (git-fixes).
   - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
     (git-fixes).
   - bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
   - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
   - can: dev: can_restart: fix use after free bug (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: fix use after free bugs (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
     error path (git-fixes).
   - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
   - cb710: avoid NULL pointer subtraction (git-fixes).
   - ceph: fix handling of "meta" errors (bsc#1192041).
   - ceph: skip existing superblocks that are blocklisted or shut down when
     mounting (bsc#1192040).
   - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
   - drm/amd/display: Pass PCI deviceid into DC (git-fixes).
   - drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
   - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
   - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
     (git-fixes).
   - drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
   - drm/nouveau/debugfs: fix file release memory leak (git-fixes).
   - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
   - e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - e100: handle eeprom as little endian (git-fixes).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - ext4: report correct st_size for encrypted symlinks (bsc#1191449).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - fscrypt: add fscrypt_symlink_getattr() for computing st_size
     (bsc#1191449).
   - gpio: pca953x: Improve bias setting (git-fixes).
   - gve: Avoid freeing NULL pointer (git-fixes).
   - gve: Correct available tx qpl check (git-fixes).
   - gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
   - gve: fix gve_get_stats() (git-fixes).
   - gve: report 64bit tx_bytes counter from gve_handle_report_stats()
     (bsc#1176940).
   - hso: fix bailout in error case of probe (git-fixes).
   - i2c: acpi: fix resource leak in reconfiguration device addition
     (git-fixes).
   - i40e: Fix ATR queue selection (git-fixes).
   - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
   - i40e: fix endless loop under rtnl (git-fixes).
   - iavf: fix double unlock of crit_lock (git-fixes).
   - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
   - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
     (git-fixes).
   - iio: adc: aspeed: set driver data when adc probe (git-fixes).
   - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
   - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
   - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
   - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
     (git-fixes).
   - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
   - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
   - isdn: mISDN: Fix sleeping function called from invalid context
     (git-fixes).
   - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
   - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
   - kernel-binary.spec: Do not sign kernel when no key provided
     (bsc#1187167).
   - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
     well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating
     (bsc#1189841).")
   - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
   - lan78xx: select CRC32 (git-fixes).
   - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
     (git-fixes).
   - mac80211: Drop frames from invalid MAC address in ad-hoc mode
     (git-fixes).
   - mac80211: check return value of rhashtable_init (git-fixes).
   - mei: me: add Ice Lake-N device id (git-fixes).
   - mlx5: count all link events (git-fixes).
   - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
   - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
   - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
     (git-fixes).
   - mmc: vub300: fix control-message timeouts (git-fixes).
   - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
   - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
   - net/mlx4_en: Resolve bad operstate value (git-fixes).
   - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
   - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
   - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
   - net: batman-adv: fix error handling (git-fixes).
   - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
     (git-fixes).
   - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
     (git-fixes).
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
     (git-fixes).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: lan78xx: fix division by zero in send path (git-fixes).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
     bsc#1191800).
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
     (git-fixes).
   - netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
   - nfc: fix error handling of nfc_proto_register() (git-fixes).
   - nfc: port100: fix using -ERRNO as command type mask (git-fixes).
   - nvme-fc: avoid race between time out and tear down (bsc#1185762).
   - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
   - nvme-fc: update hardware queues before using them (bsc#1185762).
   - nvme-pci: Fix abort command id (git-fixes).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme: add command id quirk for apple controllers (git-fixes).
   - ocfs2: fix data corruption after conversion from inline format
     (bsc#1190795).
   - pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
     (git-fixes).
   - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
     run_smbios_call (git-fixes).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
     git-fixes).
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
     (git-fixes).
   - ptp_pch: Load module automatically if ID matches (git-fixes).
   - ptp_pch: Restore dependency on PCI (git-fixes).
   - qed: Fix missing error code in qed_slowpath_start() (git-fixes).
   - qed: Handle management FW error (git-fixes).
   - qed: rdma - do not wait for resources under hw error recovery flow
     (git-fixes).
   - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
   - rpm: fix kmp install path
   - rpm: use _rpmmacrodir (boo#1191384)
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
     (bsc#1192145).
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
     (bsc#1192145).
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
     (bsc#1191349).
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
     (bsc#1190941).
   - scsi: qla2xxx: Check for firmware capability before creating QPair
     (bsc#1190941).
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
     (bsc#1190941).
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
     (bsc#1190941).
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
     (bsc#1190941).
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
     (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
     (bsc#1190941).
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
     (bsc#1190941).
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190941).
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
     (bsc#1190941).
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - sctp: check asoc peer.asconf_capable before processing asconf
     (bsc#1190351).
   - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
   - spi: spi-nxp-fspi: do not depend on a specific node name erratum
     workaround (git-fixes).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
     (bsc#1065729).
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: hso: remove the bailout parameter (git-fixes).
   - usb: musb: dsps: Fix the probe error path (git-fixes).
   - video: fbdev: gbefb: Only instantiate device when built for IP32
     (git-fixes).
   - virtio: write back F_VERSION_1 before validate (git-fixes).
   - watchdog: orion: use 0 for unset heartbeat (git-fixes).
   - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
   - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
     (bsc#1152489).
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
     (bsc#1152489).
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: ensure that the inode uid/gid match values match the icdinode ones
     (bsc#1190006).
   - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
     (bsc#1190642).
   - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
   - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
   - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
     (git-fixes).
   - xhci: Fix command ring pointer corruption while aborting a command
     (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-3640=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64):

      kernel-azure-5.3.18-18.72.2
      kernel-azure-debuginfo-5.3.18-18.72.2
      kernel-azure-debugsource-5.3.18-18.72.2
      kernel-azure-devel-5.3.18-18.72.2
      kernel-azure-devel-debuginfo-5.3.18-18.72.2
      kernel-syms-azure-5.3.18-18.72.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):

      kernel-devel-azure-5.3.18-18.72.2
      kernel-source-azure-5.3.18-18.72.2


References:

   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3715.html
   https://www.suse.com/security/cve/CVE-2021-3760.html
   https://www.suse.com/security/cve/CVE-2021-3772.html
   https://www.suse.com/security/cve/CVE-2021-3896.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42252.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://www.suse.com/security/cve/CVE-2021-43056.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1133021
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1157177
   https://bugzilla.suse.com/1167773
   https://bugzilla.suse.com/1172073
   https://bugzilla.suse.com/1173604
   https://bugzilla.suse.com/1176940
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1185762
   https://bugzilla.suse.com/1186063
   https://bugzilla.suse.com/1187167
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1189841
   https://bugzilla.suse.com/1190006
   https://bugzilla.suse.com/1190067
   https://bugzilla.suse.com/1190349
   https://bugzilla.suse.com/1190351
   https://bugzilla.suse.com/1190479
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190642
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1190941
   https://bugzilla.suse.com/1191229
   https://bugzilla.suse.com/1191241
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191317
   https://bugzilla.suse.com/1191384
   https://bugzilla.suse.com/1191449
   https://bugzilla.suse.com/1191450
   https://bugzilla.suse.com/1191451
   https://bugzilla.suse.com/1191452
   https://bugzilla.suse.com/1191455
   https://bugzilla.suse.com/1191456
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191731
   https://bugzilla.suse.com/1191800
   https://bugzilla.suse.com/1191934
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1192040
   https://bugzilla.suse.com/1192041
   https://bugzilla.suse.com/1192107
   https://bugzilla.suse.com/1192145


From sle-updates at lists.suse.com  Tue Nov  9 23:18:26 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 00:18:26 +0100 (CET)
Subject: SUSE-SU-2021:3643-1: moderate: Security update for binutils
Message-ID: <20211109231826.A4AEBFBAC@maintenance.suse.de>


   SUSE Security Update: Security update for binutils
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3643-1
Rating:             moderate
References:         #1183909 #1184519 #1188941 #1191473 #1192267 
                    
Cross-References:   CVE-2021-20294
CVSS scores:
                    CVE-2021-20294 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-20294 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Development Tools 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that solves one vulnerability and has four fixes
   is now available.

Description:

   This update for binutils fixes the following issues:

   - For compatibility on old code stream that expect 'brcl 0,label' to not
     be disassembled as 'jgnop label' on s390x.  (bsc#1192267) This reverts
     IBM zSeries HLASM support for now.
   - Fixed that ppc64 optflags did not enable LTO (bsc#1188941).
   - Fix empty man-pages from broken release tarball
   - Fixed a memory corruption with rpath option (bsc#1191473).
   - Fixed slow performance of stripping some binaries (bsc#1183909).

   Security issue fixed:

   - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in
     readelf (bnc#1184519)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3643=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3643=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3643=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3643=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3643=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3643=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3643=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3643=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3643=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3643=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3643=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3643=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      binutils-2.37-7.26.1
      binutils-debuginfo-2.37-7.26.1
      binutils-debugsource-2.37-7.26.1
      binutils-devel-2.37-7.26.1
      libctf-nobfd0-2.37-7.26.1
      libctf-nobfd0-debuginfo-2.37-7.26.1
      libctf0-2.37-7.26.1
      libctf0-debuginfo-2.37-7.26.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):

      binutils-devel-32bit-2.37-7.26.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      binutils-2.37-7.26.1
      binutils-debuginfo-2.37-7.26.1
      binutils-debugsource-2.37-7.26.1
      binutils-devel-2.37-7.26.1
      libctf-nobfd0-2.37-7.26.1
      libctf-nobfd0-debuginfo-2.37-7.26.1
      libctf0-2.37-7.26.1
      libctf0-debuginfo-2.37-7.26.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):

      binutils-devel-32bit-2.37-7.26.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      binutils-2.37-7.26.1
      binutils-debuginfo-2.37-7.26.1
      binutils-debugsource-2.37-7.26.1
      binutils-devel-2.37-7.26.1
      binutils-devel-32bit-2.37-7.26.1
      libctf-nobfd0-2.37-7.26.1
      libctf-nobfd0-debuginfo-2.37-7.26.1
      libctf0-2.37-7.26.1
      libctf0-debuginfo-2.37-7.26.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):

      binutils-debuginfo-2.37-7.26.1
      binutils-debugsource-2.37-7.26.1
      binutils-gold-2.37-7.26.1
      binutils-gold-debuginfo-2.37-7.26.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64):

      binutils-debuginfo-2.37-7.26.1
      binutils-debugsource-2.37-7.26.1
      binutils-gold-2.37-7.26.1
      binutils-gold-debuginfo-2.37-7.26.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64):

      binutils-debugsource-2.37-7.26.1
      binutils-devel-32bit-2.37-7.26.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64):

      binutils-debugsource-2.37-7.26.1
      binutils-devel-32bit-2.37-7.26.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      binutils-2.37-7.26.1
      binutils-debuginfo-2.37-7.26.1
      binutils-debugsource-2.37-7.26.1
      binutils-devel-2.37-7.26.1
      libctf-nobfd0-2.37-7.26.1
      libctf-nobfd0-debuginfo-2.37-7.26.1
      libctf0-2.37-7.26.1
      libctf0-debuginfo-2.37-7.26.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      binutils-2.37-7.26.1
      binutils-debuginfo-2.37-7.26.1
      binutils-debugsource-2.37-7.26.1
      binutils-devel-2.37-7.26.1
      libctf-nobfd0-2.37-7.26.1
      libctf-nobfd0-debuginfo-2.37-7.26.1
      libctf0-2.37-7.26.1
      libctf0-debuginfo-2.37-7.26.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      binutils-2.37-7.26.1
      binutils-debuginfo-2.37-7.26.1
      binutils-debugsource-2.37-7.26.1
      binutils-devel-2.37-7.26.1
      libctf-nobfd0-2.37-7.26.1
      libctf-nobfd0-debuginfo-2.37-7.26.1
      libctf0-2.37-7.26.1
      libctf0-debuginfo-2.37-7.26.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):

      binutils-devel-32bit-2.37-7.26.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      binutils-2.37-7.26.1
      binutils-debuginfo-2.37-7.26.1
      binutils-debugsource-2.37-7.26.1
      binutils-devel-2.37-7.26.1
      libctf-nobfd0-2.37-7.26.1
      libctf-nobfd0-debuginfo-2.37-7.26.1
      libctf0-2.37-7.26.1
      libctf0-debuginfo-2.37-7.26.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):

      binutils-devel-32bit-2.37-7.26.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      binutils-2.37-7.26.1
      binutils-debuginfo-2.37-7.26.1
      binutils-debugsource-2.37-7.26.1
      binutils-devel-2.37-7.26.1
      libctf-nobfd0-2.37-7.26.1
      libctf-nobfd0-debuginfo-2.37-7.26.1
      libctf0-2.37-7.26.1
      libctf0-debuginfo-2.37-7.26.1

   - SUSE Enterprise Storage 6 (x86_64):

      binutils-devel-32bit-2.37-7.26.1

   - SUSE CaaS Platform 4.0 (x86_64):

      binutils-2.37-7.26.1
      binutils-debuginfo-2.37-7.26.1
      binutils-debugsource-2.37-7.26.1
      binutils-devel-2.37-7.26.1
      binutils-devel-32bit-2.37-7.26.1
      libctf-nobfd0-2.37-7.26.1
      libctf-nobfd0-debuginfo-2.37-7.26.1
      libctf0-2.37-7.26.1
      libctf0-debuginfo-2.37-7.26.1


References:

   https://www.suse.com/security/cve/CVE-2021-20294.html
   https://bugzilla.suse.com/1183909
   https://bugzilla.suse.com/1184519
   https://bugzilla.suse.com/1188941
   https://bugzilla.suse.com/1191473
   https://bugzilla.suse.com/1192267


From sle-updates at lists.suse.com  Wed Nov 10 08:16:36 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 09:16:36 +0100 (CET)
Subject: SUSE-RU-2021:3644-1: moderate: Recommended update for cockpit
Message-ID: <20211110081636.9983FFBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for cockpit
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3644-1
Rating:             moderate
References:         #1192037 #1192239 
Affected Products:
                    SUSE MicroOS 5.1
______________________________________________________________________________

   An update that has two recommended fixes can now be
   installed.

Description:

   This update for cockpit fixes the following issues:

   - Install the graphic assets for cockpit branding (bsc#1192037)
   - Branding improvements to not use hardcoded product name (bsc#1192239)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3644=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      cockpit-195.12-10.3.1
      cockpit-bridge-195.12-10.3.1
      cockpit-bridge-debuginfo-195.12-10.3.1
      cockpit-debuginfo-195.12-10.3.1
      cockpit-debugsource-195.12-10.3.1
      cockpit-ws-195.12-10.3.1
      cockpit-ws-debuginfo-195.12-10.3.1

   - SUSE MicroOS 5.1 (noarch):

      cockpit-dashboard-195.12-10.3.1
      cockpit-system-195.12-10.3.1


References:

   https://bugzilla.suse.com/1192037
   https://bugzilla.suse.com/1192239


From sle-updates at lists.suse.com  Wed Nov 10 14:18:31 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 15:18:31 +0100 (CET)
Subject: SUSE-RU-2021:3646-1: moderate: Recommended update for crmsh
Message-ID: <20211110141831.175C1FBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for crmsh
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3646-1
Rating:             moderate
References:         #1191508 
Affected Products:
                    SUSE Linux Enterprise High Availability 15
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for crmsh fixes the following issues:

   - Update to parse lifetime option correctly in ui_resource (bsc#1191508)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise High Availability 15:

      zypper in -t patch SUSE-SLE-Product-HA-15-2021-3646=1



Package List:

   - SUSE Linux Enterprise High Availability 15 (noarch):

      crmsh-4.3.1+20211012.52d4086a-3.86.1
      crmsh-scripts-4.3.1+20211012.52d4086a-3.86.1


References:

   https://bugzilla.suse.com/1191508


From sle-updates at lists.suse.com  Wed Nov 10 14:19:49 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 15:19:49 +0100 (CET)
Subject: SUSE-RU-2021:3645-1: moderate: Recommended update for crmsh
Message-ID: <20211110141949.56960FBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for crmsh
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3645-1
Rating:             moderate
References:         #1191508 
Affected Products:
                    SUSE Linux Enterprise High Availability 15-SP1
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for crmsh fixes the following issues:

   - Update to parse lifetime option correctly in ui_resource (bsc#1191508)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise High Availability 15-SP1:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-3645=1



Package List:

   - SUSE Linux Enterprise High Availability 15-SP1 (noarch):

      crmsh-4.3.1+20211012.52d4086a-3.81.1
      crmsh-scripts-4.3.1+20211012.52d4086a-3.81.1


References:

   https://bugzilla.suse.com/1191508


From sle-updates at lists.suse.com  Wed Nov 10 20:20:15 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 21:20:15 +0100 (CET)
Subject: SUSE-RU-2021:3654-1: Recommended update for protobuf
Message-ID: <20211110202015.892DBFBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for protobuf
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3654-1
Rating:             low
References:         #1192065 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for protobuf fixes the following issue:

   - Add libprotobuf-lite28 to SDK so -devel package can be installed.
     (bsc#1192065)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3654=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      libprotobuf-lite28-3.17.3-7.9.5
      libprotobuf-lite28-debuginfo-3.17.3-7.9.5
      libprotobuf28-3.17.3-7.9.5
      libprotobuf28-debuginfo-3.17.3-7.9.5
      libprotoc28-3.17.3-7.9.5
      libprotoc28-debuginfo-3.17.3-7.9.5
      protobuf-debugsource-3.17.3-7.9.5
      protobuf-devel-3.17.3-7.9.5
      protobuf-devel-debuginfo-3.17.3-7.9.5


References:

   https://bugzilla.suse.com/1192065


From sle-updates at lists.suse.com  Wed Nov 10 20:21:36 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 21:21:36 +0100 (CET)
Subject: SUSE-SU-2021:3651-1: important: Security update for MozillaFirefox
Message-ID: <20211110202136.C4937FBAC@maintenance.suse.de>


   SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3651-1
Rating:             important
References:         #1192250 
Cross-References:   CVE-2021-38503 CVE-2021-38504 CVE-2021-38505
                    CVE-2021-38506 CVE-2021-38507 CVE-2021-38508
                    CVE-2021-38509 CVE-2021-38510
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:

   This update for MozillaFirefox fixes the following issues:

   MozillaFirefox was updated to Extended Support Release 91.3.0 ESR

   * Fixed: Various stability, functionality, and security fixes

   MFSA 2021-49 (bsc#1192250)

     * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
     * CVE-2021-38504: Use-after-free in file picker dialog
     * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive
       user data
     * CVE-2021-38506: Firefox could be coaxed into going into fullscreen
       mode without notification or warning
     * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to
       bypass the Same-Origin-Policy on services hosted on other ports
     * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
       confusion and potential spoofing
     * CVE-2021-38509: Javascript alert box could have been spoofed onto an
       arbitrary domain
     * CVE-2021-38510: Download Protections were bypassed by .inetloc files
       on Mac OS
     * MOZ-2021-0008: Use-after-free in HTTP2 Session object
     * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR
       91.3


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3651=1

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3651=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3651=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3651=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3651=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3651=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3651=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3651=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3651=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3651=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      MozillaFirefox-91.3.0-150.6.1
      MozillaFirefox-debuginfo-91.3.0-150.6.1
      MozillaFirefox-debugsource-91.3.0-150.6.1
      MozillaFirefox-devel-91.3.0-150.6.1
      MozillaFirefox-translations-common-91.3.0-150.6.1
      MozillaFirefox-translations-other-91.3.0-150.6.1

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      MozillaFirefox-91.3.0-150.6.1
      MozillaFirefox-debuginfo-91.3.0-150.6.1
      MozillaFirefox-debugsource-91.3.0-150.6.1
      MozillaFirefox-devel-91.3.0-150.6.1
      MozillaFirefox-translations-common-91.3.0-150.6.1
      MozillaFirefox-translations-other-91.3.0-150.6.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      MozillaFirefox-91.3.0-150.6.1
      MozillaFirefox-debuginfo-91.3.0-150.6.1
      MozillaFirefox-debugsource-91.3.0-150.6.1
      MozillaFirefox-devel-91.3.0-150.6.1
      MozillaFirefox-translations-common-91.3.0-150.6.1
      MozillaFirefox-translations-other-91.3.0-150.6.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      MozillaFirefox-91.3.0-150.6.1
      MozillaFirefox-debuginfo-91.3.0-150.6.1
      MozillaFirefox-debugsource-91.3.0-150.6.1
      MozillaFirefox-devel-91.3.0-150.6.1
      MozillaFirefox-translations-common-91.3.0-150.6.1
      MozillaFirefox-translations-other-91.3.0-150.6.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      MozillaFirefox-91.3.0-150.6.1
      MozillaFirefox-debuginfo-91.3.0-150.6.1
      MozillaFirefox-debugsource-91.3.0-150.6.1
      MozillaFirefox-devel-91.3.0-150.6.1
      MozillaFirefox-translations-common-91.3.0-150.6.1
      MozillaFirefox-translations-other-91.3.0-150.6.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      MozillaFirefox-91.3.0-150.6.1
      MozillaFirefox-debuginfo-91.3.0-150.6.1
      MozillaFirefox-debugsource-91.3.0-150.6.1
      MozillaFirefox-devel-91.3.0-150.6.1
      MozillaFirefox-translations-common-91.3.0-150.6.1
      MozillaFirefox-translations-other-91.3.0-150.6.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      MozillaFirefox-91.3.0-150.6.1
      MozillaFirefox-debuginfo-91.3.0-150.6.1
      MozillaFirefox-debugsource-91.3.0-150.6.1
      MozillaFirefox-devel-91.3.0-150.6.1
      MozillaFirefox-translations-common-91.3.0-150.6.1
      MozillaFirefox-translations-other-91.3.0-150.6.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      MozillaFirefox-91.3.0-150.6.1
      MozillaFirefox-debuginfo-91.3.0-150.6.1
      MozillaFirefox-debugsource-91.3.0-150.6.1
      MozillaFirefox-devel-91.3.0-150.6.1
      MozillaFirefox-translations-common-91.3.0-150.6.1
      MozillaFirefox-translations-other-91.3.0-150.6.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      MozillaFirefox-91.3.0-150.6.1
      MozillaFirefox-debuginfo-91.3.0-150.6.1
      MozillaFirefox-debugsource-91.3.0-150.6.1
      MozillaFirefox-devel-91.3.0-150.6.1
      MozillaFirefox-translations-common-91.3.0-150.6.1
      MozillaFirefox-translations-other-91.3.0-150.6.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      MozillaFirefox-91.3.0-150.6.1
      MozillaFirefox-debuginfo-91.3.0-150.6.1
      MozillaFirefox-debugsource-91.3.0-150.6.1
      MozillaFirefox-devel-91.3.0-150.6.1
      MozillaFirefox-translations-common-91.3.0-150.6.1
      MozillaFirefox-translations-other-91.3.0-150.6.1

   - SUSE CaaS Platform 4.0 (x86_64):

      MozillaFirefox-91.3.0-150.6.1
      MozillaFirefox-debuginfo-91.3.0-150.6.1
      MozillaFirefox-debugsource-91.3.0-150.6.1
      MozillaFirefox-devel-91.3.0-150.6.1
      MozillaFirefox-translations-common-91.3.0-150.6.1
      MozillaFirefox-translations-other-91.3.0-150.6.1


References:

   https://www.suse.com/security/cve/CVE-2021-38503.html
   https://www.suse.com/security/cve/CVE-2021-38504.html
   https://www.suse.com/security/cve/CVE-2021-38505.html
   https://www.suse.com/security/cve/CVE-2021-38506.html
   https://www.suse.com/security/cve/CVE-2021-38507.html
   https://www.suse.com/security/cve/CVE-2021-38508.html
   https://www.suse.com/security/cve/CVE-2021-38509.html
   https://www.suse.com/security/cve/CVE-2021-38510.html
   https://bugzilla.suse.com/1192250


From sle-updates at lists.suse.com  Wed Nov 10 20:23:05 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 21:23:05 +0100 (CET)
Subject: SUSE-SU-2021:3649-1: important: Security update for samba
Message-ID: <20211110202305.442B1FBAC@maintenance.suse.de>


   SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3649-1
Rating:             important
References:         #1014440 #1192214 #1192284 
Cross-References:   CVE-2016-2124 CVE-2020-25717 CVE-2021-23192
                   
CVSS scores:
                    CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-23192 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for samba fixes the following issues:

   - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
     require kerberos (bsc#1014440).
   - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
     user could become root on domain members (bsc#1192284).
   - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments
     against the first auth_state (bsc#1192214).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3649=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3649=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2021-3649=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      libndr-devel-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-krb5pac-devel-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-nbt-devel-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-standard-devel-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-util-devel-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbclient-devel-4.10.18+git.339.c912385a5e1-3.41.1
      libwbclient-devel-4.10.18+git.339.c912385a5e1-3.41.1
      samba-core-devel-4.10.18+git.339.c912385a5e1-3.41.1
      samba-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      samba-debugsource-4.10.18+git.339.c912385a5e1-3.41.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      libdcerpc-binding0-4.10.18+git.339.c912385a5e1-3.41.1
      libdcerpc-binding0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libdcerpc0-4.10.18+git.339.c912385a5e1-3.41.1
      libdcerpc0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-krb5pac0-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-krb5pac0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-nbt0-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-nbt0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-standard0-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-standard0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libndr0-4.10.18+git.339.c912385a5e1-3.41.1
      libndr0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libnetapi0-4.10.18+git.339.c912385a5e1-3.41.1
      libnetapi0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-credentials0-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-credentials0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-errors0-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-errors0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-hostconfig0-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-hostconfig0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-passdb0-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-passdb0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-util0-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-util0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libsamdb0-4.10.18+git.339.c912385a5e1-3.41.1
      libsamdb0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbclient0-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbclient0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbconf0-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbconf0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbldap2-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbldap2-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libtevent-util0-4.10.18+git.339.c912385a5e1-3.41.1
      libtevent-util0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      libwbclient0-4.10.18+git.339.c912385a5e1-3.41.1
      libwbclient0-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      samba-4.10.18+git.339.c912385a5e1-3.41.1
      samba-client-4.10.18+git.339.c912385a5e1-3.41.1
      samba-client-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      samba-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      samba-debugsource-4.10.18+git.339.c912385a5e1-3.41.1
      samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
      samba-libs-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      samba-libs-python3-4.10.18+git.339.c912385a5e1-3.41.1
      samba-libs-python3-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      samba-winbind-4.10.18+git.339.c912385a5e1-3.41.1
      samba-winbind-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):

      libdcerpc-binding0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libdcerpc-binding0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libdcerpc0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libdcerpc0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-krb5pac0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-krb5pac0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-nbt0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-nbt0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-standard0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libndr-standard0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libndr0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libndr0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libnetapi0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libnetapi0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-credentials0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-credentials0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-errors0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-errors0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-hostconfig0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-hostconfig0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-passdb0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-passdb0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-util0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamba-util0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamdb0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsamdb0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbclient0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbclient0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbconf0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbconf0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbldap2-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libsmbldap2-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libtevent-util0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libtevent-util0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libwbclient0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      libwbclient0-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      samba-client-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      samba-client-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      samba-libs-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      samba-libs-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      samba-libs-python3-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      samba-libs-python3-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      samba-winbind-32bit-4.10.18+git.339.c912385a5e1-3.41.1
      samba-winbind-debuginfo-32bit-4.10.18+git.339.c912385a5e1-3.41.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      samba-doc-4.10.18+git.339.c912385a5e1-3.41.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      ctdb-4.10.18+git.339.c912385a5e1-3.41.1
      ctdb-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      samba-debuginfo-4.10.18+git.339.c912385a5e1-3.41.1
      samba-debugsource-4.10.18+git.339.c912385a5e1-3.41.1


References:

   https://www.suse.com/security/cve/CVE-2016-2124.html
   https://www.suse.com/security/cve/CVE-2020-25717.html
   https://www.suse.com/security/cve/CVE-2021-23192.html
   https://bugzilla.suse.com/1014440
   https://bugzilla.suse.com/1192214
   https://bugzilla.suse.com/1192284


From sle-updates at lists.suse.com  Wed Nov 10 20:26:28 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 21:26:28 +0100 (CET)
Subject: SUSE-RU-2021:1297-3: moderate: Recommended update for systemd
Message-ID: <20211110202628.6F93DFCC9@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for systemd
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:1297-3
Rating:             moderate
References:         #1178219 
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for systemd fixes the following issues:

   - Improved the logs emitted by systemd-shutdown during the shutdown
     process, when applications cannot be stopped properly and would leave
     mount points mounted.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1297=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      systemd-bash-completion-234-24.82.1

   - SUSE Linux Enterprise Server for SAP 15 (x86_64):

      libsystemd0-234-24.82.1
      libsystemd0-32bit-234-24.82.1
      libsystemd0-32bit-debuginfo-234-24.82.1
      libsystemd0-debuginfo-234-24.82.1
      libudev-devel-234-24.82.1
      libudev1-234-24.82.1
      libudev1-32bit-234-24.82.1
      libudev1-32bit-debuginfo-234-24.82.1
      libudev1-debuginfo-234-24.82.1
      systemd-234-24.82.1
      systemd-32bit-234-24.82.1
      systemd-32bit-debuginfo-234-24.82.1
      systemd-container-234-24.82.1
      systemd-container-debuginfo-234-24.82.1
      systemd-coredump-234-24.82.1
      systemd-coredump-debuginfo-234-24.82.1
      systemd-debuginfo-234-24.82.1
      systemd-debugsource-234-24.82.1
      systemd-devel-234-24.82.1
      systemd-sysvinit-234-24.82.1
      udev-234-24.82.1
      udev-debuginfo-234-24.82.1


References:

   https://bugzilla.suse.com/1178219


From sle-updates at lists.suse.com  Wed Nov 10 20:27:49 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 21:27:49 +0100 (CET)
Subject: SUSE-SU-2021:3650-1: important: Security update for samba
Message-ID: <20211110202749.A4175FCC9@maintenance.suse.de>


   SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3650-1
Rating:             important
References:         #1014440 #1192214 #1192284 
Cross-References:   CVE-2016-2124 CVE-2020-25717 CVE-2021-23192
                   
CVSS scores:
                    CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-23192 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:
                    SUSE Linux Enterprise Module for Python2 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for samba fixes the following issues:

   - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
     require kerberos (bsc#1014440).
   - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
     user could become root on domain members (bsc#1192284).
   - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments
     against the first auth_state (bsc#1192214).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Python2 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-3650=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3650=1

   - SUSE Linux Enterprise High Availability 15-SP2:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3650=1



Package List:

   - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64):

      samba-ad-dc-4.11.14+git.308.666c63d4eea-4.28.1
      samba-ad-dc-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-debugsource-4.11.14+git.308.666c63d4eea-4.28.1
      samba-dsdb-modules-4.11.14+git.308.666c63d4eea-4.28.1
      samba-dsdb-modules-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      libdcerpc-binding0-4.11.14+git.308.666c63d4eea-4.28.1
      libdcerpc-binding0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libdcerpc-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libdcerpc-samr-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libdcerpc-samr0-4.11.14+git.308.666c63d4eea-4.28.1
      libdcerpc-samr0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libdcerpc0-4.11.14+git.308.666c63d4eea-4.28.1
      libdcerpc0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-krb5pac-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-krb5pac0-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-krb5pac0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-nbt-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-nbt0-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-nbt0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-standard-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-standard0-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-standard0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libndr0-4.11.14+git.308.666c63d4eea-4.28.1
      libndr0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libnetapi-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libnetapi0-4.11.14+git.308.666c63d4eea-4.28.1
      libnetapi0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-credentials-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-credentials0-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-credentials0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-errors-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-errors0-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-errors0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-hostconfig-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-hostconfig0-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-hostconfig0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-passdb-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-passdb0-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-passdb0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-policy-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-policy-python3-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-policy0-python3-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-policy0-python3-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-util-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-util0-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-util0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamdb-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libsamdb0-4.11.14+git.308.666c63d4eea-4.28.1
      libsamdb0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbclient-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbclient0-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbclient0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbconf-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbconf0-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbconf0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbldap-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbldap2-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbldap2-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libtevent-util-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libtevent-util0-4.11.14+git.308.666c63d4eea-4.28.1
      libtevent-util0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libwbclient-devel-4.11.14+git.308.666c63d4eea-4.28.1
      libwbclient0-4.11.14+git.308.666c63d4eea-4.28.1
      libwbclient0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-4.11.14+git.308.666c63d4eea-4.28.1
      samba-client-4.11.14+git.308.666c63d4eea-4.28.1
      samba-client-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-core-devel-4.11.14+git.308.666c63d4eea-4.28.1
      samba-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-debugsource-4.11.14+git.308.666c63d4eea-4.28.1
      samba-dsdb-modules-4.11.14+git.308.666c63d4eea-4.28.1
      samba-dsdb-modules-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-libs-4.11.14+git.308.666c63d4eea-4.28.1
      samba-libs-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-libs-python3-4.11.14+git.308.666c63d4eea-4.28.1
      samba-libs-python3-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-python3-4.11.14+git.308.666c63d4eea-4.28.1
      samba-python3-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-winbind-4.11.14+git.308.666c63d4eea-4.28.1
      samba-winbind-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):

      samba-ceph-4.11.14+git.308.666c63d4eea-4.28.1
      samba-ceph-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64):

      libdcerpc-binding0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libdcerpc-binding0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libdcerpc0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libdcerpc0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-krb5pac0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-krb5pac0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-nbt0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-nbt0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-standard0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libndr-standard0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libndr0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libndr0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libnetapi0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libnetapi0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-credentials0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-credentials0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-errors0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-errors0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-hostconfig0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-passdb0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-passdb0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-util0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libsamba-util0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsamdb0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libsamdb0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbconf0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbconf0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbldap2-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libsmbldap2-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libtevent-util0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libtevent-util0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      libwbclient0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      libwbclient0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-libs-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      samba-libs-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-winbind-32bit-4.11.14+git.308.666c63d4eea-4.28.1
      samba-winbind-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1

   - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):

      ctdb-4.11.14+git.308.666c63d4eea-4.28.1
      ctdb-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
      samba-debugsource-4.11.14+git.308.666c63d4eea-4.28.1


References:

   https://www.suse.com/security/cve/CVE-2016-2124.html
   https://www.suse.com/security/cve/CVE-2020-25717.html
   https://www.suse.com/security/cve/CVE-2021-23192.html
   https://bugzilla.suse.com/1014440
   https://bugzilla.suse.com/1192214
   https://bugzilla.suse.com/1192284


From sle-updates at lists.suse.com  Wed Nov 10 20:29:35 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 21:29:35 +0100 (CET)
Subject: SUSE-SU-2021:3652-1: moderate: Security update for pcre
Message-ID: <20211110202935.44F2AFCC9@maintenance.suse.de>


   SUSE Security Update: Security update for pcre
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3652-1
Rating:             moderate
References:         #1025709 #1030066 #1030803 #1030805 #1030807 
                    #1172973 #1172974 
Cross-References:   CVE-2017-6004 CVE-2017-7186 CVE-2017-7244
                    CVE-2017-7245 CVE-2017-7246 CVE-2019-20838
                    CVE-2020-14155
CVSS scores:
                    CVE-2017-6004 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2017-6004 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2017-7186 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2017-7244 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2017-7245 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2017-7246 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-20838 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2019-20838 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-14155 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2020-14155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Workstation Extension 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    SUSE Linux Enterprise High Availability 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP4
                    SUSE Linux Enterprise High Availability 12-SP3
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that fixes 7 vulnerabilities is now available.

Description:

   This update for pcre fixes the following issues:

   Update pcre to version 8.45:

   - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C'
     substring (bsc#1172974).
   - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973).
   - CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807).
   - CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring
     (bsc#1030805).
   - CVE-2017-7246: Fixed another buffer overflow in the
     pcre32_copy_substring (bsc#1030803).
   - CVE-2017-7186: Fixed denial of service caused by an invalid Unicode
     property lookup (bsc#1030066).
   - CVE-2017-6004: Fixed denial of service via crafted regular expression
     (bsc#1025709).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3652=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3652=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3652=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3652=1

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3652=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3652=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3652=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3652=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3652=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3652=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3652=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3652=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3652=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2021-3652=1

   - SUSE Linux Enterprise High Availability 12-SP4:

      zypper in -t patch SUSE-SLE-HA-12-SP4-2021-3652=1

   - SUSE Linux Enterprise High Availability 12-SP3:

      zypper in -t patch SUSE-SLE-HA-12-SP3-2021-3652=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3652=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1

   - SUSE OpenStack Cloud 9 (x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1

   - SUSE OpenStack Cloud 9 (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2

   - SUSE OpenStack Cloud 8 (x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1

   - SUSE OpenStack Cloud 8 (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      libpcrecpp0-32bit-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-32bit-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1
      pcre-devel-static-8.45-8.7.1
      pcre-tools-8.45-8.7.1
      pcre-tools-debuginfo-8.45-8.7.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      selinux-policy-devel-20140730-36.5.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2

   - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1

   - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):

      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1

   - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):

      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1

   - HPE Helion Openstack 8 (x86_64):

      libpcre1-32bit-8.45-8.7.1
      libpcre1-8.45-8.7.1
      libpcre1-debuginfo-32bit-8.45-8.7.1
      libpcre1-debuginfo-8.45-8.7.1
      libpcre16-0-8.45-8.7.1
      libpcre16-0-debuginfo-8.45-8.7.1
      libpcrecpp0-8.45-8.7.1
      libpcrecpp0-debuginfo-8.45-8.7.1
      libpcreposix0-8.45-8.7.1
      libpcreposix0-debuginfo-8.45-8.7.1
      pcre-debugsource-8.45-8.7.1
      pcre-devel-8.45-8.7.1

   - HPE Helion Openstack 8 (noarch):

      selinux-policy-20140730-36.5.2
      selinux-policy-devel-20140730-36.5.2
      selinux-policy-minimum-20140730-36.5.2


References:

   https://www.suse.com/security/cve/CVE-2017-6004.html
   https://www.suse.com/security/cve/CVE-2017-7186.html
   https://www.suse.com/security/cve/CVE-2017-7244.html
   https://www.suse.com/security/cve/CVE-2017-7245.html
   https://www.suse.com/security/cve/CVE-2017-7246.html
   https://www.suse.com/security/cve/CVE-2019-20838.html
   https://www.suse.com/security/cve/CVE-2020-14155.html
   https://bugzilla.suse.com/1025709
   https://bugzilla.suse.com/1030066
   https://bugzilla.suse.com/1030803
   https://bugzilla.suse.com/1030805
   https://bugzilla.suse.com/1030807
   https://bugzilla.suse.com/1172973
   https://bugzilla.suse.com/1172974


From sle-updates at lists.suse.com  Wed Nov 10 20:32:01 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 21:32:01 +0100 (CET)
Subject: SUSE-SU-2021:3647-1: important: Security update for samba and ldb
Message-ID: <20211110203201.198DFFCC9@maintenance.suse.de>


   SUSE Security Update: Security update for samba and ldb
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3647-1
Rating:             important
References:         #1014440 #1192214 #1192215 #1192246 #1192247 
                    #1192283 #1192284 #1192505 
Cross-References:   CVE-2016-2124 CVE-2020-25717 CVE-2020-25718
                    CVE-2020-25719 CVE-2020-25721 CVE-2020-25722
                    CVE-2021-23192 CVE-2021-3738
CVSS scores:
                    CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
                    CVE-2020-25718 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-25719 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-25722 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23192 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
                    CVE-2021-3738 (SUSE): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Module for Python2 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise High Availability 15-SP3
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:

   This update for samba and ldb fixes the following issues:

   - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator
     tickets to other servers (bsc#1192246).
   - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215).
   - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
     require kerberos (bsc#1014440).
   - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
     user could become root on domain members (bsc#1192284).
   - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given
     (bsc#1192247).
   - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level
     bug for AD DC validation issues) (bsc#1192283).
   - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments
     against the first auth_state (bsc#1192214).
   - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values
     (bsc#1192505).

   Samba was updated to 4.13.13

   * rodc_rwdc test flaps;(bso#14868).
   * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).
   * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit'
     S4U2Proxy Constrained Delegation bypass in Samba with embedded
     Heimdal;(bso#14642).
   * Python ldb.msg_diff() memory handling failure;(bso#14836).
   * "in" operator on ldb.Message is case sensitive;(bso#14845).
   * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871).
   * Allow special chars like "@" in samAccountName when generating the
     salt;(bso#14874).
   * Fix transit path validation;(bso#12998).
   * Prepare to operate with MIT krb5 >= 1.20;(bso#14870).
   * rpcclient NetFileEnum and net rpc file both cause lock order violation:
     brlock.tdb, share_entries.tdb;(bso#14645).
   * Python ldb.msg_diff() memory handling failure;(bso#14836).
   * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).

   Samba was updated to 4.13.12:

   * Address a signifcant performance regression in database access in the AD
     DC since Samba 4.12;(bso#14806).
   * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba
     4.9 by using an explicit database handle cache; (bso#14807).
   * An unuthenticated user can crash the AD DC KDC by omitting the server
     name in a TGS-REQ;(bso#14817).
   * Address flapping samba_tool_drs_showrepl test;(bso#14818).
   * Address flapping dsdb_schema_attributes test;(bso#14819).
   * An unuthenticated user can crash the AD DC KDC by omitting the server
     name in a TGS-REQ;(bso#14817).
   * Fix CTDB flag/status update race conditions(bso#14784).

   Samba was updated to 4.13.11:

   * smbd: panic on force-close share during offload write; (bso#14769).
   * Fix returned attributes on fake quota file handle and avoid hitting the
     VFS;(bso#14731).
   * smbd: "deadtime" parameter doesn't work anymore;(bso#14783).
   * net conf list crashes when run as normal user;(bso#14787).
   * Work around special SMB2 READ response behavior of NetApp Ontap
     7.3.7;(bso#14607).
   * Start the SMB encryption as soon as possible;(bso#14793).
   * Winbind should not start if the socket path for the privileged pipe is
     too long;(bso#14792).

   ldb was updated to 2.2.2:

   + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets
     to other servers; (bsc#1192246); (bso#14558)
   + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848)

   Release ldb 2.2.2

   + Corrected python behaviour for 'in' for LDAP attributes contained as
     part of ldb.Message;(bso#14845).
   + Fix memory handling in ldb.msg_diff Corrected python
     docstrings;(bso#14836)
   + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3647=1

   - SUSE Linux Enterprise Module for Python2 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-3647=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3647=1

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3647=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      ldb-debugsource-2.2.2-3.3.1
      libldb2-2.2.2-3.3.1
      libldb2-debuginfo-2.2.2-3.3.1

   - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64):

      samba-ad-dc-4.13.13+git.528.140935f8d6a-3.12.1
      samba-ad-dc-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-debugsource-4.13.13+git.528.140935f8d6a-3.12.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      ldb-debugsource-2.2.2-3.3.1
      ldb-tools-2.2.2-3.3.1
      ldb-tools-debuginfo-2.2.2-3.3.1
      libdcerpc-binding0-4.13.13+git.528.140935f8d6a-3.12.1
      libdcerpc-binding0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libdcerpc-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libdcerpc-samr-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libdcerpc-samr0-4.13.13+git.528.140935f8d6a-3.12.1
      libdcerpc-samr0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libdcerpc0-4.13.13+git.528.140935f8d6a-3.12.1
      libdcerpc0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libldb-devel-2.2.2-3.3.1
      libldb2-2.2.2-3.3.1
      libldb2-debuginfo-2.2.2-3.3.1
      libndr-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-krb5pac-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-krb5pac0-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-krb5pac0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-nbt-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-nbt0-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-nbt0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-standard-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-standard0-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-standard0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libndr1-4.13.13+git.528.140935f8d6a-3.12.1
      libndr1-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libnetapi-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libnetapi0-4.13.13+git.528.140935f8d6a-3.12.1
      libnetapi0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-credentials-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-credentials0-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-credentials0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-errors-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-errors0-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-errors0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-hostconfig-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-hostconfig0-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-hostconfig0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-passdb-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-passdb0-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-passdb0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-policy-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-policy-python3-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-policy0-python3-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-policy0-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-util-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-util0-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-util0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamdb-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libsamdb0-4.13.13+git.528.140935f8d6a-3.12.1
      libsamdb0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbclient0-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbclient0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbconf-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbconf0-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbconf0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbldap-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbldap2-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbldap2-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libtevent-util-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libtevent-util0-4.13.13+git.528.140935f8d6a-3.12.1
      libtevent-util0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libwbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1
      libwbclient0-4.13.13+git.528.140935f8d6a-3.12.1
      libwbclient0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      python3-ldb-2.2.2-3.3.1
      python3-ldb-debuginfo-2.2.2-3.3.1
      python3-ldb-devel-2.2.2-3.3.1
      samba-4.13.13+git.528.140935f8d6a-3.12.1
      samba-client-4.13.13+git.528.140935f8d6a-3.12.1
      samba-client-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-core-devel-4.13.13+git.528.140935f8d6a-3.12.1
      samba-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-debugsource-4.13.13+git.528.140935f8d6a-3.12.1
      samba-dsdb-modules-4.13.13+git.528.140935f8d6a-3.12.1
      samba-dsdb-modules-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-gpupdate-4.13.13+git.528.140935f8d6a-3.12.1
      samba-ldb-ldap-4.13.13+git.528.140935f8d6a-3.12.1
      samba-ldb-ldap-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-libs-4.13.13+git.528.140935f8d6a-3.12.1
      samba-libs-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-libs-python3-4.13.13+git.528.140935f8d6a-3.12.1
      samba-libs-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-python3-4.13.13+git.528.140935f8d6a-3.12.1
      samba-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-winbind-4.13.13+git.528.140935f8d6a-3.12.1
      samba-winbind-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):

      samba-ceph-4.13.13+git.528.140935f8d6a-3.12.1
      samba-ceph-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):

      libdcerpc-binding0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libdcerpc-binding0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libdcerpc0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libdcerpc0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libldb2-32bit-2.2.2-3.3.1
      libldb2-32bit-debuginfo-2.2.2-3.3.1
      libndr-krb5pac0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-krb5pac0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-nbt0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-nbt0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-standard0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libndr-standard0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libndr1-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libndr1-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libnetapi0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libnetapi0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-credentials0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-credentials0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-errors0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-errors0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-hostconfig0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-hostconfig0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-passdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-passdb0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libsamba-util0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsamdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libsamdb0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbconf0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbconf0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbldap2-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libsmbldap2-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libtevent-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libtevent-util0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      libwbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      libwbclient0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-libs-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      samba-libs-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-winbind-32bit-4.13.13+git.528.140935f8d6a-3.12.1
      samba-winbind-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      ctdb-4.13.13+git.528.140935f8d6a-3.12.1
      ctdb-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
      samba-debugsource-4.13.13+git.528.140935f8d6a-3.12.1


References:

   https://www.suse.com/security/cve/CVE-2016-2124.html
   https://www.suse.com/security/cve/CVE-2020-25717.html
   https://www.suse.com/security/cve/CVE-2020-25718.html
   https://www.suse.com/security/cve/CVE-2020-25719.html
   https://www.suse.com/security/cve/CVE-2020-25721.html
   https://www.suse.com/security/cve/CVE-2020-25722.html
   https://www.suse.com/security/cve/CVE-2021-23192.html
   https://www.suse.com/security/cve/CVE-2021-3738.html
   https://bugzilla.suse.com/1014440
   https://bugzilla.suse.com/1192214
   https://bugzilla.suse.com/1192215
   https://bugzilla.suse.com/1192246
   https://bugzilla.suse.com/1192247
   https://bugzilla.suse.com/1192283
   https://bugzilla.suse.com/1192284
   https://bugzilla.suse.com/1192505


From sle-updates at lists.suse.com  Wed Nov 10 20:34:18 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 10 Nov 2021 21:34:18 +0100 (CET)
Subject: SUSE-SU-2021:3653-1: important: Security update for qemu
Message-ID: <20211110203418.365E8FCC9@maintenance.suse.de>


   SUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3653-1
Rating:             important
References:         #1189702 #1189938 
Cross-References:   CVE-2021-3713 CVE-2021-3748
CVSS scores:
                    CVE-2021-3713 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-3748 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for qemu fixes the following issues:

   Security issues fixed:

   - Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation
     (bsc#1189702, CVE-2021-3713)
   - Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938,
     CVE-2021-3748)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3653=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3653=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3653=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3653=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3653=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3653=1



Package List:

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      qemu-2.9.1-43.62.1
      qemu-block-curl-2.9.1-43.62.1
      qemu-block-curl-debuginfo-2.9.1-43.62.1
      qemu-block-iscsi-2.9.1-43.62.1
      qemu-block-iscsi-debuginfo-2.9.1-43.62.1
      qemu-block-rbd-2.9.1-43.62.1
      qemu-block-rbd-debuginfo-2.9.1-43.62.1
      qemu-block-ssh-2.9.1-43.62.1
      qemu-block-ssh-debuginfo-2.9.1-43.62.1
      qemu-debugsource-2.9.1-43.62.1
      qemu-guest-agent-2.9.1-43.62.1
      qemu-guest-agent-debuginfo-2.9.1-43.62.1
      qemu-kvm-2.9.1-43.62.1
      qemu-lang-2.9.1-43.62.1
      qemu-tools-2.9.1-43.62.1
      qemu-tools-debuginfo-2.9.1-43.62.1
      qemu-x86-2.9.1-43.62.1
      qemu-x86-debuginfo-2.9.1-43.62.1

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      qemu-ipxe-1.0.0+-43.62.1
      qemu-seabios-1.10.2_0_g5f4c7b1-43.62.1
      qemu-sgabios-8-43.62.1
      qemu-vgabios-1.10.2_0_g5f4c7b1-43.62.1

   - SUSE OpenStack Cloud 8 (noarch):

      qemu-ipxe-1.0.0+-43.62.1
      qemu-seabios-1.10.2_0_g5f4c7b1-43.62.1
      qemu-sgabios-8-43.62.1
      qemu-vgabios-1.10.2_0_g5f4c7b1-43.62.1

   - SUSE OpenStack Cloud 8 (x86_64):

      qemu-2.9.1-43.62.1
      qemu-block-curl-2.9.1-43.62.1
      qemu-block-curl-debuginfo-2.9.1-43.62.1
      qemu-block-iscsi-2.9.1-43.62.1
      qemu-block-iscsi-debuginfo-2.9.1-43.62.1
      qemu-block-rbd-2.9.1-43.62.1
      qemu-block-rbd-debuginfo-2.9.1-43.62.1
      qemu-block-ssh-2.9.1-43.62.1
      qemu-block-ssh-debuginfo-2.9.1-43.62.1
      qemu-debugsource-2.9.1-43.62.1
      qemu-guest-agent-2.9.1-43.62.1
      qemu-guest-agent-debuginfo-2.9.1-43.62.1
      qemu-kvm-2.9.1-43.62.1
      qemu-lang-2.9.1-43.62.1
      qemu-tools-2.9.1-43.62.1
      qemu-tools-debuginfo-2.9.1-43.62.1
      qemu-x86-2.9.1-43.62.1
      qemu-x86-debuginfo-2.9.1-43.62.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      qemu-2.9.1-43.62.1
      qemu-block-curl-2.9.1-43.62.1
      qemu-block-curl-debuginfo-2.9.1-43.62.1
      qemu-block-iscsi-2.9.1-43.62.1
      qemu-block-iscsi-debuginfo-2.9.1-43.62.1
      qemu-block-ssh-2.9.1-43.62.1
      qemu-block-ssh-debuginfo-2.9.1-43.62.1
      qemu-debugsource-2.9.1-43.62.1
      qemu-guest-agent-2.9.1-43.62.1
      qemu-guest-agent-debuginfo-2.9.1-43.62.1
      qemu-lang-2.9.1-43.62.1
      qemu-tools-2.9.1-43.62.1
      qemu-tools-debuginfo-2.9.1-43.62.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le):

      qemu-ppc-2.9.1-43.62.1
      qemu-ppc-debuginfo-2.9.1-43.62.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):

      qemu-block-rbd-2.9.1-43.62.1
      qemu-block-rbd-debuginfo-2.9.1-43.62.1
      qemu-kvm-2.9.1-43.62.1
      qemu-x86-2.9.1-43.62.1
      qemu-x86-debuginfo-2.9.1-43.62.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):

      qemu-ipxe-1.0.0+-43.62.1
      qemu-seabios-1.10.2_0_g5f4c7b1-43.62.1
      qemu-sgabios-8-43.62.1
      qemu-vgabios-1.10.2_0_g5f4c7b1-43.62.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      qemu-2.9.1-43.62.1
      qemu-block-curl-2.9.1-43.62.1
      qemu-block-curl-debuginfo-2.9.1-43.62.1
      qemu-block-iscsi-2.9.1-43.62.1
      qemu-block-iscsi-debuginfo-2.9.1-43.62.1
      qemu-block-ssh-2.9.1-43.62.1
      qemu-block-ssh-debuginfo-2.9.1-43.62.1
      qemu-debugsource-2.9.1-43.62.1
      qemu-guest-agent-2.9.1-43.62.1
      qemu-guest-agent-debuginfo-2.9.1-43.62.1
      qemu-lang-2.9.1-43.62.1
      qemu-tools-2.9.1-43.62.1
      qemu-tools-debuginfo-2.9.1-43.62.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 x86_64):

      qemu-block-rbd-2.9.1-43.62.1
      qemu-block-rbd-debuginfo-2.9.1-43.62.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):

      qemu-kvm-2.9.1-43.62.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64):

      qemu-arm-2.9.1-43.62.1
      qemu-arm-debuginfo-2.9.1-43.62.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le):

      qemu-ppc-2.9.1-43.62.1
      qemu-ppc-debuginfo-2.9.1-43.62.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64):

      qemu-x86-2.9.1-43.62.1
      qemu-x86-debuginfo-2.9.1-43.62.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):

      qemu-ipxe-1.0.0+-43.62.1
      qemu-seabios-1.10.2_0_g5f4c7b1-43.62.1
      qemu-sgabios-8-43.62.1
      qemu-vgabios-1.10.2_0_g5f4c7b1-43.62.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x):

      qemu-s390-2.9.1-43.62.1
      qemu-s390-debuginfo-2.9.1-43.62.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      qemu-2.9.1-43.62.1
      qemu-block-curl-2.9.1-43.62.1
      qemu-block-curl-debuginfo-2.9.1-43.62.1
      qemu-block-iscsi-2.9.1-43.62.1
      qemu-block-iscsi-debuginfo-2.9.1-43.62.1
      qemu-block-rbd-2.9.1-43.62.1
      qemu-block-rbd-debuginfo-2.9.1-43.62.1
      qemu-block-ssh-2.9.1-43.62.1
      qemu-block-ssh-debuginfo-2.9.1-43.62.1
      qemu-debugsource-2.9.1-43.62.1
      qemu-guest-agent-2.9.1-43.62.1
      qemu-guest-agent-debuginfo-2.9.1-43.62.1
      qemu-kvm-2.9.1-43.62.1
      qemu-lang-2.9.1-43.62.1
      qemu-tools-2.9.1-43.62.1
      qemu-tools-debuginfo-2.9.1-43.62.1
      qemu-x86-2.9.1-43.62.1
      qemu-x86-debuginfo-2.9.1-43.62.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (noarch):

      qemu-ipxe-1.0.0+-43.62.1
      qemu-seabios-1.10.2_0_g5f4c7b1-43.62.1
      qemu-sgabios-8-43.62.1
      qemu-vgabios-1.10.2_0_g5f4c7b1-43.62.1

   - HPE Helion Openstack 8 (noarch):

      qemu-ipxe-1.0.0+-43.62.1
      qemu-seabios-1.10.2_0_g5f4c7b1-43.62.1
      qemu-sgabios-8-43.62.1
      qemu-vgabios-1.10.2_0_g5f4c7b1-43.62.1

   - HPE Helion Openstack 8 (x86_64):

      qemu-2.9.1-43.62.1
      qemu-block-curl-2.9.1-43.62.1
      qemu-block-curl-debuginfo-2.9.1-43.62.1
      qemu-block-iscsi-2.9.1-43.62.1
      qemu-block-iscsi-debuginfo-2.9.1-43.62.1
      qemu-block-rbd-2.9.1-43.62.1
      qemu-block-rbd-debuginfo-2.9.1-43.62.1
      qemu-block-ssh-2.9.1-43.62.1
      qemu-block-ssh-debuginfo-2.9.1-43.62.1
      qemu-debugsource-2.9.1-43.62.1
      qemu-guest-agent-2.9.1-43.62.1
      qemu-guest-agent-debuginfo-2.9.1-43.62.1
      qemu-kvm-2.9.1-43.62.1
      qemu-lang-2.9.1-43.62.1
      qemu-tools-2.9.1-43.62.1
      qemu-tools-debuginfo-2.9.1-43.62.1
      qemu-x86-2.9.1-43.62.1
      qemu-x86-debuginfo-2.9.1-43.62.1


References:

   https://www.suse.com/security/cve/CVE-2021-3713.html
   https://www.suse.com/security/cve/CVE-2021-3748.html
   https://bugzilla.suse.com/1189702
   https://bugzilla.suse.com/1189938


From sle-updates at lists.suse.com  Thu Nov 11 07:55:36 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 11 Nov 2021 08:55:36 +0100 (CET)
Subject: SUSE-CU-2021:499-1: Security update of suse/sles12sp5
Message-ID: <20211111075536.42410FBAC@maintenance.suse.de>

SUSE Container Update Advisory: suse/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:499-1
Container Tags        : suse/sles12sp5:6.5.257 , suse/sles12sp5:latest
Container Release     : 6.5.257
Severity              : moderate
Type                  : security
References            : 1025709 1030066 1030803 1030805 1030807 1172973 1172974 CVE-2017-6004
                        CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 CVE-2019-20838
                        CVE-2020-14155 
-----------------------------------------------------------------

The container suse/sles12sp5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3652-1
Released:    Wed Nov 10 17:41:22 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1025709,1030066,1030803,1030805,1030807,1172973,1172974,CVE-2017-6004,CVE-2017-7186,CVE-2017-7244,CVE-2017-7245,CVE-2017-7246,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973).
- CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807).
- CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805).
- CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803).
- CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066).
- CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709).


The following package changes have been done:

- libpcre1-8.45-8.7.1 updated

From sle-updates at lists.suse.com  Thu Nov 11 14:27:17 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 11 Nov 2021 15:27:17 +0100 (CET)
Subject: SUSE-SU-2021:3658-1: important: Security update for the Linux Kernel
Message-ID: <20211111142717.223A4FBAC@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3658-1
Rating:             important
References:         #1065729 #1085030 #1152489 #1154353 #1156395 
                    #1157177 #1167773 #1172073 #1173604 #1176940 
                    #1184673 #1185762 #1186063 #1187167 #1188563 
                    #1189841 #1190006 #1190067 #1190349 #1190351 
                    #1190479 #1190620 #1190642 #1190795 #1190941 
                    #1191229 #1191241 #1191315 #1191317 #1191349 
                    #1191384 #1191449 #1191450 #1191451 #1191452 
                    #1191455 #1191456 #1191628 #1191731 #1191800 
                    #1191934 #1191958 #1192040 #1192041 #1192107 
                    #1192145 
Cross-References:   CVE-2021-3542 CVE-2021-3655 CVE-2021-3715
                    CVE-2021-3760 CVE-2021-3772 CVE-2021-3896
                    CVE-2021-41864 CVE-2021-42008 CVE-2021-42252
                    CVE-2021-42739 CVE-2021-43056
CVSS scores:
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:
                    SUSE MicroOS 5.0
                    SUSE Linux Enterprise Module for Realtime 15-SP2
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 35 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP2 Real Time kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
     (bsc#1188563).
   - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
     Power8 (bnc#1192107).
   - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
     drivers/isdn/capi/kcapi.c (bsc#1191958).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
     (bsc#1186063).
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
     (bnc#1190479).
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access
     (bsc#1191315).

   The following non-security bugs were fixed:

   - ACPI: bgrt: Fix CFI violation (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
   - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
     (git-fixes).
   - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
     (git-fixes).
   - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
   - ALSA: seq: Fix a potential UAF by wrong private_free call order
     (git-fixes).
   - ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
   - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
   - ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
   - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
   - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
   - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
     (git-fixes).
   - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
   - HID: u2fzero: ignore incomplete packets without data (git-fixes).
   - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
   - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
     (git-fixes).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - Input: snvs_pwrkey - add clk handling (git-fixes).
   - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
   - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
     SPRs are live (bsc#1156395).
   - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
     (bsc#1156395).
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
     registers (bsc#1156395).
   - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
   - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
   - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
     (git-fixes).
   - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
     (git-fixes).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
   - USB: cdc-acm: clean up probe error labels (git-fixes).
   - USB: cdc-acm: fix minor-number release (git-fixes).
   - USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
   - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
   - USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
   - USB: serial: qcserial: add EM9191 QDL support (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - ata: ahci_platform: fix null-ptr-deref in
     ahci_platform_enable_regulators() (git-fixes).
   - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
     (git-fixes).
   - audit: fix possible null-pointer dereference in audit_filter_rules
     (git-fixes).
   - bfq: Remove merged request already in bfq_requests_merged()
     (bsc#1191456).
   - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
     (bsc#1191452).
   - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
   - bnxt_en: Fix TX timeout when TX ring size is set to the smallest
     (git-fixes).
   - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
     (git-fixes).
   - bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
   - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
   - can: dev: can_restart: fix use after free bug (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: fix use after free bugs (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
     error path (git-fixes).
   - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
   - cb710: avoid NULL pointer subtraction (git-fixes).
   - ceph: fix handling of "meta" errors (bsc#1192041).
   - ceph: skip existing superblocks that are blocklisted or shut down when
     mounting (bsc#1192040).
   - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
   - drm/amd/display: Pass PCI deviceid into DC (git-fixes).
   - drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
   - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
   - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
     (git-fixes).
   - drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
   - drm/nouveau/debugfs: fix file release memory leak (git-fixes).
   - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
   - e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - e100: handle eeprom as little endian (git-fixes).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - ext4: report correct st_size for encrypted symlinks (bsc#1191449).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - fscrypt: add fscrypt_symlink_getattr() for computing st_size
     (bsc#1191449).
   - gpio: pca953x: Improve bias setting (git-fixes).
   - gve: Avoid freeing NULL pointer (git-fixes).
   - gve: Correct available tx qpl check (git-fixes).
   - gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
   - gve: fix gve_get_stats() (git-fixes).
   - gve: report 64bit tx_bytes counter from gve_handle_report_stats()
     (bsc#1176940).
   - hso: fix bailout in error case of probe (git-fixes).
   - i2c: acpi: fix resource leak in reconfiguration device addition
     (git-fixes).
   - i40e: Fix ATR queue selection (git-fixes).
   - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
   - i40e: fix endless loop under rtnl (git-fixes).
   - iavf: fix double unlock of crit_lock (git-fixes).
   - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
   - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
     (git-fixes).
   - iio: adc: aspeed: set driver data when adc probe (git-fixes).
   - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
   - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
   - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
   - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
     (git-fixes).
   - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
   - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
   - isdn: mISDN: Fix sleeping function called from invalid context
     (git-fixes).
   - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
   - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
   - kernel-binary.spec: Do not sign kernel when no key provided
     (bsc#1187167).
   - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
     well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating
     (bsc#1189841).")
   - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
   - lan78xx: select CRC32 (git-fixes).
   - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
     (git-fixes).
   - mac80211: Drop frames from invalid MAC address in ad-hoc mode
     (git-fixes).
   - mac80211: check return value of rhashtable_init (git-fixes).
   - mei: me: add Ice Lake-N device id (git-fixes).
   - mlx5: count all link events (git-fixes).
   - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
   - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
   - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
     (git-fixes).
   - mmc: vub300: fix control-message timeouts (git-fixes).
   - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
   - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
   - net/mlx4_en: Resolve bad operstate value (git-fixes).
   - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
   - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
   - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
   - net: batman-adv: fix error handling (git-fixes).
   - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
     (git-fixes).
   - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
     (git-fixes).
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
     (git-fixes).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: lan78xx: fix division by zero in send path (git-fixes).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
     bsc#1191800).
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
     (git-fixes).
   - netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
   - nfc: fix error handling of nfc_proto_register() (git-fixes).
   - nfc: port100: fix using -ERRNO as command type mask (git-fixes).
   - nvme-fc: avoid race between time out and tear down (bsc#1185762).
   - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
   - nvme-fc: update hardware queues before using them (bsc#1185762).
   - nvme-pci: Fix abort command id (git-fixes).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme: add command id quirk for apple controllers (git-fixes).
   - ocfs2: fix data corruption after conversion from inline format
     (bsc#1190795).
   - pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
     (git-fixes).
   - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
     run_smbios_call (git-fixes).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
     git-fixes).
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
     (git-fixes).
   - ptp_pch: Load module automatically if ID matches (git-fixes).
   - ptp_pch: Restore dependency on PCI (git-fixes).
   - qed: Fix missing error code in qed_slowpath_start() (git-fixes).
   - qed: Handle management FW error (git-fixes).
   - qed: rdma - do not wait for resources under hw error recovery flow
     (git-fixes).
   - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
   - rpm: fix kmp install path
   - rpm: use _rpmmacrodir (boo#1191384)
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
     (bsc#1192145).
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
     (bsc#1192145).
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
     (bsc#1191349).
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
     (bsc#1190941).
   - scsi: qla2xxx: Check for firmware capability before creating QPair
     (bsc#1190941).
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
     (bsc#1190941).
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
     (bsc#1190941).
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
     (bsc#1190941).
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
     (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
     (bsc#1190941).
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
     (bsc#1190941).
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190941).
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
     (bsc#1190941).
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - sctp: check asoc peer.asconf_capable before processing asconf
     (bsc#1190351).
   - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
   - spi: spi-nxp-fspi: do not depend on a specific node name erratum
     workaround (git-fixes).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
     (bsc#1065729).
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: hso: remove the bailout parameter (git-fixes).
   - usb: musb: dsps: Fix the probe error path (git-fixes).
   - video: fbdev: gbefb: Only instantiate device when built for IP32
     (git-fixes).
   - virtio: write back F_VERSION_1 before validate (git-fixes).
   - watchdog: orion: use 0 for unset heartbeat (git-fixes).
   - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
   - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
     (bsc#1152489).
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
     (bsc#1152489).
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: ensure that the inode uid/gid match values match the icdinode ones
     (bsc#1190006).
   - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
     (bsc#1190642).
   - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
   - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
   - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
     (git-fixes).
   - xhci: Fix command ring pointer corruption while aborting a command
     (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3658=1

   - SUSE Linux Enterprise Module for Realtime 15-SP2:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-3658=1



Package List:

   - SUSE MicroOS 5.0 (x86_64):

      kernel-rt-5.3.18-57.1
      kernel-rt-debuginfo-5.3.18-57.1
      kernel-rt-debugsource-5.3.18-57.1

   - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch):

      kernel-devel-rt-5.3.18-57.1
      kernel-source-rt-5.3.18-57.1

   - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64):

      cluster-md-kmp-rt-5.3.18-57.1
      cluster-md-kmp-rt-debuginfo-5.3.18-57.1
      dlm-kmp-rt-5.3.18-57.1
      dlm-kmp-rt-debuginfo-5.3.18-57.1
      gfs2-kmp-rt-5.3.18-57.1
      gfs2-kmp-rt-debuginfo-5.3.18-57.1
      kernel-rt-5.3.18-57.1
      kernel-rt-debuginfo-5.3.18-57.1
      kernel-rt-debugsource-5.3.18-57.1
      kernel-rt-devel-5.3.18-57.1
      kernel-rt-devel-debuginfo-5.3.18-57.1
      kernel-rt_debug-5.3.18-57.1
      kernel-rt_debug-debuginfo-5.3.18-57.1
      kernel-rt_debug-debugsource-5.3.18-57.1
      kernel-rt_debug-devel-5.3.18-57.1
      kernel-rt_debug-devel-debuginfo-5.3.18-57.1
      kernel-syms-rt-5.3.18-57.1
      ocfs2-kmp-rt-5.3.18-57.1
      ocfs2-kmp-rt-debuginfo-5.3.18-57.1


References:

   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3715.html
   https://www.suse.com/security/cve/CVE-2021-3760.html
   https://www.suse.com/security/cve/CVE-2021-3772.html
   https://www.suse.com/security/cve/CVE-2021-3896.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42252.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://www.suse.com/security/cve/CVE-2021-43056.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1157177
   https://bugzilla.suse.com/1167773
   https://bugzilla.suse.com/1172073
   https://bugzilla.suse.com/1173604
   https://bugzilla.suse.com/1176940
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1185762
   https://bugzilla.suse.com/1186063
   https://bugzilla.suse.com/1187167
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1189841
   https://bugzilla.suse.com/1190006
   https://bugzilla.suse.com/1190067
   https://bugzilla.suse.com/1190349
   https://bugzilla.suse.com/1190351
   https://bugzilla.suse.com/1190479
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190642
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1190941
   https://bugzilla.suse.com/1191229
   https://bugzilla.suse.com/1191241
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191317
   https://bugzilla.suse.com/1191349
   https://bugzilla.suse.com/1191384
   https://bugzilla.suse.com/1191449
   https://bugzilla.suse.com/1191450
   https://bugzilla.suse.com/1191451
   https://bugzilla.suse.com/1191452
   https://bugzilla.suse.com/1191455
   https://bugzilla.suse.com/1191456
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191731
   https://bugzilla.suse.com/1191800
   https://bugzilla.suse.com/1191934
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1192040
   https://bugzilla.suse.com/1192041
   https://bugzilla.suse.com/1192107
   https://bugzilla.suse.com/1192145


From sle-updates at lists.suse.com  Thu Nov 11 14:37:43 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 11 Nov 2021 15:37:43 +0100 (CET)
Subject: SUSE-SU-2021:3655-1: important: Security update for the Linux Kernel
Message-ID: <20211111143743.589B2FBAC@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3655-1
Rating:             important
References:         #1065729 #1085030 #1152472 #1152489 #1156395 
                    #1172073 #1173604 #1176447 #1176774 #1176914 
                    #1178134 #1180100 #1181147 #1184673 #1185762 
                    #1186063 #1186109 #1187167 #1188563 #1189841 
                    #1190006 #1190067 #1190349 #1190351 #1190479 
                    #1190620 #1190642 #1190795 #1190801 #1190941 
                    #1191229 #1191240 #1191241 #1191315 #1191317 
                    #1191349 #1191384 #1191449 #1191450 #1191451 
                    #1191452 #1191455 #1191456 #1191628 #1191645 
                    #1191663 #1191731 #1191800 #1191867 #1191934 
                    #1191958 #1192040 #1192041 #1192074 #1192107 
                    #1192145 
Cross-References:   CVE-2021-33033 CVE-2021-34866 CVE-2021-3542
                    CVE-2021-3655 CVE-2021-3715 CVE-2021-3760
                    CVE-2021-3772 CVE-2021-3896 CVE-2021-41864
                    CVE-2021-42008 CVE-2021-42252 CVE-2021-42739
                    CVE-2021-43056
CVSS scores:
                    CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-34866 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Workstation Extension 15-SP3
                    SUSE Linux Enterprise Module for Live Patching 15-SP3
                    SUSE Linux Enterprise Module for Legacy Software 15-SP3
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise High Availability 15-SP3
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has 43 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
   security and bugfixes.

   NOTE: This update was retracted due to a NFS regression.

   The following security bugs were fixed:

   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
     (bsc#1188563).
   - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
     Power8 (bnc#1192107).
   - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
     drivers/isdn/capi/kcapi.c (bsc#1191958).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
     (bsc#1186063).
   - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in
     net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the
     DOI definitions is mishandled (bsc#1186109).
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation
     Vulnerability (bsc#1191645).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
     (bnc#1190479).
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access
     (bsc#1191315).

   The following non-security bugs were fixed:

   - ACPI: NFIT: Use fallback node id when numa info in NFIT table is
     incorrect (git-fixes).
   - ACPI: bgrt: Fix CFI violation (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
     (git-fixes).
   - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
   - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
   - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
     (git-fixes).
   - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560
     laptop (git-fixes).
   - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo
     13s Gen2 (git-fixes).
   - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
     (git-fixes).
   - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i
     15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).
   - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
   - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors
     (bsc#1190801).
   - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
     (git-fixes).
   - ALSA: seq: Fix a potential UAF by wrong private_free call order
     (git-fixes).
   - ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
   - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
   - ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
   - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
     (git-fixes).
   - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).
   - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for
     the matching in-/output (git-fixes).
   - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).
   - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types
     (git-fixes).
   - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types
     (git-fixes).
   - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
     (git-fixes).
   - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).
   - ASoC: dapm: use component prefix when checking widget names (git-fixes).
   - ASoC: fsl_spdif: register platform component before registering cpu dai
     (git-fixes).
   - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
   - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
   - Configure mpi3mr as currently unsupported (jsc#SLE-18120)
   - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
     (git-fixes).
   - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
   - HID: u2fzero: ignore incomplete packets without data (git-fixes).
   - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
   - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
     (git-fixes).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - Input: snvs_pwrkey - add clk handling (git-fixes).
   - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
   - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
     SPRs are live (bsc#1156395).
   - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
     (bsc#1156395).
   - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936
     git-fixes).
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
     registers (bsc#1156395).
   - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
   - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
   - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
     (git-fixes).
   - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
     (git-fixes).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
   - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
   - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails
     (git-fixes).
   - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent
     (git-fixes).
   - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
   - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
   - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147).
   - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
     (bsc#1181147).
   - USB: cdc-acm: clean up probe error labels (git-fixes).
   - USB: cdc-acm: fix minor-number release (git-fixes).
   - USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
   - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
   - USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
   - USB: serial: qcserial: add EM9191 QDL support (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - ata: ahci_platform: fix null-ptr-deref in
     ahci_platform_enable_regulators() (git-fixes).
   - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
     (git-fixes).
   - audit: fix possible null-pointer dereference in audit_filter_rules
     (git-fixes).
   - bfq: Remove merged request already in bfq_requests_merged()
     (bsc#1191456).
   - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
     (bsc#1191452).
   - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
   - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem()
     (jsc#SLE-16649).
   - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
     (git-fixes).
   - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
   - bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
   - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
   - can: dev: can_restart: fix use after free bug (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: fix use after free bugs (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
     error path (git-fixes).
   - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
   - cb710: avoid NULL pointer subtraction (git-fixes).
   - ceph: fix handling of "meta" errors (bsc#1192041).
   - ceph: skip existing superblocks that are blocklisted or shut down when
     mounting (bsc#1192040).
   - cfg80211: correct bridge/4addr mode check (git-fixes).
   - cfg80211: fix management registrations locking (git-fixes).
   - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
   - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614
     bsc#1176914 ltc#186394 git-fixes).
   - drm/amd/display: Pass PCI deviceid into DC (git-fixes).
   - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
   - drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
   - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read
     (git-fixes).
   - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: 	*
     context changes in intel_timeline_fini()
   - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
   - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
     (git-fixes).
   - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes).
   - drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
   - drm/nouveau/debugfs: fix file release memory leak (git-fixes).
   - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
   - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows
     (git-fixes).
   - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
   - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
   - drm/panfrost: Make sure MMU context lifetime is not bound to
     (bsc#1152472)
   - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
   - e1000e: Drop patch to avoid regressions until real fix is available
     (bsc#1191663).
   - e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - e100: handle eeprom as little endian (git-fixes).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - ext4: report correct st_size for encrypted symlinks (bsc#1191449).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - fscrypt: add fscrypt_symlink_getattr() for computing st_size
     (bsc#1191449).
   - gpio: pca953x: Improve bias setting (git-fixes).
   - hso: fix bailout in error case of probe (git-fixes).
   - i2c: acpi: fix resource leak in reconfiguration device addition
     (git-fixes).
   - ice: fix getting UDP tunnel entry (jsc#SLE-12878).
   - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
     (git-fixes).
   - iio: adc: aspeed: set driver data when adc probe (git-fixes).
   - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
   - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
   - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
   - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
     (git-fixes).
   - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
   - isdn: mISDN: Fix sleeping function called from invalid context
     (git-fixes).
   - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15
     (git-fixes).
   - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
   - kABI workaround for HD-audio probe retry changes (bsc#1190801).
   - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes).
   - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
   - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167
     bsc#1191240 ltc#194716).
   - kernel-binary.spec: Do not sign kernel when no key provided
     (bsc#1187167).
   - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
     well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating
     (bsc#1189841).")
   - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
   - lan78xx: select CRC32 (git-fixes).
   - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
     (git-fixes).
   - mac80211: Drop frames from invalid MAC address in ad-hoc mode
     (git-fixes).
   - mac80211: check return value of rhashtable_init (git-fixes).
   - mei: me: add Ice Lake-N device id (git-fixes).
   - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
   - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
     (git-fixes).
   - mmc: vub300: fix control-message timeouts (git-fixes).
   - net/mlx5: E-Switch, Fix double allocation of acl flow counter
     (jsc#SLE-15172).
   - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
   - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and
     LRO combined (jsc#SLE-15172).
   - net/sched: ets: fix crash when flipping from 'strict' to 'quantum'
     (bsc#1176774).
   - net: batman-adv: fix error handling (git-fixes).
   - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
     (git-fixes).
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - net: hns3: check queue id range before using (jsc#SLE-14777).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
     (git-fixes).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: lan78xx: fix division by zero in send path (git-fixes).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
     bsc#1191800).
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
     (git-fixes).
   - netfilter: Drop fragmented ndisc packets assembled in netfilter
     (git-fixes).
   - netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
   - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has
     garbage value (bsc#1176447).
   - nfc: fix error handling of nfc_proto_register() (git-fixes).
   - nfc: port100: fix using -ERRNO as command type mask (git-fixes).
   - nvme-fc: avoid race between time out and tear down (bsc#1185762).
   - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
   - nvme-fc: update hardware queues before using them (bsc#1185762).
   - nvme-pci: Fix abort command id (git-fixes).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme: add command id quirk for apple controllers (git-fixes).
   - ocfs2: fix data corruption after conversion from inline format
     (bsc#1190795).
   - pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
     (git-fixes).
   - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes
     (git-fixes).
   - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
     run_smbios_call (git-fixes).
   - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes).
   - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847
     git-fixes).
   - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash
     (jsc#SLE-13847 git-fixes).
   - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time()
     (jsc#SLE-9246 git-fixes).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable
     code in tests (jsc#SLE-13847 git-fixes).
   - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static
     (jsc#SLE-13847 git-fixes).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
     git-fixes).
   - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100
     ltc#190257 git-fixes).
   - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2
     (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847
     git-fixes).
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe,
     code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
   - powerpc: Do not use 'struct ppc_inst' to reference instruction location
     (jsc#SLE-13847 git-fixes).
   - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100
     ltc#190257 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
     (git-fixes).
   - ptp_pch: Load module automatically if ID matches (git-fixes).
   - ptp_pch: Restore dependency on PCI (git-fixes).
   - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
   - rpm: fix kmp install path
   - rpm: use _rpmmacrodir (boo#1191384)
   - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867
     ltc#194757).
   - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim
     (git-fixes).
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
     (bsc#1192145).
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
     (bsc#1192145).
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
     (bsc#1191349).
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
   - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120).
   - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
   - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
   - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for device add/remove event handling
     (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for timestamp sync with firmware
     (jsc#SLE-18120).
   - scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
   - scsi: mpi3mr: Allow certain commands during pci-remove hook
     (jsc#SLE-18120).
   - scsi: mpi3mr: Base driver code (jsc#SLE-18120).
   - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
   - scsi: mpi3mr: Create operational request and reply queue pair
     (jsc#SLE-18120).
   - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes).
   - scsi: mpi3mr: Fix missing unlock on error (git-fixes).
   - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives
     (jsc#SLE-18120).
   - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120).
   - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
   - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120).
   - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
   - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (jsc#SLE-18120).
   - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI
     (jsc#SLE-18120).
   - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O
     timeout (jsc#SLE-18120).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
     (bsc#1190941).
   - scsi: qla2xxx: Check for firmware capability before creating QPair
     (bsc#1190941).
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
     (bsc#1190941).
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
     (bsc#1190941).
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
     (bsc#1190941).
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
     (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
     (bsc#1190941).
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
     (bsc#1190941).
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190941).
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
     (bsc#1190941).
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - scsi: target: Fix the pgr/alua_support_store functions (git-fixes).
   - sctp: check asoc peer.asconf_capable before processing asconf
     (bsc#1190351).
   - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
   - spi: spi-nxp-fspi: do not depend on a specific node name erratum
     workaround (git-fixes).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
     (bsc#1065729).
   - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes).
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: hso: remove the bailout parameter (git-fixes).
   - usb: musb: dsps: Fix the probe error path (git-fixes).
   - video: fbdev: gbefb: Only instantiate device when built for IP32
     (git-fixes).
   - virtio: write back F_VERSION_1 before validate (git-fixes).
   - watchdog: orion: use 0 for unset heartbeat (git-fixes).
   - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
     (bsc#1152489).
   - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0]
     (bsc#1178134).
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: ensure that the inode uid/gid match values match the icdinode ones
     (bsc#1190006).
   - xfs: fix I_DONTCACHE (bsc#1192074).
   - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
     (bsc#1190642).
   - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
   - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
   - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
     (git-fixes).
   - xhci: Fix command ring pointer corruption while aborting a command
     (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3655=1

   - SUSE Linux Enterprise Workstation Extension 15-SP3:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3655=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3655=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-3655=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3655=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3655=1

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3655=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      kernel-default-5.3.18-59.30.1
      kernel-default-base-5.3.18-59.30.1.18.17.1
      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1

   - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):

      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1
      kernel-default-extra-5.3.18-59.30.1
      kernel-default-extra-debuginfo-5.3.18-59.30.1
      kernel-preempt-debuginfo-5.3.18-59.30.1
      kernel-preempt-debugsource-5.3.18-59.30.1
      kernel-preempt-extra-5.3.18-59.30.1
      kernel-preempt-extra-debuginfo-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1
      kernel-default-livepatch-5.3.18-59.30.1
      kernel-default-livepatch-devel-5.3.18-59.30.1
      kernel-livepatch-5_3_18-59_30-default-1-7.3.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1
      reiserfs-kmp-default-5.3.18-59.30.1
      reiserfs-kmp-default-debuginfo-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-5.3.18-59.30.1
      kernel-obs-build-debugsource-5.3.18-59.30.1
      kernel-syms-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):

      kernel-preempt-debuginfo-5.3.18-59.30.1
      kernel-preempt-debugsource-5.3.18-59.30.1
      kernel-preempt-devel-5.3.18-59.30.1
      kernel-preempt-devel-debuginfo-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):

      kernel-docs-5.3.18-59.30.1
      kernel-source-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-5.3.18-59.30.1
      kernel-default-base-5.3.18-59.30.1.18.17.1
      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1
      kernel-default-devel-5.3.18-59.30.1
      kernel-default-devel-debuginfo-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):

      kernel-preempt-5.3.18-59.30.1
      kernel-preempt-debuginfo-5.3.18-59.30.1
      kernel-preempt-debugsource-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):

      kernel-64kb-5.3.18-59.30.1
      kernel-64kb-debuginfo-5.3.18-59.30.1
      kernel-64kb-debugsource-5.3.18-59.30.1
      kernel-64kb-devel-5.3.18-59.30.1
      kernel-64kb-devel-debuginfo-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      kernel-devel-5.3.18-59.30.1
      kernel-macros-5.3.18-59.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):

      kernel-zfcpdump-5.3.18-59.30.1
      kernel-zfcpdump-debuginfo-5.3.18-59.30.1
      kernel-zfcpdump-debugsource-5.3.18-59.30.1

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-59.30.1
      cluster-md-kmp-default-debuginfo-5.3.18-59.30.1
      dlm-kmp-default-5.3.18-59.30.1
      dlm-kmp-default-debuginfo-5.3.18-59.30.1
      gfs2-kmp-default-5.3.18-59.30.1
      gfs2-kmp-default-debuginfo-5.3.18-59.30.1
      kernel-default-debuginfo-5.3.18-59.30.1
      kernel-default-debugsource-5.3.18-59.30.1
      ocfs2-kmp-default-5.3.18-59.30.1
      ocfs2-kmp-default-debuginfo-5.3.18-59.30.1


References:

   https://www.suse.com/security/cve/CVE-2021-33033.html
   https://www.suse.com/security/cve/CVE-2021-34866.html
   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3715.html
   https://www.suse.com/security/cve/CVE-2021-3760.html
   https://www.suse.com/security/cve/CVE-2021-3772.html
   https://www.suse.com/security/cve/CVE-2021-3896.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42252.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://www.suse.com/security/cve/CVE-2021-43056.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1152472
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1172073
   https://bugzilla.suse.com/1173604
   https://bugzilla.suse.com/1176447
   https://bugzilla.suse.com/1176774
   https://bugzilla.suse.com/1176914
   https://bugzilla.suse.com/1178134
   https://bugzilla.suse.com/1180100
   https://bugzilla.suse.com/1181147
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1185762
   https://bugzilla.suse.com/1186063
   https://bugzilla.suse.com/1186109
   https://bugzilla.suse.com/1187167
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1189841
   https://bugzilla.suse.com/1190006
   https://bugzilla.suse.com/1190067
   https://bugzilla.suse.com/1190349
   https://bugzilla.suse.com/1190351
   https://bugzilla.suse.com/1190479
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190642
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1190801
   https://bugzilla.suse.com/1190941
   https://bugzilla.suse.com/1191229
   https://bugzilla.suse.com/1191240
   https://bugzilla.suse.com/1191241
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191317
   https://bugzilla.suse.com/1191349
   https://bugzilla.suse.com/1191384
   https://bugzilla.suse.com/1191449
   https://bugzilla.suse.com/1191450
   https://bugzilla.suse.com/1191451
   https://bugzilla.suse.com/1191452
   https://bugzilla.suse.com/1191455
   https://bugzilla.suse.com/1191456
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191645
   https://bugzilla.suse.com/1191663
   https://bugzilla.suse.com/1191731
   https://bugzilla.suse.com/1191800
   https://bugzilla.suse.com/1191867
   https://bugzilla.suse.com/1191934
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1192040
   https://bugzilla.suse.com/1192041
   https://bugzilla.suse.com/1192074
   https://bugzilla.suse.com/1192107
   https://bugzilla.suse.com/1192145


From sle-updates at lists.suse.com  Thu Nov 11 14:47:19 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 11 Nov 2021 15:47:19 +0100 (CET)
Subject: SUSE-SU-2021:3657-1: important: Security update for bind
Message-ID: <20211111144719.11799FBAC@maintenance.suse.de>


   SUSE Security Update: Security update for bind
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3657-1
Rating:             important
References:         #1192146 
Cross-References:   CVE-2021-25219
CVSS scores:
                    CVE-2021-25219 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-25219 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for bind fixes the following issues:

   - CVE-2021-25219: Fixed lame cache that could have been abused to severely
     degrade resolver performance (bsc#1192146).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3657=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3657=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      bind-debuginfo-9.11.22-3.37.1
      bind-debugsource-9.11.22-3.37.1
      bind-devel-9.11.22-3.37.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      bind-9.11.22-3.37.1
      bind-chrootenv-9.11.22-3.37.1
      bind-debuginfo-9.11.22-3.37.1
      bind-debugsource-9.11.22-3.37.1
      bind-utils-9.11.22-3.37.1
      bind-utils-debuginfo-9.11.22-3.37.1
      libbind9-161-9.11.22-3.37.1
      libbind9-161-debuginfo-9.11.22-3.37.1
      libdns1110-9.11.22-3.37.1
      libdns1110-debuginfo-9.11.22-3.37.1
      libirs161-9.11.22-3.37.1
      libirs161-debuginfo-9.11.22-3.37.1
      libisc1107-9.11.22-3.37.1
      libisc1107-debuginfo-9.11.22-3.37.1
      libisccc161-9.11.22-3.37.1
      libisccc161-debuginfo-9.11.22-3.37.1
      libisccfg163-9.11.22-3.37.1
      libisccfg163-debuginfo-9.11.22-3.37.1
      liblwres161-9.11.22-3.37.1
      liblwres161-debuginfo-9.11.22-3.37.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):

      libisc1107-32bit-9.11.22-3.37.1
      libisc1107-debuginfo-32bit-9.11.22-3.37.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      bind-doc-9.11.22-3.37.1
      python-bind-9.11.22-3.37.1


References:

   https://www.suse.com/security/cve/CVE-2021-25219.html
   https://bugzilla.suse.com/1192146


From sle-updates at lists.suse.com  Thu Nov 11 14:48:40 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 11 Nov 2021 15:48:40 +0100 (CET)
Subject: SUSE-RU-2021:3656-1: moderate: Recommended update for bpftrace
Message-ID: <20211111144840.2748CFBAC@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for bpftrace
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3656-1
Rating:             moderate
References:         
Affected Products:
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
______________________________________________________________________________

   An update that has 0 recommended fixes can now be installed.

Description:


   This update for bpftrace fixes the following issue:

   - rebuilt against the latest binutils version update.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3656=1



Package List:

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      bpftrace-0.11.4-3.4.2

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):

      bpftrace-tools-0.11.4-3.4.2


References:



From sle-updates at lists.suse.com  Fri Nov 12 11:19:05 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 12 Nov 2021 12:19:05 +0100 (CET)
Subject: SUSE-RU-2021:3659-1: important: Recommended update for
 gnome-control-center
Message-ID: <20211112111905.729BBFCC9@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for gnome-control-center
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3659-1
Rating:             important
References:         #1190875 
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15-SP3
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for gnome-control-center fixes the following issues:

   - Restore patch that prompts error messages when wicked is used as network
     manager (bsc#1190875)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15-SP3:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3659=1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3659=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):

      gnome-control-center-color-3.34.6-9.3.1
      gnome-control-center-debuginfo-3.34.6-9.3.1
      gnome-control-center-debugsource-3.34.6-9.3.1
      gnome-control-center-goa-3.34.6-9.3.1
      gnome-control-center-user-faces-3.34.6-9.3.1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      gnome-control-center-3.34.6-9.3.1
      gnome-control-center-debuginfo-3.34.6-9.3.1
      gnome-control-center-debugsource-3.34.6-9.3.1
      gnome-control-center-devel-3.34.6-9.3.1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch):

      gnome-control-center-lang-3.34.6-9.3.1


References:

   https://bugzilla.suse.com/1190875


From sle-updates at lists.suse.com  Fri Nov 12 14:17:41 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 12 Nov 2021 15:17:41 +0100 (CET)
Subject: SUSE-RU-2021:3660-1: moderate: Recommended update for NetworkManager
Message-ID: <20211112141741.B12DFFCC9@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for NetworkManager
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3660-1
Rating:             moderate
References:         #1192055 
Affected Products:
                    SUSE Manager Tools 12
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for NetworkManager fixes the following issues:

   - Add missing dependencies so NetworkManager can be properly installed on
     SDK.(bsc#1192055)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Tools 12:

      zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-3660=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3660=1



Package List:

   - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64):

      libnewt0_52-0.52.16-3.5.1
      libnewt0_52-debuginfo-0.52.16-3.5.1
      newt-0.52.16-3.5.1
      newt-debuginfo-0.52.16-3.5.1
      newt-debugsource-0.52.16-3.5.1
      python-newt-0.52.16-3.5.1
      python-newt-debuginfo-0.52.16-3.5.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      libndp-debuginfo-1.6-4.2.5
      libndp-debugsource-1.6-4.2.5
      libndp0-1.6-4.2.5
      libndp0-debuginfo-1.6-4.2.5
      libnewt0_52-0.52.16-3.5.1
      libnewt0_52-debuginfo-0.52.16-3.5.1
      newt-debuginfo-0.52.16-3.5.1
      newt-debugsource-0.52.16-3.5.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      NetworkManager-branding-SLE-12.2-3.2.5


References:

   https://bugzilla.suse.com/1192055


From sle-updates at lists.suse.com  Sat Nov 13 07:30:50 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Sat, 13 Nov 2021 08:30:50 +0100 (CET)
Subject: SUSE-CU-2021:506-1: Security update of bci/golang
Message-ID: <20211113073050.EC300FCC9@maintenance.suse.de>

SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:506-1
Container Tags        : bci/golang:1.16
Container Release     : 5.1
Severity              : important
Type                  : security
References            : 1172973 1172974 1177127 1179898 1179899 1179900 1179901 1179902
                        1179903 1180451 1180454 1180461 1181452 1182252 1183511 1183909
                        1184519 1184620 1184794 1186503 1186602 1187224 1187425 1187466
                        1187738 1187760 1188156 1188435 1188941 1189031 1190059 1190199
                        1190465 1190712 1190815 1190850 1191473 1191987 1192267 CVE-2019-20838
                        CVE-2020-14155 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593
                        CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496
                        CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-20294 CVE-2021-3487
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3026-1
Released:    Fri Oct 23 15:35:49 2020
Summary:     Optional update for the Public Cloud Module
Type:        optional
Severity:    moderate
References:  

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:

- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:294-1
Released:    Wed Feb  3 12:54:28 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate
References:  

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:656-1
Released:    Mon Mar  1 09:34:21 2021
Summary:     Recommended update for protobuf
Type:        recommended
Severity:    moderate
References:  1177127
This update for protobuf fixes the following issues:

- Add missing dependency of python subpackages on python-six. (bsc#1177127)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3501-1
Released:    Fri Oct 22 10:42:46 2021
Summary:     Recommended update for libzypp, zypper, libsolv, protobuf
Type:        recommended
Severity:    moderate
References:  1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3564-1
Released:    Wed Oct 27 16:12:08 2021
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    moderate
References:  1190850
This update for rpm-config-SUSE fixes the following issues:

- Support ZSTD compressed kernel modules. (bsc#1190850)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3616-1
Released:    Thu Nov  4 12:29:16 2021
Summary:     Security update for binutils
Type:        security
Severity:    moderate
References:  1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487
This update for binutils fixes the following issues:

Update to binutils 2.37:

* The GNU Binutils sources now requires a C99 compiler and library to
  build.
* Support for Realm Management Extension (RME) for AArch64 has been
  added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
  has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
  special treatment of __start_*/__stop_* references when
  --gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
  cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
  specify how the numeric values of symbols are reported.
  --sym-base=0|8|10|16 tells readelf to display the values in base 8,
  base 10 or base 16.  A sym base of 0 represents the default action
  of displaying values under 10000 in base 10 and values above that in
  base 16.
* A new format has been added to the nm program.  Specifying
  '--format=just-symbols' (or just using -j) will tell the program to
  only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
  objcopy and strip.  This stops the removal of unused section symbols
  when the file is copied.  Removing these symbols saves space, but
  sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
  supported by objcopy now make undefined symbols weak on targets that
  support weak symbols. 
* Readelf and objdump can now display and use the contents of .debug_sup
  sections.
* Readelf and objdump will now follow links to separate debug info
  files by default.  This behaviour can be stopped via the use of the
  new '-wN' or '--debug-dump=no-follow-links' options for readelf and
  the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
  the old behaviour can be restored by the use of the
  '--enable-follow-debug-links=no' configure time option.

  The semantics of the =follow-links option have also been slightly
  changed.  When enabled, the option allows for the loading of symbol
  tables and string tables from the separate files which can be used
  to enhance the information displayed when dumping other sections,
  but it does not automatically imply that information from the
  separate files should be displayed.

  If other debug section display options are also enabled (eg
  '--debug-dump=info') then the contents of matching sections in both
  the main file and the separate debuginfo file *will* be displayed.
  This is because in most cases the debug section will only be present
  in one of the files.

  If however non-debug section display options are enabled (eg
  '--sections') then the contents of matching parts of the separate
  debuginfo file will *not* be displayed.  This is because in most
  cases the user probably only wanted to load the symbol information
  from the separate debuginfo file.  In order to change this behaviour
  a new command line option --process-links can be used.  This will
  allow di0pslay options to applied to both the main file and any
  separate debuginfo files.

* Nm has a new command line option: '--quiet'.  This suppresses 'no
  symbols' diagnostic.

Update to binutils 2.36:

New features in the Assembler:

- General:

   * When setting the link order attribute of ELF sections, it is now
     possible to use a numeric section index instead of symbol name.
   * Added a .nop directive to generate a single no-op instruction in
     a target neutral manner.  This instruction does have an effect on
     DWARF line number generation, if that is active.
   * Removed --reduce-memory-overheads and --hash-size as gas now
     uses hash tables that can be expand and shrink automatically.

- X86/x86_64:

   * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
     Locker instructions. 
   * Support non-absolute segment values for lcall and ljmp.
   * Add {disp16} pseudo prefix to x86 assembler.
   * Configure with --enable-x86-used-note by default for Linux/x86.

-  ARM/AArch64:

   * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
     Cortex-R82, Neoverse V1, and Neoverse N2 cores.
   * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
     Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
     Stack Recorder Extension) and BRBE (Branch Record Buffer
     Extension) system registers.
   * Add support for Armv8-R and Armv8.7-A ISA extensions.
   * Add support for DSB memory nXS barrier, WFET and WFIT
     instruction for Armv8.7.
   * Add support for +csre feature for -march. Add CSR PDEC
     instruction for CSRE feature in AArch64.
   * Add support for +flagm feature for -march in Armv8.4 AArch64.
   * Add support for +ls64 feature for -march in Armv8.7
     AArch64. Add atomic 64-byte load/store instructions for this
     feature. 
   * Add support for +pauth (Pointer Authentication) feature for
     -march in AArch64.

New features in the Linker:

  * Add --error-handling-script=<NAME> command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new 
     command-line option --ctf-share-types describes how to do this:
     its default value, share-unconflicted, produces the most compact
     output.
  * The linker now omits the 'variable section' from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.

New features in other binary tools:

  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=<style>,
    --no-demangle, --recurse-limit and --no-recurse-limit options
    are also now availale.

The following security fixes are addressed by the update:

- CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452).
- CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
- CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620).
- CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794).
- CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898).
- CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899).
- CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900).
- CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901).
- CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902).
- CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903)
- CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451).
- CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454).
- CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3643-1
Released:    Tue Nov  9 19:32:18 2021
Summary:     Security update for binutils
Type:        security
Severity:    moderate
References:  1183909,1184519,1188941,1191473,1192267,CVE-2021-20294
This update for binutils fixes the following issues:

- For compatibility on old code stream that expect 'brcl 0,label' to
  not be disassembled as 'jgnop label' on s390x.  (bsc#1192267)
  This reverts IBM zSeries HLASM support for now.
- Fixed that ppc64 optflags did not enable LTO (bsc#1188941).
- Fix empty man-pages from broken release tarball
- Fixed a memory corruption with rpath option (bsc#1191473).
- Fixed slow performance of stripping some binaries (bsc#1183909).

Security issue fixed:

- CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519)



The following package changes have been done:

- binutils-2.37-7.26.1 updated
- libctf-nobfd0-2.37-7.26.1 updated
- libctf0-2.37-7.26.1 updated
- libpcre1-8.45-20.10.1 updated
- libprotobuf-lite20-3.9.2-4.9.1 added
- libsolv-tools-0.7.20-9.2 updated
- libzypp-17.28.5-15.2 updated
- pam-1.3.0-6.50.1 updated
- rpm-config-SUSE-1-5.3.1 updated
- zypper-1.14.49-16.1 updated
- container:sles15-image-15.0.0-17.8.31 updated

From sle-updates at lists.suse.com  Sat Nov 13 07:31:09 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Sat, 13 Nov 2021 08:31:09 +0100 (CET)
Subject: SUSE-CU-2021:507-1: Security update of bci/golang
Message-ID: <20211113073109.D9584FCC9@maintenance.suse.de>

SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:507-1
Container Tags        : bci/golang:1.17
Container Release     : 3.1
Severity              : moderate
Type                  : security
References            : 1179898 1179899 1179900 1179901 1179902 1179903 1180451 1180454
                        1180461 1181452 1182252 1183511 1183909 1184519 1184620 1184794
                        1188941 1191473 1192267 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592
                        CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493
                        CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-20294
                        CVE-2021-3487 
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3616-1
Released:    Thu Nov  4 12:29:16 2021
Summary:     Security update for binutils
Type:        security
Severity:    moderate
References:  1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487
This update for binutils fixes the following issues:

Update to binutils 2.37:

* The GNU Binutils sources now requires a C99 compiler and library to
  build.
* Support for Realm Management Extension (RME) for AArch64 has been
  added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
  has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
  special treatment of __start_*/__stop_* references when
  --gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
  cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
  specify how the numeric values of symbols are reported.
  --sym-base=0|8|10|16 tells readelf to display the values in base 8,
  base 10 or base 16.  A sym base of 0 represents the default action
  of displaying values under 10000 in base 10 and values above that in
  base 16.
* A new format has been added to the nm program.  Specifying
  '--format=just-symbols' (or just using -j) will tell the program to
  only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
  objcopy and strip.  This stops the removal of unused section symbols
  when the file is copied.  Removing these symbols saves space, but
  sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
  supported by objcopy now make undefined symbols weak on targets that
  support weak symbols. 
* Readelf and objdump can now display and use the contents of .debug_sup
  sections.
* Readelf and objdump will now follow links to separate debug info
  files by default.  This behaviour can be stopped via the use of the
  new '-wN' or '--debug-dump=no-follow-links' options for readelf and
  the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
  the old behaviour can be restored by the use of the
  '--enable-follow-debug-links=no' configure time option.

  The semantics of the =follow-links option have also been slightly
  changed.  When enabled, the option allows for the loading of symbol
  tables and string tables from the separate files which can be used
  to enhance the information displayed when dumping other sections,
  but it does not automatically imply that information from the
  separate files should be displayed.

  If other debug section display options are also enabled (eg
  '--debug-dump=info') then the contents of matching sections in both
  the main file and the separate debuginfo file *will* be displayed.
  This is because in most cases the debug section will only be present
  in one of the files.

  If however non-debug section display options are enabled (eg
  '--sections') then the contents of matching parts of the separate
  debuginfo file will *not* be displayed.  This is because in most
  cases the user probably only wanted to load the symbol information
  from the separate debuginfo file.  In order to change this behaviour
  a new command line option --process-links can be used.  This will
  allow di0pslay options to applied to both the main file and any
  separate debuginfo files.

* Nm has a new command line option: '--quiet'.  This suppresses 'no
  symbols' diagnostic.

Update to binutils 2.36:

New features in the Assembler:

- General:

   * When setting the link order attribute of ELF sections, it is now
     possible to use a numeric section index instead of symbol name.
   * Added a .nop directive to generate a single no-op instruction in
     a target neutral manner.  This instruction does have an effect on
     DWARF line number generation, if that is active.
   * Removed --reduce-memory-overheads and --hash-size as gas now
     uses hash tables that can be expand and shrink automatically.

- X86/x86_64:

   * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
     Locker instructions. 
   * Support non-absolute segment values for lcall and ljmp.
   * Add {disp16} pseudo prefix to x86 assembler.
   * Configure with --enable-x86-used-note by default for Linux/x86.

-  ARM/AArch64:

   * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
     Cortex-R82, Neoverse V1, and Neoverse N2 cores.
   * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
     Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
     Stack Recorder Extension) and BRBE (Branch Record Buffer
     Extension) system registers.
   * Add support for Armv8-R and Armv8.7-A ISA extensions.
   * Add support for DSB memory nXS barrier, WFET and WFIT
     instruction for Armv8.7.
   * Add support for +csre feature for -march. Add CSR PDEC
     instruction for CSRE feature in AArch64.
   * Add support for +flagm feature for -march in Armv8.4 AArch64.
   * Add support for +ls64 feature for -march in Armv8.7
     AArch64. Add atomic 64-byte load/store instructions for this
     feature. 
   * Add support for +pauth (Pointer Authentication) feature for
     -march in AArch64.

New features in the Linker:

  * Add --error-handling-script=<NAME> command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new 
     command-line option --ctf-share-types describes how to do this:
     its default value, share-unconflicted, produces the most compact
     output.
  * The linker now omits the 'variable section' from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.

New features in other binary tools:

  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=<style>,
    --no-demangle, --recurse-limit and --no-recurse-limit options
    are also now availale.

The following security fixes are addressed by the update:

- CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452).
- CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
- CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620).
- CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794).
- CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898).
- CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899).
- CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900).
- CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901).
- CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902).
- CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903)
- CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451).
- CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454).
- CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3643-1
Released:    Tue Nov  9 19:32:18 2021
Summary:     Security update for binutils
Type:        security
Severity:    moderate
References:  1183909,1184519,1188941,1191473,1192267,CVE-2021-20294
This update for binutils fixes the following issues:

- For compatibility on old code stream that expect 'brcl 0,label' to
  not be disassembled as 'jgnop label' on s390x.  (bsc#1192267)
  This reverts IBM zSeries HLASM support for now.
- Fixed that ppc64 optflags did not enable LTO (bsc#1188941).
- Fix empty man-pages from broken release tarball
- Fixed a memory corruption with rpath option (bsc#1191473).
- Fixed slow performance of stripping some binaries (bsc#1183909).

Security issue fixed:

- CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519)



The following package changes have been done:

- binutils-2.37-7.26.1 updated
- libctf-nobfd0-2.37-7.26.1 updated
- libctf0-2.37-7.26.1 updated
- container:sles15-image-15.0.0-17.8.31 updated

From sle-updates at lists.suse.com  Mon Nov 15 11:18:27 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 15 Nov 2021 12:18:27 +0100 (CET)
Subject: SUSE-RU-2021:3661-1: moderate: Recommended update for rsyslog
Message-ID: <20211115111827.034FDFCC9@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for rsyslog
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3661-1
Rating:             moderate
References:         #1190483 
Affected Products:
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for rsyslog fixes the following issues:

   - Fix memory leak when large number of internal messages are not processed
     and destructed (bsc#1190483)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3661=1



Package List:

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      rsyslog-8.24.0-3.55.1
      rsyslog-debuginfo-8.24.0-3.55.1
      rsyslog-debugsource-8.24.0-3.55.1
      rsyslog-diag-tools-8.24.0-3.55.1
      rsyslog-diag-tools-debuginfo-8.24.0-3.55.1
      rsyslog-doc-8.24.0-3.55.1
      rsyslog-module-gssapi-8.24.0-3.55.1
      rsyslog-module-gssapi-debuginfo-8.24.0-3.55.1
      rsyslog-module-gtls-8.24.0-3.55.1
      rsyslog-module-gtls-debuginfo-8.24.0-3.55.1
      rsyslog-module-mmnormalize-8.24.0-3.55.1
      rsyslog-module-mmnormalize-debuginfo-8.24.0-3.55.1
      rsyslog-module-mysql-8.24.0-3.55.1
      rsyslog-module-mysql-debuginfo-8.24.0-3.55.1
      rsyslog-module-pgsql-8.24.0-3.55.1
      rsyslog-module-pgsql-debuginfo-8.24.0-3.55.1
      rsyslog-module-relp-8.24.0-3.55.1
      rsyslog-module-relp-debuginfo-8.24.0-3.55.1
      rsyslog-module-snmp-8.24.0-3.55.1
      rsyslog-module-snmp-debuginfo-8.24.0-3.55.1
      rsyslog-module-udpspoof-8.24.0-3.55.1
      rsyslog-module-udpspoof-debuginfo-8.24.0-3.55.1


References:

   https://bugzilla.suse.com/1190483


From sle-updates at lists.suse.com  Mon Nov 15 23:19:34 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 00:19:34 +0100 (CET)
Subject: SUSE-SU-2021:3662-1: important: Security update for samba
Message-ID: <20211115231934.181D3FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3662-1
Rating:             important
References:         #1192601 
Cross-References:   CVE-2020-25717
CVSS scores:
                    CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:
                    SUSE Linux Enterprise Module for Python2 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise High Availability 15-SP3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for samba fixes the following issues:

   - Fix regression introduced by CVE-2020-25717 patches, winbindd does not
     start when 'allow trusted domains' is off; (bso#14899);


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Python2 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-3662=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3662=1

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3662=1



Package List:

   - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64):

      samba-ad-dc-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-ad-dc-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-debugsource-4.13.13+git.531.903f5c0ccdc-3.17.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      libdcerpc-binding0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libdcerpc-binding0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libdcerpc-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libdcerpc-samr-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libdcerpc-samr0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libdcerpc-samr0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libdcerpc0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libdcerpc0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-krb5pac-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-krb5pac0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-krb5pac0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-nbt-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-nbt0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-nbt0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-standard-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-standard0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-standard0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr1-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr1-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libnetapi-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libnetapi0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libnetapi0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-credentials-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-credentials0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-credentials0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-errors-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-errors0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-errors0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-hostconfig-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-hostconfig0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-hostconfig0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-passdb-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-passdb0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-passdb0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-policy-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-policy-python3-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-policy0-python3-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-policy0-python3-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-util-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-util0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-util0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamdb-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamdb0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamdb0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbclient-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbclient0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbclient0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbconf-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbconf0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbconf0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbldap-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbldap2-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbldap2-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libtevent-util-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libtevent-util0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libtevent-util0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libwbclient-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      libwbclient0-4.13.13+git.531.903f5c0ccdc-3.17.1
      libwbclient0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-client-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-client-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-core-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-debugsource-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-dsdb-modules-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-dsdb-modules-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-gpupdate-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-ldb-ldap-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-ldb-ldap-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-libs-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-libs-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-libs-python3-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-libs-python3-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-python3-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-python3-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-winbind-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-winbind-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):

      samba-ceph-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-ceph-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):

      libdcerpc-binding0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libdcerpc-binding0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libdcerpc0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libdcerpc0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-krb5pac0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-krb5pac0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-nbt0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-nbt0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-standard0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr-standard0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr1-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libndr1-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libnetapi0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libnetapi0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-credentials0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-credentials0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-errors0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-errors0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-hostconfig0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-hostconfig0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-passdb0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-passdb0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-util0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamba-util0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamdb0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsamdb0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbconf0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbconf0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbldap2-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libsmbldap2-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libtevent-util0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libtevent-util0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      libwbclient0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      libwbclient0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-libs-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-libs-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-winbind-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-winbind-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      ctdb-4.13.13+git.531.903f5c0ccdc-3.17.1
      ctdb-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
      samba-debugsource-4.13.13+git.531.903f5c0ccdc-3.17.1


References:

   https://www.suse.com/security/cve/CVE-2020-25717.html
   https://bugzilla.suse.com/1192601


From sle-updates at lists.suse.com  Mon Nov 15 23:21:02 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 00:21:02 +0100 (CET)
Subject: SUSE-RU-2021:3663-1: moderate: Recommended update for
 suse-module-tools
Message-ID: <20211115232102.66FA6FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for suse-module-tools
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3663-1
Rating:             moderate
References:         #1191804 
Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for suse-module-tools fixes the following issues:

   - Update to version 15.3.14:
     * more fixes for updates under secure boot
     * cert-script: Deal with existing $cert.delete file (bsc#1191804).


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3663=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3663=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      suse-module-tools-15.3.14-3.14.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      suse-module-tools-15.3.14-3.14.1


References:

   https://bugzilla.suse.com/1191804


From sle-updates at lists.suse.com  Tue Nov 16 07:41:19 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 08:41:19 +0100 (CET)
Subject: SUSE-CU-2021:508-1: Security update of suse/sles12sp3
Message-ID: <20211116074119.5AB6DFD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sles12sp3
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:508-1
Container Tags        : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.324 , suse/sles12sp3:latest
Container Release     : 24.324
Severity              : moderate
Type                  : security
References            : 1025709 1030066 1030803 1030805 1030807 1172973 1172974 CVE-2017-6004
                        CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 CVE-2019-20838
                        CVE-2020-14155 
-----------------------------------------------------------------

The container suse/sles12sp3 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3652-1
Released:    Wed Nov 10 17:41:22 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1025709,1030066,1030803,1030805,1030807,1172973,1172974,CVE-2017-6004,CVE-2017-7186,CVE-2017-7244,CVE-2017-7245,CVE-2017-7246,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973).
- CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807).
- CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805).
- CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803).
- CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066).
- CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709).


The following package changes have been done:

- libpcre1-8.45-8.7.1 updated

From sle-updates at lists.suse.com  Tue Nov 16 07:58:06 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 08:58:06 +0100 (CET)
Subject: SUSE-CU-2021:509-1: Security update of suse/sles12sp4
Message-ID: <20211116075806.25ADAFD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sles12sp4
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:509-1
Container Tags        : suse/sles12sp4:26.374 , suse/sles12sp4:latest
Container Release     : 26.374
Severity              : moderate
Type                  : security
References            : 1025709 1030066 1030803 1030805 1030807 1172973 1172974 CVE-2017-6004
                        CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 CVE-2019-20838
                        CVE-2020-14155 
-----------------------------------------------------------------

The container suse/sles12sp4 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3652-1
Released:    Wed Nov 10 17:41:22 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1025709,1030066,1030803,1030805,1030807,1172973,1172974,CVE-2017-6004,CVE-2017-7186,CVE-2017-7244,CVE-2017-7245,CVE-2017-7246,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973).
- CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807).
- CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805).
- CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803).
- CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066).
- CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709).


The following package changes have been done:

- base-container-licenses-3.0-1.249 updated
- libpcre1-8.45-8.7.1 updated

From sle-updates at lists.suse.com  Tue Nov 16 14:18:20 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 15:18:20 +0100 (CET)
Subject: SUSE-RU-2021:3664-1: moderate: Recommended update for pam
Message-ID: <20211116141820.0227BFD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for pam
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3664-1
Rating:             moderate
References:         SLE-22182 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that has 0 recommended fixes and contains one
   feature can now be installed.

Description:

   This update for pam fixes the following issues:

   - pam_cracklib: backported code to check whether the password contains a
     substring of of the user's name of at least <N> characters length in
     some form from SLE-15. (jsc#SLE-22182)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3664=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3664=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      pam-debuginfo-1.1.8-24.49.1
      pam-debugsource-1.1.8-24.49.1
      pam-devel-1.1.8-24.49.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      pam-1.1.8-24.49.1
      pam-debuginfo-1.1.8-24.49.1
      pam-debugsource-1.1.8-24.49.1
      pam-extra-1.1.8-24.49.1
      pam-extra-debuginfo-1.1.8-24.49.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):

      pam-32bit-1.1.8-24.49.1
      pam-debuginfo-32bit-1.1.8-24.49.1
      pam-extra-32bit-1.1.8-24.49.1
      pam-extra-debuginfo-32bit-1.1.8-24.49.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      pam-doc-1.1.8-24.49.1


References:



From sle-updates at lists.suse.com  Tue Nov 16 14:20:59 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 15:20:59 +0100 (CET)
Subject: SUSE-SU-2021:3665-1: Security update for drbd-utils
Message-ID: <20211116142059.658A7FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for drbd-utils
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3665-1
Rating:             low
References:         #1029961 #1185132 #1189363 SLE-21057 
Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.2
                    SUSE Linux Enterprise High Availability 15-SP3
______________________________________________________________________________

   An update that contains security fixes and contains one
   feature can now be installed.

Description:

   This update for drbd-utils fixes the following issues:

   - make all binaries position independent (basc#1185132).
   - Upgrade to 9.0.18 (bsc#1189363)
    * build: remove rpm related targets
    * drbdsetup,v84: fix minor compile warnings
    * systemd: resource specific activation
    * systemd: drbd-reactor promoter templates
    * doc: fix maximum ping timeout
    * doc: add man pages for the systemd templates
    * drbdadm,v9: fix dstate for diskless volumes
    * build/release: use lbvers.py
    * drbd-attr: don't leak fd to drbdsetup
    * doc: various fixes and additions
    * drbdsetup,events2,v9: add backing_device
    * build,Debian: rm dh-systemd dependency
    * drbdsetup,events2,v9: fix --poll regression
    * drbdmeta: fix bug with ALs with small final extents
    * build,Debian: rm mail recommends
    * drbdsetup,events2,v9: allow --poll without --now
    * drbdsetup,invalidate: allow bitmap based resync after verify
    * drbdadm,sh-ll-dev: change output to "none" if diskless
    * drbdadm,v9: allow set-gi in single node clusters
    * drbsetup,events2,v9: diff(erential) output
    * drbsetup,events2,v9: add --full output
    * v9: allow resource rename, also in drbdmon
    * drbdadm,v9: allow c-max-rate to be disabled
    * New drbd-attr Pacemaker RA
    * events2: handle mixed initial state and multicast events
    * events2: fix regression to always print resync done
   - Prepare '/usr' merge. (bsc#1029961)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.2:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3665=1

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3665=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64):

      drbd-utils-9.18.0-4.7.2
      drbd-utils-debuginfo-9.18.0-4.7.2
      drbd-utils-debugsource-9.18.0-4.7.2

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      drbd-utils-9.18.0-4.7.2
      drbd-utils-debuginfo-9.18.0-4.7.2
      drbd-utils-debugsource-9.18.0-4.7.2


References:

   https://bugzilla.suse.com/1029961
   https://bugzilla.suse.com/1185132
   https://bugzilla.suse.com/1189363


From sle-updates at lists.suse.com  Tue Nov 16 17:18:27 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 18:18:27 +0100 (CET)
Subject: SUSE-SU-2021:3671-1: important: Security update for java-11-openjdk
Message-ID: <20211116171827.0FE37FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for java-11-openjdk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3671-1
Rating:             important
References:         #1191901 #1191903 #1191904 #1191906 #1191909 
                    #1191910 #1191911 #1191912 #1191913 #1191914 
                    
Cross-References:   CVE-2021-35550 CVE-2021-35556 CVE-2021-35559
                    CVE-2021-35561 CVE-2021-35564 CVE-2021-35565
                    CVE-2021-35567 CVE-2021-35578 CVE-2021-35586
                    CVE-2021-35603
CVSS scores:
                    CVE-2021-35550 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-35550 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35561 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35561 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35567 (NVD) : 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
                    CVE-2021-35567 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
                    CVE-2021-35578 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35578 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35603 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-35603 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that fixes 10 vulnerabilities is now available.

Description:

   This update for java-11-openjdk fixes the following issues:

   Update to 11.0.13+8 (October 2021 CPU)

   - CVE-2021-35550, bsc#1191901: Update the default enabled cipher suites
     preference
   - CVE-2021-35565, bsc#1191909: com.sun.net.HttpsServer spins on TLS
     session close
   - CVE-2021-35556, bsc#1191910: Richer Text Editors
   - CVE-2021-35559, bsc#1191911: Enhanced style for RTF kit
   - CVE-2021-35561, bsc#1191912: Better hashing support
   - CVE-2021-35564, bsc#1191913: Improve Keystore integrity
   - CVE-2021-35567, bsc#1191903: More Constrained Delegation
   - CVE-2021-35578, bsc#1191904: Improve TLS client handshaking
   - CVE-2021-35586, bsc#1191914: Better BMP support
   - CVE-2021-35603, bsc#1191906: Better session identification
   - Improve Stream handling for SSL
   - Improve requests of certificates
   - Correct certificate requests
   - Enhance DTLS client handshake


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3671=1

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3671=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3671=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3671=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3671=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3671=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3671=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3671=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3671=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3671=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3671=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3671=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3671=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3671=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):

      java-11-openjdk-jmods-11.0.13.0-3.65.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):

      java-11-openjdk-javadoc-11.0.13.0-3.65.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64):

      java-11-openjdk-jmods-11.0.13.0-3.65.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch):

      java-11-openjdk-javadoc-11.0.13.0-3.65.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1

   - SUSE CaaS Platform 4.0 (x86_64):

      java-11-openjdk-11.0.13.0-3.65.1
      java-11-openjdk-debugsource-11.0.13.0-3.65.1
      java-11-openjdk-demo-11.0.13.0-3.65.1
      java-11-openjdk-devel-11.0.13.0-3.65.1
      java-11-openjdk-headless-11.0.13.0-3.65.1


References:

   https://www.suse.com/security/cve/CVE-2021-35550.html
   https://www.suse.com/security/cve/CVE-2021-35556.html
   https://www.suse.com/security/cve/CVE-2021-35559.html
   https://www.suse.com/security/cve/CVE-2021-35561.html
   https://www.suse.com/security/cve/CVE-2021-35564.html
   https://www.suse.com/security/cve/CVE-2021-35565.html
   https://www.suse.com/security/cve/CVE-2021-35567.html
   https://www.suse.com/security/cve/CVE-2021-35578.html
   https://www.suse.com/security/cve/CVE-2021-35586.html
   https://www.suse.com/security/cve/CVE-2021-35603.html
   https://bugzilla.suse.com/1191901
   https://bugzilla.suse.com/1191903
   https://bugzilla.suse.com/1191904
   https://bugzilla.suse.com/1191906
   https://bugzilla.suse.com/1191909
   https://bugzilla.suse.com/1191910
   https://bugzilla.suse.com/1191911
   https://bugzilla.suse.com/1191912
   https://bugzilla.suse.com/1191913
   https://bugzilla.suse.com/1191914


From sle-updates at lists.suse.com  Tue Nov 16 17:24:09 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 18:24:09 +0100 (CET)
Subject: SUSE-SU-2021:3674-1: important: Security update for samba
Message-ID: <20211116172409.855C9FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3674-1
Rating:             important
References:         #1014440 #1192284 
Cross-References:   CVE-2016-2124 CVE-2020-25717
CVSS scores:
                    CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Linux Enterprise High Availability 15-SP1
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for samba fixes the following issues:

   - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
     require kerberos (bsc#1014440).
   - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
     user could become root on domain members (bsc#1192284).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3674=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3674=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3674=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3674=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3674=1

   - SUSE Linux Enterprise High Availability 15-SP1:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-3674=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3674=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      libdcerpc-binding0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-python3-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-core-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debugsource-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):

      libdcerpc-binding0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      libdcerpc-binding0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-python3-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-core-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debugsource-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):

      libdcerpc-binding0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      libdcerpc-binding0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-python3-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-core-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debugsource-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      libdcerpc-binding0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-python3-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-core-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debugsource-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):

      libdcerpc-binding0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      libdcerpc-binding0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-python3-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-core-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debugsource-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):

      libdcerpc-binding0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):

      ctdb-4.9.5+git.471.5edbe3dcae7-3.57.2
      ctdb-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debugsource-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise High Availability 15-SP1 (aarch64_ilp32):

      libdcerpc-binding0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi-devel-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-64bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-64bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise High Availability 15-SP1 (aarch64):

      ctdb-pcp-pmda-4.9.5+git.471.5edbe3dcae7-3.57.2
      ctdb-pcp-pmda-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      ctdb-tests-4.9.5+git.471.5edbe3dcae7-3.57.2
      ctdb-tests-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-python-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-python3-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ceph-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ceph-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-core-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-test-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-test-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Linux Enterprise High Availability 15-SP1 (noarch):

      samba-doc-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      libdcerpc-binding0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-python3-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ceph-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ceph-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-core-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debugsource-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE Enterprise Storage 6 (x86_64):

      libdcerpc-binding0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2

   - SUSE CaaS Platform 4.0 (x86_64):

      libdcerpc-binding0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-binding0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc-samr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libdcerpc0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-krb5pac0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-nbt0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr-standard0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libndr0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libnetapi0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-credentials0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-errors0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-hostconfig0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-passdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy-python3-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-policy0-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamba-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsamdb0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbconf0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-4.9.5+git.471.5edbe3dcae7-3.57.2
      libsmbldap2-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libtevent-util0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-4.9.5+git.471.5edbe3dcae7-3.57.2
      libwbclient0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-ad-dc-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-client-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-core-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-debugsource-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-dsdb-modules-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-libs-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-python3-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-4.9.5+git.471.5edbe3dcae7-3.57.2
      samba-winbind-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2


References:

   https://www.suse.com/security/cve/CVE-2016-2124.html
   https://www.suse.com/security/cve/CVE-2020-25717.html
   https://bugzilla.suse.com/1014440
   https://bugzilla.suse.com/1192284


From sle-updates at lists.suse.com  Tue Nov 16 17:25:44 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 18:25:44 +0100 (CET)
Subject: SUSE-SU-2021:3670-1: important: Security update for tomcat
Message-ID: <20211116172544.5F4C5FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for tomcat
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3670-1
Rating:             important
References:         #1188278 #1188279 #1190558 
Cross-References:   CVE-2021-30640 CVE-2021-33037 CVE-2021-41079
                   
CVSS scores:
                    CVE-2021-30640 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
                    CVE-2021-30640 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
                    CVE-2021-33037 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-33037 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-41079 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for tomcat fixes the following issues:

   - CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
   - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1.
     clients (bsc#1188278).
   - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS
     packet (bsc#1190558).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3670=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3670=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3670=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3670=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      tomcat-9.0.36-3.84.1
      tomcat-admin-webapps-9.0.36-3.84.1
      tomcat-el-3_0-api-9.0.36-3.84.1
      tomcat-jsp-2_3-api-9.0.36-3.84.1
      tomcat-lib-9.0.36-3.84.1
      tomcat-servlet-4_0-api-9.0.36-3.84.1
      tomcat-webapps-9.0.36-3.84.1

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      tomcat-9.0.36-3.84.1
      tomcat-admin-webapps-9.0.36-3.84.1
      tomcat-el-3_0-api-9.0.36-3.84.1
      tomcat-jsp-2_3-api-9.0.36-3.84.1
      tomcat-lib-9.0.36-3.84.1
      tomcat-servlet-4_0-api-9.0.36-3.84.1
      tomcat-webapps-9.0.36-3.84.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      tomcat-9.0.36-3.84.1
      tomcat-admin-webapps-9.0.36-3.84.1
      tomcat-el-3_0-api-9.0.36-3.84.1
      tomcat-jsp-2_3-api-9.0.36-3.84.1
      tomcat-lib-9.0.36-3.84.1
      tomcat-servlet-4_0-api-9.0.36-3.84.1
      tomcat-webapps-9.0.36-3.84.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      tomcat-9.0.36-3.84.1
      tomcat-admin-webapps-9.0.36-3.84.1
      tomcat-el-3_0-api-9.0.36-3.84.1
      tomcat-jsp-2_3-api-9.0.36-3.84.1
      tomcat-lib-9.0.36-3.84.1
      tomcat-servlet-4_0-api-9.0.36-3.84.1
      tomcat-webapps-9.0.36-3.84.1


References:

   https://www.suse.com/security/cve/CVE-2021-30640.html
   https://www.suse.com/security/cve/CVE-2021-33037.html
   https://www.suse.com/security/cve/CVE-2021-41079.html
   https://bugzilla.suse.com/1188278
   https://bugzilla.suse.com/1188279
   https://bugzilla.suse.com/1190558


From sle-updates at lists.suse.com  Tue Nov 16 17:27:20 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 18:27:20 +0100 (CET)
Subject: SUSE-SU-2021:3673-1: important: Security update for samba
Message-ID: <20211116172720.08AC7FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3673-1
Rating:             important
References:         #1014440 #1192284 
Cross-References:   CVE-2016-2124 CVE-2020-25717
CVSS scores:
                    CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for samba fixes the following issues:

   - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
     require kerberos (bsc#1014440).
   - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
     user could become root on domain members (bsc#1192284).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3673=1



Package List:

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      libdcerpc-binding0-32bit-4.4.2-38.45.2
      libdcerpc-binding0-4.4.2-38.45.2
      libdcerpc-binding0-debuginfo-32bit-4.4.2-38.45.2
      libdcerpc-binding0-debuginfo-4.4.2-38.45.2
      libdcerpc0-32bit-4.4.2-38.45.2
      libdcerpc0-4.4.2-38.45.2
      libdcerpc0-debuginfo-32bit-4.4.2-38.45.2
      libdcerpc0-debuginfo-4.4.2-38.45.2
      libndr-krb5pac0-32bit-4.4.2-38.45.2
      libndr-krb5pac0-4.4.2-38.45.2
      libndr-krb5pac0-debuginfo-32bit-4.4.2-38.45.2
      libndr-krb5pac0-debuginfo-4.4.2-38.45.2
      libndr-nbt0-32bit-4.4.2-38.45.2
      libndr-nbt0-4.4.2-38.45.2
      libndr-nbt0-debuginfo-32bit-4.4.2-38.45.2
      libndr-nbt0-debuginfo-4.4.2-38.45.2
      libndr-standard0-32bit-4.4.2-38.45.2
      libndr-standard0-4.4.2-38.45.2
      libndr-standard0-debuginfo-32bit-4.4.2-38.45.2
      libndr-standard0-debuginfo-4.4.2-38.45.2
      libndr0-32bit-4.4.2-38.45.2
      libndr0-4.4.2-38.45.2
      libndr0-debuginfo-32bit-4.4.2-38.45.2
      libndr0-debuginfo-4.4.2-38.45.2
      libnetapi0-32bit-4.4.2-38.45.2
      libnetapi0-4.4.2-38.45.2
      libnetapi0-debuginfo-32bit-4.4.2-38.45.2
      libnetapi0-debuginfo-4.4.2-38.45.2
      libsamba-credentials0-32bit-4.4.2-38.45.2
      libsamba-credentials0-4.4.2-38.45.2
      libsamba-credentials0-debuginfo-32bit-4.4.2-38.45.2
      libsamba-credentials0-debuginfo-4.4.2-38.45.2
      libsamba-errors0-32bit-4.4.2-38.45.2
      libsamba-errors0-4.4.2-38.45.2
      libsamba-errors0-debuginfo-32bit-4.4.2-38.45.2
      libsamba-errors0-debuginfo-4.4.2-38.45.2
      libsamba-hostconfig0-32bit-4.4.2-38.45.2
      libsamba-hostconfig0-4.4.2-38.45.2
      libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.45.2
      libsamba-hostconfig0-debuginfo-4.4.2-38.45.2
      libsamba-passdb0-32bit-4.4.2-38.45.2
      libsamba-passdb0-4.4.2-38.45.2
      libsamba-passdb0-debuginfo-32bit-4.4.2-38.45.2
      libsamba-passdb0-debuginfo-4.4.2-38.45.2
      libsamba-util0-32bit-4.4.2-38.45.2
      libsamba-util0-4.4.2-38.45.2
      libsamba-util0-debuginfo-32bit-4.4.2-38.45.2
      libsamba-util0-debuginfo-4.4.2-38.45.2
      libsamdb0-32bit-4.4.2-38.45.2
      libsamdb0-4.4.2-38.45.2
      libsamdb0-debuginfo-32bit-4.4.2-38.45.2
      libsamdb0-debuginfo-4.4.2-38.45.2
      libsmbclient0-32bit-4.4.2-38.45.2
      libsmbclient0-4.4.2-38.45.2
      libsmbclient0-debuginfo-32bit-4.4.2-38.45.2
      libsmbclient0-debuginfo-4.4.2-38.45.2
      libsmbconf0-32bit-4.4.2-38.45.2
      libsmbconf0-4.4.2-38.45.2
      libsmbconf0-debuginfo-32bit-4.4.2-38.45.2
      libsmbconf0-debuginfo-4.4.2-38.45.2
      libsmbldap0-32bit-4.4.2-38.45.2
      libsmbldap0-4.4.2-38.45.2
      libsmbldap0-debuginfo-32bit-4.4.2-38.45.2
      libsmbldap0-debuginfo-4.4.2-38.45.2
      libtevent-util0-32bit-4.4.2-38.45.2
      libtevent-util0-4.4.2-38.45.2
      libtevent-util0-debuginfo-32bit-4.4.2-38.45.2
      libtevent-util0-debuginfo-4.4.2-38.45.2
      libwbclient0-32bit-4.4.2-38.45.2
      libwbclient0-4.4.2-38.45.2
      libwbclient0-debuginfo-32bit-4.4.2-38.45.2
      libwbclient0-debuginfo-4.4.2-38.45.2
      samba-4.4.2-38.45.2
      samba-client-32bit-4.4.2-38.45.2
      samba-client-4.4.2-38.45.2
      samba-client-debuginfo-32bit-4.4.2-38.45.2
      samba-client-debuginfo-4.4.2-38.45.2
      samba-debuginfo-4.4.2-38.45.2
      samba-debugsource-4.4.2-38.45.2
      samba-libs-32bit-4.4.2-38.45.2
      samba-libs-4.4.2-38.45.2
      samba-libs-debuginfo-32bit-4.4.2-38.45.2
      samba-libs-debuginfo-4.4.2-38.45.2
      samba-winbind-32bit-4.4.2-38.45.2
      samba-winbind-4.4.2-38.45.2
      samba-winbind-debuginfo-32bit-4.4.2-38.45.2
      samba-winbind-debuginfo-4.4.2-38.45.2

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

      samba-doc-4.4.2-38.45.2


References:

   https://www.suse.com/security/cve/CVE-2016-2124.html
   https://www.suse.com/security/cve/CVE-2020-25717.html
   https://bugzilla.suse.com/1014440
   https://bugzilla.suse.com/1192284


From sle-updates at lists.suse.com  Tue Nov 16 17:28:45 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 18:28:45 +0100 (CET)
Subject: SUSE-RU-2021:3666-1: moderate: Recommended update for cloud-netconfig
Message-ID: <20211116172845.7CDB4FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for cloud-netconfig
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3666-1
Rating:             moderate
References:         #1187939 
Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for cloud-netconfig contains the following fixes:

   - Update to version 1.6:
     + Ignore proxy when accessing metadata (bsc#1187939)
     + Print warning in case metadata is not accessible
     + Documentation update


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-3666=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 12 (noarch):

      cloud-netconfig-azure-1.6-24.1
      cloud-netconfig-ec2-1.6-24.1
      cloud-netconfig-gce-1.6-24.1


References:

   https://bugzilla.suse.com/1187939


From sle-updates at lists.suse.com  Tue Nov 16 17:30:06 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 18:30:06 +0100 (CET)
Subject: SUSE-SU-2021:3672-1: moderate: Security update for tomcat
Message-ID: <20211116173006.02346FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for tomcat
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3672-1
Rating:             moderate
References:         #1188278 #1188279 #1190558 
Cross-References:   CVE-2021-30640 CVE-2021-33037 CVE-2021-41079
                   
CVSS scores:
                    CVE-2021-30640 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
                    CVE-2021-30640 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
                    CVE-2021-33037 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-33037 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-41079 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Web Scripting 15-SP3
                    SUSE Linux Enterprise Module for Web Scripting 15-SP2
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for tomcat fixes the following issues:

   - CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
   - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1.
     clients (bsc#1188278).
   - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS
     packet (bsc#1190558).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Web Scripting 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-3672=1

   - SUSE Linux Enterprise Module for Web Scripting 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-3672=1



Package List:

   - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch):

      tomcat-9.0.36-13.1
      tomcat-admin-webapps-9.0.36-13.1
      tomcat-el-3_0-api-9.0.36-13.1
      tomcat-jsp-2_3-api-9.0.36-13.1
      tomcat-lib-9.0.36-13.1
      tomcat-servlet-4_0-api-9.0.36-13.1
      tomcat-webapps-9.0.36-13.1

   - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch):

      tomcat-9.0.36-13.1
      tomcat-admin-webapps-9.0.36-13.1
      tomcat-el-3_0-api-9.0.36-13.1
      tomcat-jsp-2_3-api-9.0.36-13.1
      tomcat-lib-9.0.36-13.1
      tomcat-servlet-4_0-api-9.0.36-13.1
      tomcat-webapps-9.0.36-13.1


References:

   https://www.suse.com/security/cve/CVE-2021-30640.html
   https://www.suse.com/security/cve/CVE-2021-33037.html
   https://www.suse.com/security/cve/CVE-2021-41079.html
   https://bugzilla.suse.com/1188278
   https://bugzilla.suse.com/1188279
   https://bugzilla.suse.com/1190558


From sle-updates at lists.suse.com  Tue Nov 16 17:31:48 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 18:31:48 +0100 (CET)
Subject: SUSE-SU-2021:3669-1: important: Security update for tomcat
Message-ID: <20211116173148.F3C04FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for tomcat
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3669-1
Rating:             important
References:         #1188278 #1188279 #1190558 
Cross-References:   CVE-2021-30640 CVE-2021-33037 CVE-2021-41079
                   
CVSS scores:
                    CVE-2021-30640 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
                    CVE-2021-30640 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
                    CVE-2021-33037 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-33037 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-41079 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for tomcat fixes the following issues:

   - CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
   - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1.
     clients (bsc#1188278).
   - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS
     packet (bsc#1190558).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3669=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3669=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3669=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3669=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3669=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3669=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

      tomcat-9.0.36-4.63.1
      tomcat-admin-webapps-9.0.36-4.63.1
      tomcat-el-3_0-api-9.0.36-4.63.1
      tomcat-jsp-2_3-api-9.0.36-4.63.1
      tomcat-lib-9.0.36-4.63.1
      tomcat-servlet-4_0-api-9.0.36-4.63.1
      tomcat-webapps-9.0.36-4.63.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

      tomcat-9.0.36-4.63.1
      tomcat-admin-webapps-9.0.36-4.63.1
      tomcat-el-3_0-api-9.0.36-4.63.1
      tomcat-jsp-2_3-api-9.0.36-4.63.1
      tomcat-lib-9.0.36-4.63.1
      tomcat-servlet-4_0-api-9.0.36-4.63.1
      tomcat-webapps-9.0.36-4.63.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

      tomcat-9.0.36-4.63.1
      tomcat-admin-webapps-9.0.36-4.63.1
      tomcat-el-3_0-api-9.0.36-4.63.1
      tomcat-jsp-2_3-api-9.0.36-4.63.1
      tomcat-lib-9.0.36-4.63.1
      tomcat-servlet-4_0-api-9.0.36-4.63.1
      tomcat-webapps-9.0.36-4.63.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

      tomcat-9.0.36-4.63.1
      tomcat-admin-webapps-9.0.36-4.63.1
      tomcat-el-3_0-api-9.0.36-4.63.1
      tomcat-jsp-2_3-api-9.0.36-4.63.1
      tomcat-lib-9.0.36-4.63.1
      tomcat-servlet-4_0-api-9.0.36-4.63.1
      tomcat-webapps-9.0.36-4.63.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

      tomcat-9.0.36-4.63.1
      tomcat-admin-webapps-9.0.36-4.63.1
      tomcat-el-3_0-api-9.0.36-4.63.1
      tomcat-jsp-2_3-api-9.0.36-4.63.1
      tomcat-lib-9.0.36-4.63.1
      tomcat-servlet-4_0-api-9.0.36-4.63.1
      tomcat-webapps-9.0.36-4.63.1

   - SUSE Enterprise Storage 6 (noarch):

      tomcat-9.0.36-4.63.1
      tomcat-admin-webapps-9.0.36-4.63.1
      tomcat-el-3_0-api-9.0.36-4.63.1
      tomcat-jsp-2_3-api-9.0.36-4.63.1
      tomcat-lib-9.0.36-4.63.1
      tomcat-servlet-4_0-api-9.0.36-4.63.1
      tomcat-webapps-9.0.36-4.63.1

   - SUSE CaaS Platform 4.0 (noarch):

      tomcat-9.0.36-4.63.1
      tomcat-admin-webapps-9.0.36-4.63.1
      tomcat-el-3_0-api-9.0.36-4.63.1
      tomcat-jsp-2_3-api-9.0.36-4.63.1
      tomcat-lib-9.0.36-4.63.1
      tomcat-servlet-4_0-api-9.0.36-4.63.1
      tomcat-webapps-9.0.36-4.63.1


References:

   https://www.suse.com/security/cve/CVE-2021-30640.html
   https://www.suse.com/security/cve/CVE-2021-33037.html
   https://www.suse.com/security/cve/CVE-2021-41079.html
   https://bugzilla.suse.com/1188278
   https://bugzilla.suse.com/1188279
   https://bugzilla.suse.com/1190558


From sle-updates at lists.suse.com  Tue Nov 16 20:17:31 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 16 Nov 2021 21:17:31 +0100 (CET)
Subject: SUSE-SU-2021:3675-1: important: Security update for the Linux Kernel
Message-ID: <20211116201731.1A671FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3675-1
Rating:             important
References:         #1065729 #1085030 #1089118 #1094840 #1133021 
                    #1152472 #1152489 #1154353 #1156395 #1157177 
                    #1167773 #1172073 #1173604 #1176447 #1176774 
                    #1176914 #1176940 #1178134 #1180100 #1180749 
                    #1181147 #1184673 #1185762 #1186063 #1186109 
                    #1187167 #1188563 #1188601 #1189841 #1190006 
                    #1190067 #1190349 #1190351 #1190479 #1190620 
                    #1190642 #1190795 #1190801 #1190941 #1191229 
                    #1191240 #1191241 #1191315 #1191317 #1191349 
                    #1191384 #1191449 #1191450 #1191451 #1191452 
                    #1191455 #1191456 #1191628 #1191645 #1191663 
                    #1191731 #1191800 #1191851 #1191867 #1191934 
                    #1191958 #1191980 #1192040 #1192041 #1192074 
                    #1192107 #1192145 #1192229 #1192267 #1192288 
                    #1192549 
Cross-References:   CVE-2021-33033 CVE-2021-34866 CVE-2021-3542
                    CVE-2021-3655 CVE-2021-3715 CVE-2021-37159
                    CVE-2021-3760 CVE-2021-3772 CVE-2021-3896
                    CVE-2021-41864 CVE-2021-42008 CVE-2021-42252
                    CVE-2021-42739 CVE-2021-43056 CVE-2021-43389
                   
CVSS scores:
                    CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-34866 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
                    CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Workstation Extension 15-SP3
                    SUSE Linux Enterprise Module for Live Patching 15-SP3
                    SUSE Linux Enterprise Module for Legacy Software 15-SP3
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise High Availability 15-SP3
______________________________________________________________________________

   An update that solves 15 vulnerabilities and has 56 fixes
   is now available.

Description:



   The following security bugs were fixed:

   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
     (bsc#1186063).
   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
     (bsc#1188563).
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
   - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
     drivers/isdn/capi/kcapi.c (bsc#1191958).
   - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in
     net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the
     DOI definitions is mishandled (bsc#1186109).
   - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation
     Vulnerability (bsc#1191645).
   - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called
     without checking for the NETREG_REGISTERED state, leading to a
     use-after-free and a double free (bnc#1188601).
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access
     (bsc#1191315).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
     (bnc#1190479).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
     Power8 (bnc#1192107).
   - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the
     detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).

   The following non-security bugs were fixed:

   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - ACPI: bgrt: Fix CFI violation (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ACPI: NFIT: Use fallback node id when numa info in NFIT table is
     incorrect (git-fixes).
   - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
   - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
   - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
     (git-fixes).
   - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors
     (bsc#1190801).
   - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
   - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
   - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
   - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
     (git-fixes).
   - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560
     laptop (git-fixes).
   - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo
     13s Gen2 (git-fixes).
   - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14
     (git-fixes).
   - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
     (git-fixes).
   - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i
     15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).
   - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes).
   - ALSA: hda: Use position buffer for SKL+ again (git-fixes).
   - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
     (git-fixes).
   - ALSA: seq: Fix a potential UAF by wrong private_free call order
     (git-fixes).
   - ALSA: ua101: fix division by zero at probe (git-fixes).
   - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes).
   - ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
   - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
   - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).
   - ASoC: cs42l42: Correct some register default values (git-fixes).
   - ASoC: cs42l42: Defer probe if request_threaded_irq() returns
     EPROBE_DEFER (git-fixes).
   - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes).
   - ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
   - ASoC: dapm: use component prefix when checking widget names (git-fixes).
   - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes).
   - ASoC: fsl_spdif: register platform component before registering cpu dai
     (git-fixes).
   - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for
     the matching in-/output (git-fixes).
   - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
     (git-fixes).
   - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).
   - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).
   - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
   - ASoC: rockchip: Use generic dmaengine code (git-fixes).
   - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types
     (git-fixes).
   - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types
     (git-fixes).
   - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
     (git-fixes).
   - ASoC: SOF: topology: do not power down primary core during topology
     removal (git-fixes).
   - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes).
   - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
   - ata: ahci_platform: fix null-ptr-deref in
     ahci_platform_enable_regulators() (git-fixes).
   - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
     (git-fixes).
   - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes).
   - ath10k: fix control-message timeout (git-fixes).
   - ath10k: fix division by zero in send path (git-fixes).
   - ath10k: fix max antenna gain unit (git-fixes).
   - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
   - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes).
   - ath6kl: fix control-message timeout (git-fixes).
   - ath6kl: fix division by zero in send path (git-fixes).
   - ath9k: Fix potential interrupt storm on queue reset (git-fixes).
   - audit: fix possible null-pointer dereference in audit_filter_rules
     (git-fixes).
   - b43: fix a lower bounds test (git-fixes).
   - b43legacy: fix a lower bounds test (git-fixes).
   - bfq: Remove merged request already in bfq_requests_merged()
     (bsc#1191456).
   - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
     (bsc#1191452).
   - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
   - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes).
   - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes).
   - bnxt_en: Fix TX timeout when TX ring size is set to the smallest
     (git-fixes).
   - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem()
     (jsc#SLE-16649).
   - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
     (git-fixes).
   - bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
   - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
   - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
   - can: dev: can_restart: fix use after free bug (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: fix use after free bugs (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
     error path (git-fixes).
   - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
   - cb710: avoid NULL pointer subtraction (git-fixes).
   - ceph: fix handling of "meta" errors (bsc#1192041).
   - ceph: skip existing superblocks that are blocklisted or shut down when
     mounting (bsc#1192040).
   - cfg80211: correct bridge/4addr mode check (git-fixes).
   - cfg80211: fix management registrations locking (git-fixes).
   - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
   - Configure mpi3mr as currently unsupported (jsc#SLE-18120)
   - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614
     bsc#1176914 ltc#186394 git-fixes).
   - driver core: add a min_align_mask field to struct device_dma_parameters
     (bsc#1191851).
   - drm/amd/display: Pass PCI deviceid into DC (git-fixes).
   - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
   - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes).
   - drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
   - drm/amdgpu: fix warning for overflow check (git-fixes).
   - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes).
   - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read
     (git-fixes).
   - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: 	*
     context changes in intel_timeline_fini()
   - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes).
   - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
   - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
     (git-fixes).
   - drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
   - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
   - drm/msm: potential error pointer dereference in init() (git-fixes).
   - drm/msm: uninitialized variable in msm_gem_import() (git-fixes).
   - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
   - drm/nouveau/debugfs: fix file release memory leak (git-fixes).
   - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
   - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows
     (git-fixes).
   - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
   - drm/panfrost: Make sure MMU context lifetime is not bound to
     (bsc#1152472)
   - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
   - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
   - drm/ttm: stop calling tt_swapin in vm_access (git-fixes).
   - drm/v3d: fix wait for TMU write combiner flush (git-fixes).
   - e1000e: Drop patch to avoid regressions until real fix is available
     (bsc#1191663).
   - e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - e100: handle eeprom as little endian (git-fixes).
   - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh
     (bsc#1192288).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - ext4: report correct st_size for encrypted symlinks (bsc#1191449).
   - firmware/psci: fix application of sizeof to pointer (git-fixes).
   - fscrypt: add fscrypt_symlink_getattr() for computing st_size
     (bsc#1191449).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
   - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
   - gpio: pca953x: Improve bias setting (git-fixes).
   - gve: Avoid freeing NULL pointer (git-fixes).
   - gve: Correct available tx qpl check (git-fixes).
   - gve: fix gve_get_stats() (git-fixes).
   - gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
   - gve: report 64bit tx_bytes counter from gve_handle_report_stats()
     (bsc#1176940).
   - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
     (git-fixes).
   - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
   - HID: u2fzero: ignore incomplete packets without data (git-fixes).
   - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
   - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
     (git-fixes).
   - hso: fix bailout in error case of probe (git-fixes).
   - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes).
   - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
   - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of
     lm25066_coeff (git-fixes).
   - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
   - i2c: acpi: fix resource leak in reconfiguration device addition
     (git-fixes).
   - i40e: Fix ATR queue selection (git-fixes).
   - i40e: fix endless loop under rtnl (git-fixes).
   - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
   - iavf: fix double unlock of crit_lock (git-fixes).
   - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
   - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
   - ice: fix getting UDP tunnel entry (jsc#SLE-12878).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
     (git-fixes).
   - iio: adc: aspeed: set driver data when adc probe (git-fixes).
   - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
   - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
   - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
   - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
     (git-fixes).
   - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
   - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980).
   - Input: snvs_pwrkey - add clk handling (git-fixes).
   - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
   - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
   - isdn: mISDN: Fix sleeping function called from invalid context
     (git-fixes).
   - iwlwifi: mvm: fix some kerneldoc issues (git-fixes).
   - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15
     (git-fixes).
   - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
   - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
   - kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
   - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes).
   - kABI workaround for HD-audio probe retry changes (bsc#1190801).
   - kernel-binary.spec: Do not sign kernel when no key provided
     (bsc#1187167).
   - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167
     bsc#1191240 ltc#194716).
   - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
     well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating
     (bsc#1189841).")
   - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
   - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936
     git-fixes).
   - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
     SPRs are live (bsc#1156395).
   - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
     (bsc#1156395).
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
     registers (bsc#1156395).
   - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
   - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
   - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer
     (bsc#1133021).
   - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
   - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
   - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021).
   - lan78xx: select CRC32 (git-fixes).
   - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
     (git-fixes).
   - libertas: Fix possible memory leak in probe and disconnect (git-fixes).
   - libertas_tf: Fix possible memory leak in probe and disconnect
     (git-fixes).
   - mac80211: check return value of rhashtable_init (git-fixes).
   - mac80211: Drop frames from invalid MAC address in ad-hoc mode
     (git-fixes).
   - media: cedrus: Fix SUNXI tile size calculation (git-fixes).
   - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
   - media: cxd2880-spi: Fix a null pointer dereference on error handling
     path (git-fixes).
   - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
     (git-fixes).
   - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
   - media: em28xx: add missing em28xx_close_extension (git-fixes).
   - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes).
   - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
   - media: ite-cir: IR receiver stop working after receive overflow
     (git-fixes).
   - media: mtk-vpu: Fix a resource leak in the error handling path of
     'mtk_vpu_probe()' (git-fixes).
   - media: mxl111sf: change mutex_init() location (git-fixes).
   - media: radio-wl1273: Avoid card name truncation (git-fixes).
   - media: si470x: Avoid card name truncation (git-fixes).
   - media: staging/intel-ipu3: css: Fix wrong size comparison
     imgu_css_fw_init (git-fixes).
   - media: TDA1997x: handle short reads of hdmi info frame (git-fixes).
   - media: tm6000: Avoid card name truncation (git-fixes).
   - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
   - media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
   - mei: me: add Ice Lake-N device id (git-fixes).
   - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
     (git-fixes).
   - memstick: avoid out-of-range warning (git-fixes).
   - memstick: jmb38x_ms: use appropriate free function in
     jmb38x_ms_alloc_host() (git-fixes).
   - mlx5: count all link events (git-fixes).
   - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
   - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
   - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
     (git-fixes).
   - mmc: mxs-mmc: disable regulator on error and in the remove function
     (git-fixes).
   - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes).
   - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not
     configured (git-fixes).
   - mmc: vub300: fix control-message timeouts (git-fixes).
   - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi
     (git-fixes).
   - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes).
   - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes).
   - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes).
   - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes).
   - mwifiex: fix division by zero in fw download path (git-fixes).
   - mwifiex: Send DELBA requests according to spec (git-fixes).
   - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
   - net: batman-adv: fix error handling (git-fixes).
   - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
     (git-fixes).
   - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
     (git-fixes).
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
   - netfilter: Drop fragmented ndisc packets assembled in netfilter
     (git-fixes).
   - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has
     garbage value (bsc#1176447).
   - net: hns3: check queue id range before using (jsc#SLE-14777).
   - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
     (git-fixes).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: lan78xx: fix division by zero in send path (git-fixes).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
     bsc#1191800).
   - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
   - net/mlx4_en: Resolve bad operstate value (git-fixes).
   - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
   - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
   - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and
     LRO combined (jsc#SLE-15172).
   - net/mlx5: E-Switch, Fix double allocation of acl flow counter
     (jsc#SLE-15172).
   - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
   - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
   - net/sched: ets: fix crash when flipping from 'strict' to 'quantum'
     (bsc#1176774).
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
     (git-fixes).
   - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
     (git-fixes).
   - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
     (git-fixes).
   - nfc: fix error handling of nfc_proto_register() (git-fixes).
   - nfc: port100: fix using -ERRNO as command type mask (git-fixes).
   - nfs: dir_cookie is a pointer to the cookie in older kernels, not the
     cookie itself. (bsc#1191628 bsc#1192549).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - nvme: add command id quirk for apple controllers (git-fixes).
   - nvme-fc: avoid race between time out and tear down (bsc#1185762).
   - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
   - nvme-fc: update hardware queues before using them (bsc#1185762).
   - nvme-pci: Fix abort command id (git-fixes).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme-pci: set min_align_mask (bsc#1191851).
   - ocfs2: fix data corruption after conversion from inline format
     (bsc#1190795).
   - pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
   - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
     (git-fixes).
   - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes
     (git-fixes).
   - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
     run_smbios_call (git-fixes).
   - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes).
   - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
   - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
   - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails
     (git-fixes).
   - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent
     (git-fixes).
   - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
   - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
   - PM: sleep: Do not let "syscore" devices runtime-suspend during system
     transitions (git-fixes).
   - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847
     git-fixes).
   - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash
     (jsc#SLE-13847 git-fixes).
   - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time()
     (jsc#SLE-9246 git-fixes).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe,
     code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
   - powerpc: Do not use 'struct ppc_inst' to reference instruction location
     (jsc#SLE-13847 git-fixes).
   - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable
     code in tests (jsc#SLE-13847 git-fixes).
   - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static
     (jsc#SLE-13847 git-fixes).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100
     ltc#190257 git-fixes).
   - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
     git-fixes).
   - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100
     ltc#190257 git-fixes).
   - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2
     (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615
     bsc#1180100 ltc#190257 git-fixes).
   - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847
     git-fixes).
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
     (git-fixes).
   - ptp_pch: Load module automatically if ID matches (git-fixes).
   - ptp_pch: Restore dependency on PCI (git-fixes).
   - qed: Fix missing error code in qed_slowpath_start() (git-fixes).
   - qed: Handle management FW error (git-fixes).
   - qed: rdma - do not wait for resources under hw error recovery flow
     (git-fixes).
   - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147).
   - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
     (bsc#1181147).
   - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
   - regulator: dt-bindings: samsung,s5m8767: correct
     s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
   - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is
     disabled (git-fixes).
   - rpm: fix kmp install path
   - rpm: use _rpmmacrodir (boo#1191384)
   - rsi: fix control-message timeout (git-fixes).
   - rsi: Fix module dev_oper_mode parameter description (git-fixes).
   - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes).
   - rtl8187: fix control-message timeouts (git-fixes).
   - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867
     ltc#194757).
   - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim
     (git-fixes).
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
     (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
     (bsc#1192145).
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
     (bsc#1191349).
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120).
   - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
   - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
   - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
   - scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
   - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for device add/remove event handling
     (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
   - scsi: mpi3mr: Add support for timestamp sync with firmware
     (jsc#SLE-18120).
   - scsi: mpi3mr: Allow certain commands during pci-remove hook
     (jsc#SLE-18120).
   - scsi: mpi3mr: Base driver code (jsc#SLE-18120).
   - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
   - scsi: mpi3mr: Create operational request and reply queue pair
     (jsc#SLE-18120).
   - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes).
   - scsi: mpi3mr: Fix missing unlock on error (git-fixes).
   - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives
     (jsc#SLE-18120).
   - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120).
   - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
   - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120).
   - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
   - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (jsc#SLE-18120).
   - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI
     (jsc#SLE-18120).
   - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O
     timeout (jsc#SLE-18120).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
     (bsc#1190941).
   - scsi: qla2xxx: Check for firmware capability before creating QPair
     (bsc#1190941).
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
     (bsc#1190941).
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
     (bsc#1190941).
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
     (bsc#1190941).
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
     (bsc#1190941).
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
     (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
     (bsc#1190941).
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
     (bsc#1190941).
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190941).
   - scsi: target: Fix the pgr/alua_support_store functions (git-fixes).
   - sctp: check asoc peer.asconf_capable before processing asconf
     (bsc#1190351).
   - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
   - spi: spi-nxp-fspi: do not depend on a specific node name erratum
     workaround (git-fixes).
   - swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
   - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
   - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single
     (bsc#1191851).
   - swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
   - swiotlb: factor out a nr_slots helper (bsc#1191851).
   - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
   - swiotlb: respect min_align_mask (bsc#1191851).
   - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
   - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
     (bsc#1065729).
   - Update patch reference for AMDGPU fix (bsc#1180749)
   - USB: cdc-acm: clean up probe error labels (git-fixes).
   - USB: cdc-acm: fix minor-number release (git-fixes).
   - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes).
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: hso: remove the bailout parameter (git-fixes).
   - usb: musb: dsps: Fix the probe error path (git-fixes).
   - usbnet: fix error return code in usbnet_probe() (git-fixes).
   - usbnet: sanity check for maxpacket (git-fixes).
   - USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
   - USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
   - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
   - USB: serial: qcserial: add EM9191 QDL support (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - video: fbdev: gbefb: Only instantiate device when built for IP32
     (git-fixes).
   - virtio-gpu: fix possible memory allocation failure (git-fixes).
   - virtio: write back F_VERSION_1 before validate (git-fixes).
   - watchdog: orion: use 0 for unset heartbeat (git-fixes).
   - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's
     complement (git-fixes).
   - wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
   - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
   - x86/ioapic: Force affinity setup before startup (bsc#1152489).
   - x86/msi: Force affinity setup before startup (bsc#1152489).
   - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
   - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
     (bsc#1152489).
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
     (bsc#1152489).
   - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0]
     (bsc#1178134).
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: do not allow log writes if the data device is readonly
     (bsc#1192229).
   - xfs: ensure that the inode uid/gid match values match the icdinode ones
     (bsc#1190006).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: fix I_DONTCACHE (bsc#1192074).
   - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
     (bsc#1190642).
   - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
   - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
   - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
     (git-fixes).
   - xhci: Fix command ring pointer corruption while aborting a command
     (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3675=1

   - SUSE Linux Enterprise Workstation Extension 15-SP3:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3675=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3675=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-3675=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3675=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3675=1

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3675=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      kernel-default-5.3.18-59.34.1
      kernel-default-base-5.3.18-59.34.1.18.21.1
      kernel-default-debuginfo-5.3.18-59.34.1
      kernel-default-debugsource-5.3.18-59.34.1

   - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):

      kernel-default-debuginfo-5.3.18-59.34.1
      kernel-default-debugsource-5.3.18-59.34.1
      kernel-default-extra-5.3.18-59.34.1
      kernel-default-extra-debuginfo-5.3.18-59.34.1
      kernel-preempt-debuginfo-5.3.18-59.34.1
      kernel-preempt-debugsource-5.3.18-59.34.1
      kernel-preempt-extra-5.3.18-59.34.1
      kernel-preempt-extra-debuginfo-5.3.18-59.34.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-59.34.1
      kernel-default-debugsource-5.3.18-59.34.1
      kernel-default-livepatch-5.3.18-59.34.1
      kernel-default-livepatch-devel-5.3.18-59.34.1
      kernel-livepatch-5_3_18-59_34-default-1-7.3.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-59.34.1
      kernel-default-debugsource-5.3.18-59.34.1
      reiserfs-kmp-default-5.3.18-59.34.1
      reiserfs-kmp-default-debuginfo-5.3.18-59.34.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-5.3.18-59.34.1
      kernel-obs-build-debugsource-5.3.18-59.34.1
      kernel-syms-5.3.18-59.34.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):

      kernel-preempt-debuginfo-5.3.18-59.34.1
      kernel-preempt-debugsource-5.3.18-59.34.1
      kernel-preempt-devel-5.3.18-59.34.1
      kernel-preempt-devel-debuginfo-5.3.18-59.34.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):

      kernel-docs-5.3.18-59.34.1
      kernel-source-5.3.18-59.34.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-5.3.18-59.34.1
      kernel-default-base-5.3.18-59.34.1.18.21.1
      kernel-default-debuginfo-5.3.18-59.34.1
      kernel-default-debugsource-5.3.18-59.34.1
      kernel-default-devel-5.3.18-59.34.1
      kernel-default-devel-debuginfo-5.3.18-59.34.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):

      kernel-preempt-5.3.18-59.34.1
      kernel-preempt-debuginfo-5.3.18-59.34.1
      kernel-preempt-debugsource-5.3.18-59.34.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):

      kernel-64kb-5.3.18-59.34.1
      kernel-64kb-debuginfo-5.3.18-59.34.1
      kernel-64kb-debugsource-5.3.18-59.34.1
      kernel-64kb-devel-5.3.18-59.34.1
      kernel-64kb-devel-debuginfo-5.3.18-59.34.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      kernel-devel-5.3.18-59.34.1
      kernel-macros-5.3.18-59.34.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):

      kernel-zfcpdump-5.3.18-59.34.1
      kernel-zfcpdump-debuginfo-5.3.18-59.34.1
      kernel-zfcpdump-debugsource-5.3.18-59.34.1

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-59.34.1
      cluster-md-kmp-default-debuginfo-5.3.18-59.34.1
      dlm-kmp-default-5.3.18-59.34.1
      dlm-kmp-default-debuginfo-5.3.18-59.34.1
      gfs2-kmp-default-5.3.18-59.34.1
      gfs2-kmp-default-debuginfo-5.3.18-59.34.1
      kernel-default-debuginfo-5.3.18-59.34.1
      kernel-default-debugsource-5.3.18-59.34.1
      ocfs2-kmp-default-5.3.18-59.34.1
      ocfs2-kmp-default-debuginfo-5.3.18-59.34.1


References:

   https://www.suse.com/security/cve/CVE-2021-33033.html
   https://www.suse.com/security/cve/CVE-2021-34866.html
   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3715.html
   https://www.suse.com/security/cve/CVE-2021-37159.html
   https://www.suse.com/security/cve/CVE-2021-3760.html
   https://www.suse.com/security/cve/CVE-2021-3772.html
   https://www.suse.com/security/cve/CVE-2021-3896.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42252.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://www.suse.com/security/cve/CVE-2021-43056.html
   https://www.suse.com/security/cve/CVE-2021-43389.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1089118
   https://bugzilla.suse.com/1094840
   https://bugzilla.suse.com/1133021
   https://bugzilla.suse.com/1152472
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1157177
   https://bugzilla.suse.com/1167773
   https://bugzilla.suse.com/1172073
   https://bugzilla.suse.com/1173604
   https://bugzilla.suse.com/1176447
   https://bugzilla.suse.com/1176774
   https://bugzilla.suse.com/1176914
   https://bugzilla.suse.com/1176940
   https://bugzilla.suse.com/1178134
   https://bugzilla.suse.com/1180100
   https://bugzilla.suse.com/1180749
   https://bugzilla.suse.com/1181147
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1185762
   https://bugzilla.suse.com/1186063
   https://bugzilla.suse.com/1186109
   https://bugzilla.suse.com/1187167
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1188601
   https://bugzilla.suse.com/1189841
   https://bugzilla.suse.com/1190006
   https://bugzilla.suse.com/1190067
   https://bugzilla.suse.com/1190349
   https://bugzilla.suse.com/1190351
   https://bugzilla.suse.com/1190479
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190642
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1190801
   https://bugzilla.suse.com/1190941
   https://bugzilla.suse.com/1191229
   https://bugzilla.suse.com/1191240
   https://bugzilla.suse.com/1191241
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191317
   https://bugzilla.suse.com/1191349
   https://bugzilla.suse.com/1191384
   https://bugzilla.suse.com/1191449
   https://bugzilla.suse.com/1191450
   https://bugzilla.suse.com/1191451
   https://bugzilla.suse.com/1191452
   https://bugzilla.suse.com/1191455
   https://bugzilla.suse.com/1191456
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191645
   https://bugzilla.suse.com/1191663
   https://bugzilla.suse.com/1191731
   https://bugzilla.suse.com/1191800
   https://bugzilla.suse.com/1191851
   https://bugzilla.suse.com/1191867
   https://bugzilla.suse.com/1191934
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1191980
   https://bugzilla.suse.com/1192040
   https://bugzilla.suse.com/1192041
   https://bugzilla.suse.com/1192074
   https://bugzilla.suse.com/1192107
   https://bugzilla.suse.com/1192145
   https://bugzilla.suse.com/1192229
   https://bugzilla.suse.com/1192267
   https://bugzilla.suse.com/1192288
   https://bugzilla.suse.com/1192549


From sle-updates at lists.suse.com  Wed Nov 17 07:41:39 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 17 Nov 2021 08:41:39 +0100 (CET)
Subject: SUSE-CU-2021:510-1: Recommended update of suse/sles12sp3
Message-ID: <20211117074139.97805FD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sles12sp3
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:510-1
Container Tags        : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.326 , suse/sles12sp3:latest
Container Release     : 24.326
Severity              : moderate
Type                  : recommended
References            : 
-----------------------------------------------------------------

The container suse/sles12sp3 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3664-1
Released:    Tue Nov 16 10:14:26 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  
This update for pam fixes the following issues:

- pam_cracklib: backported code to check whether the password contains a substring of of the user's name of at least <N> characters length in some form from SLE-15. (jsc#SLE-22182)


The following package changes have been done:

- pam-1.1.8-24.49.1 updated

From sle-updates at lists.suse.com  Wed Nov 17 07:57:42 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 17 Nov 2021 08:57:42 +0100 (CET)
Subject: SUSE-CU-2021:511-1: Recommended update of suse/sles12sp4
Message-ID: <20211117075742.BEEA6FD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sles12sp4
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:511-1
Container Tags        : suse/sles12sp4:26.376 , suse/sles12sp4:latest
Container Release     : 26.376
Severity              : moderate
Type                  : recommended
References            : 
-----------------------------------------------------------------

The container suse/sles12sp4 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3664-1
Released:    Tue Nov 16 10:14:26 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  
This update for pam fixes the following issues:

- pam_cracklib: backported code to check whether the password contains a substring of of the user's name of at least <N> characters length in some form from SLE-15. (jsc#SLE-22182)


The following package changes have been done:

- base-container-licenses-3.0-1.250 updated
- pam-1.1.8-24.49.1 updated

From sle-updates at lists.suse.com  Wed Nov 17 08:09:44 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 17 Nov 2021 09:09:44 +0100 (CET)
Subject: SUSE-CU-2021:512-1: Recommended update of suse/sles12sp5
Message-ID: <20211117080944.48260FD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:512-1
Container Tags        : suse/sles12sp5:6.5.259 , suse/sles12sp5:latest
Container Release     : 6.5.259
Severity              : moderate
Type                  : recommended
References            : 
-----------------------------------------------------------------

The container suse/sles12sp5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3664-1
Released:    Tue Nov 16 10:14:26 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  
This update for pam fixes the following issues:

- pam_cracklib: backported code to check whether the password contains a substring of of the user's name of at least <N> characters length in some form from SLE-15. (jsc#SLE-22182)


The following package changes have been done:

- pam-1.1.8-24.49.1 updated

From sle-updates at lists.suse.com  Wed Nov 17 14:18:34 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 17 Nov 2021 15:18:34 +0100 (CET)
Subject: SUSE-SU-2021:3718-1: important: Security update for the Linux Kernel
 (Live Patch 3 for SLE 15 SP3)
Message-ID: <20211117141834.9CD5DFD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3)
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3718-1
Rating:             important
References:         #1191318 #1191646 
Cross-References:   CVE-2021-34866 CVE-2021-41864
CVSS scores:
                    CVE-2021-34866 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP3
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for the Linux Kernel 5.3.18-59_13 fixes several issues.

   The following security issues were fixed:

   - CVE-2021-34866: Fixed possible eBPF Type Confusion privilege escalation
     vulnerability via eBPF type confusion (bsc#1191646).
   - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds
     write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c
     (bsc#1191318).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3718=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-3719=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):

      kernel-livepatch-5_3_18-59_13-default-6-2.2
      kernel-livepatch-5_3_18-59_13-default-debuginfo-6-2.2
      kernel-livepatch-5_3_18-59_24-default-2-2.2
      kernel-livepatch-5_3_18-59_24-default-debuginfo-2-2.2
      kernel-livepatch-SLE15-SP3_Update_3-debugsource-6-2.2
      kernel-livepatch-SLE15-SP3_Update_6-debugsource-2-2.2


References:

   https://www.suse.com/security/cve/CVE-2021-34866.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://bugzilla.suse.com/1191318
   https://bugzilla.suse.com/1191646


From sle-updates at lists.suse.com  Wed Nov 17 14:20:02 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 17 Nov 2021 15:20:02 +0100 (CET)
Subject: SUSE-SU-2021:3722-1: moderate: Security update for libarchive
Message-ID: <20211117142002.8337EFD2F@maintenance.suse.de>


   SUSE Security Update: Security update for libarchive
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3722-1
Rating:             moderate
References:         #1157569 #1192425 #1192426 #1192427 
Cross-References:   CVE-2019-19221
CVSS scores:
                    CVE-2019-19221 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that solves one vulnerability and has three fixes
   is now available.

Description:

   This update for libarchive fixes the following issues:

   - CVE-2019-19221: Fixed out-of-bounds read caused by incorrect mbrtowc or
     mbtowc call (bsc#1157569)

   - backporting symlink security fixes from 3.5.2:
     - extracting with ACLs modifies ACLs of target (bsc#1192425)
     - modifies file flags of target (bsc#1192426)
     - avoid follow on fixup entries (bsc#1192427)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3722=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3722=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      libarchive-debugsource-3.3.3-32.5.1
      libarchive-devel-3.3.3-32.5.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      libarchive-debugsource-3.3.3-32.5.1
      libarchive13-3.3.3-32.5.1
      libarchive13-debuginfo-3.3.3-32.5.1


References:

   https://www.suse.com/security/cve/CVE-2019-19221.html
   https://bugzilla.suse.com/1157569
   https://bugzilla.suse.com/1192425
   https://bugzilla.suse.com/1192426
   https://bugzilla.suse.com/1192427


From sle-updates at lists.suse.com  Wed Nov 17 14:21:50 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 17 Nov 2021 15:21:50 +0100 (CET)
Subject: SUSE-SU-2021:3723-1: important: Security update for the Linux Kernel
Message-ID: <20211117142150.17FA2FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3723-1
Rating:             important
References:         #1050549 #1065729 #1085030 #1094840 #1114648 
                    #1180624 #1184673 #1186063 #1186109 #1188563 
                    #1188601 #1188983 #1188985 #1190006 #1190067 
                    #1190317 #1190349 #1190351 #1190479 #1190620 
                    #1190795 #1190941 #1191241 #1191315 #1191317 
                    #1191349 #1191450 #1191452 #1191455 #1191500 
                    #1191579 #1191628 #1191662 #1191667 #1191713 
                    #1191801 #1192145 #1192379 
Cross-References:   CVE-2018-13405 CVE-2021-33033 CVE-2021-34556
                    CVE-2021-3542 CVE-2021-35477 CVE-2021-3655
                    CVE-2021-3715 CVE-2021-37159 CVE-2021-3760
                    CVE-2021-3772 CVE-2021-41864 CVE-2021-42008
                    CVE-2021-42252 CVE-2021-42739
CVSS scores:
                    CVE-2018-13405 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2018-13405 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
                    CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 24 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP5 Real Time kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
     (bsc#1188563).
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in
     net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the
     DOI definitions is mishandled (bsc#1186109).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
     (bsc#1186063).
   - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass
     via unprivileged BPF program that could have obtain sensitive
     information from kernel memory (bsc#1188983).
   - CVE-2021-35477: Fixed BPF stack frame pointer which could have been
     abused to disclose content of arbitrary kernel memory (bsc#1188985).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
     (bnc#1190479).
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access
     (bsc#1191315).
   - CVE-2021-37159: Fixed use-after-free and a double free in
     hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is
     called without checking for the NETREG_REGISTERED state (bnc#1188601).
   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).

   The following non-security bugs were fixed:

   - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - PM: base: power: do not try to use non-existing RTC for storing data
     (git-fixes).
   - SMB3.1.1: Fix ids returned in POSIX query dir (bsc#1190317).
   - SMB3.1.1: do not log warning message if server does not populate salt
     (bsc#1190317).
   - SMB3.1.1: fix mount failure to some servers when compression enabled
     (bsc#1190317).
   - SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot
     rsp (bsc#1190317).
   - SMB3.1.1: update comments clarifying SPNEGO info in negprot response
     (bsc#1190317).
   - SMB3: Add new info level for query directory (bsc#1190317).
   - SMB3: Add support for getting and setting SACLs (bsc#1190317).
   - SMB3: Fix mkdir when idsfromsid configured on mount (bsc#1190317).
   - SMB3: Resolve data corruption of TCP server info fields (bsc#1190317).
   - SMB3: add support for recognizing WSL reparse tags (bsc#1190317).
   - SMB3: avoid confusing warning message on mount to Azure (bsc#1190317).
   - SMB3: fix readpage for large swap cache (bsc#1190317).
   - SMB3: incorrect file id in requests compounded with open (bsc#1190317).
   - SMB3: update structures for new compression protocol definitions
     (bsc#1190317).
   - USB: cdc-acm: fix break reporting (git-fixes).
   - USB: cdc-acm: fix racy tty buffer accesses (git-fixes).
   - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
     (git-fixes).
   - USB: serial: option: add Telit LN920 compositions (git-fixes).
   - USB: serial: option: add device id for Foxconn T99W265 (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - bitmap: remove unused function declaration (git-fixes).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
     (bsc#1191452).
   - cdc_ncm: Set NTB format again after altsetting switch for Huawei devices
     (git-fixes).
   - cifs: Add get_security_type_str function to return sec type
     (bsc#1190317).
   - cifs: Avoid field over-reading memcpy() (bsc#1190317).
   - cifs: Change SIDs in ACEs while transferring file ownership
     (bsc#1190317).
   - cifs: Clarify SMB1 code for POSIX Create (bsc#1190317).
   - cifs: Clarify SMB1 code for POSIX Lock (bsc#1190317).
   - cifs: Clarify SMB1 code for POSIX delete file (bsc#1190317).
   - cifs: Clarify SMB1 code for SetFileSize (bsc#1190317).
   - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1190317).
   - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1190317).
   - cifs: Clarify SMB1 code for delete (bsc#1190317).
   - cifs: Clarify SMB1 code for rename open file (bsc#1190317).
   - cifs: Display local UID details for SMB sessions in DebugData
     (bsc#1190317).
   - cifs: Do not use the original cruid when following DFS links for
     multiuser mounts (bsc#1190317).
   - cifs: Enable sticky bit with cifsacl mount option (bsc#1190317).
   - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1190317).
   - cifs: Fix chmod with modefromsid when an older ACE already exists
     (bsc#1190317).
   - cifs: Fix cifsacl ACE mask for group and others (bsc#1190317).
   - cifs: Fix double add page to memcg when cifs_readpages (bsc#1190317).
   - cifs: Fix in error types returned for out-of-credit situations
     (bsc#1190317).
   - cifs: Fix unix perm bits to cifsacl conversion for "other" bits
     (bsc#1190317).
   - cifs: Grab a reference for the dentry of the cached directory during the
     lifetime of the cache (bsc#1190317).
   - cifs: If a corrupted DACL is returned by the server, bail out
     (bsc#1190317).
   - cifs: Make extract_hostname function public (bsc#1190317).
   - cifs: Make extract_sharename function public (bsc#1190317).
   - cifs: Print the address and port we are connecting to in
     generic_ip_connect() (bsc#1190317).
   - cifs: Retain old ACEs when converting between mode bits and ACL
     (bsc#1190317).
   - cifs: Silently ignore unknown oplock break handle (bsc#1190317).
   - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1190317).
   - cifs: add a function to get a cached dir based on its dentry
     (bsc#1190317).
   - cifs: add a timestamp to track when the lease of the cached dir was
     taken (bsc#1190317).
   - cifs: add shutdown support (bsc#1190317).
   - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1190317).
   - cifs: added WARN_ON for all the count decrements (bsc#1190317).
   - cifs: ask for more credit on async read/write code paths (bsc#1190317).
   - cifs: avoid extra calls in posix_info_parse (bsc#1190317).
   - cifs: check pointer before freeing (bsc#1190317).
   - cifs: check the timestamp for the cached dirent when deciding on
     revalidate (bsc#1190317).
   - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1190317).
   - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1190317).
   - cifs: cleanup misc.c (bsc#1190317).
   - cifs: compute full_path already in cifs_readdir() (bsc#1190317).
   - cifs: constify path argument of ->make_node() (bsc#1190317).
   - cifs: constify pathname arguments in a bunch of helpers (bsc#1190317).
   - cifs: convert list_for_each to entry variant in cifs_debug.c
     (bsc#1190317).
   - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1190317).
   - cifs: convert to use be32_add_cpu() (bsc#1190317).
   - cifs: create sd context must be a multiple of 8 (bsc#1190317).
   - cifs: detect dead connections only when echoes are enabled (bsc#1190317).
   - cifs: do not fail __smb_send_rqst if non-fatal signals are pending
     (bsc#1190317).
   - cifs: dump Security Type info in DebugData (bsc#1190317).
   - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1190317).
   - cifs: fix NULL dereference in smb2_check_message() (bsc#1190317).
   - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1190317).
   - cifs: fix a memleak with modefromsid (bsc#1190317).
   - cifs: fix allocation size on newly created files (bsc#1190317).
   - cifs: fix chown and chgrp when idsfromsid mount option enabled
     (bsc#1190317).
   - cifs: fix fallocate when trying to allocate a hole (bsc#1190317).
   - cifs: fix leaked reference on requeued write (bsc#1190317).
   - cifs: fix missing null session check in mount (bsc#1190317).
   - cifs: fix missing spinlock around update to ses->status (bsc#1190317).
   - cifs: fix out-of-bound memory access when calling smb3_notify() at mount
     point (bsc#1190317).
   - cifs: fix reference leak for tlink (bsc#1190317).
   - cifs: fix rsize/wsize to be negotiated values (bsc#1190317).
   - cifs: fix string declarations and assignments in tracepoints
     (bsc#1190317).
   - cifs: fix the out of range assignment to bit fields in
     parse_server_interfaces (bsc#1190317).
   - cifs: handle "nolease" option for vers=1.0 (bsc#1190317).
   - cifs: handle -EINTR in cifs_setattr (bsc#1190317).
   - cifs: handle ERRBaduid for SMB1 (bsc#1190317).
   - cifs: handle reconnect of tcon when there is no cached dfs referral
     (bsc#1190317).
   - cifs: have ->mkdir() handle race with another client sanely
     (bsc#1190317).
   - cifs: improve fallocate emulation (bsc#1190317).
   - cifs: make build_path_from_dentry() return const char * (bsc#1190317).
   - cifs: make const array static, makes object smaller (bsc#1190317).
   - cifs: make locking consistent around the server session status
     (bsc#1190317).
   - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1190317).
   - cifs: minor kernel style fixes for comments (bsc#1190317).
   - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1190317).
   - cifs: missing null check for newinode pointer (bsc#1190317).
   - cifs: move some variables off the stack in smb2_ioctl_query_info
     (bsc#1190317).
   - cifs: move the check for nohandlecache into open_shroot (bsc#1190317).
   - cifs: only write 64kb at a time when fallocating a small region of a
     file (bsc#1190317).
   - cifs: pass a path to open_shroot and check if it is the root or not
     (bsc#1190317).
   - cifs: pass the dentry instead of the inode down to the revalidation
     check functions (bsc#1190317).
   - cifs: prevent truncation from long to int in wait_for_free_credits
     (bsc#1190317).
   - cifs: reduce stack use in smb2_compound_op (bsc#1190317).
   - cifs: refactor create_sd_buf() and and avoid corrupting the buffer
     (bsc#1190317).
   - cifs: remove old dead code (bsc#1190317).
   - cifs: remove some minor warnings pointed out by kernel test robot
     (bsc#1190317).
   - cifs: remove the retry in cifs_poxis_lock_set (bsc#1190317).
   - cifs: remove two cases where rc is set unnecessarily in sid_to_id
     (bsc#1190317).
   - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1190317).
   - cifs: remove various function description warnings (bsc#1190317).
   - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1190317).
   - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1190317).
   - cifs: return cached_fid from open_shroot (bsc#1190317).
   - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1190317).
   - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1190317).
   - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails
     (bsc#1190317).
   - cifs: store a pointer to the root dentry in cifs_sb_info once we have
     completed mounting the share (bsc#1190317).
   - cifs: update ctime and mtime during truncate (bsc#1190317).
   - cifs: update new ACE pointer after populate_new_aces (bsc#1190317).
   - cifs: use echo_interval even when connection not ready (bsc#1190317).
   - cifs: use the expiry output of dns_query to schedule next resolution
     (bsc#1190317).
   - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - fs: copy BTRFS_IOC_[SG]ET_FSLABEL to vfs (bsc#1191500).
   - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).
   - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).
   - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
     (git-fixes).
   - gianfar: simplify FCS handling and fix memory leak (git-fixes).
   - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
   - ipc: remove memcg accounting for sops objects in do_semtimedop()
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - kernel, fs: Introduce and use set_restart_fn() and
     arch_set_restart_data() (bsc#1191713).
   - kernel, fs: Introduce and use set_restart_fn() and
     arch_set_restart_data() (bsc#1191713).
   - kernel, hrtimer: Move copyout of remaining time to do_nanosleep()
     (bsc#1191713).
   - kernel, hrtimer_nanosleep(): Pass rmtp in restart_block (bsc#1191713).
   - kernel/locking/mutex.c: remove caller signal_pending branch predictions
     (bsc#1050549).
   - lib: iov_iter_fault_in_readable() should do nothing in xarray case
     (bsc#1191579).
   - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
     (git-fixes).
   - locking/pvqspinlock/x86: Use LOCK_PREFIX in __pv_queued_spin_unlock()
     assembly code (bsc#1050549).
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - net: cdc_ncm: use tasklet_init() for tasklet_struct init (git-fixes).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
     (git-fixes).
   - net: hso: remove redundant unused variable dev (git-fixes).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
     bsc#1191801).
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
     (git-fixes).
   - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem
     family (git-fixes).
   - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
   - net_sched: cls_route: remove the right filter from hashtable
     (networking-stable-20_03_28).
   - netfilter: Drop fragmented ndisc packets assembled in netfilter
     (git-fixes).
   - objtool: Don't fail on missing symbol table (bsc#1192379).
   - ocfs2: drop acl cache for directories too (bsc#1191667).
   - ocfs2: fix data corruption after conversion from inline format
     (bsc#1190795).
   - ocfs2: Fix data corruption on truncate (bsc#1190795).
   - ocfs2: do not zero pages beyond i_size (bsc#1190795).
   - powerpc/64s: Fix crashes when toggling entry flush barrier
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
     git-fixes).
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
     (git-fixes).
   - s390x: Turn off CONFIG_NUMA_EMU (jsc#SLE-11600).
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
     (bsc#1192145).
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix crash when nvmet transport calls host_release
     (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
     (bsc#1192145).
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
     (bsc#1191349).
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
     (bsc#1190941).
   - scsi: qla2xxx: Check for firmware capability before creating QPair
     (bsc#1190941).
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
     (bsc#1190941).
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
     (bsc#1190941).
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
     (bsc#1190941).
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
     (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
     (bsc#1190941).
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
     (bsc#1190941).
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190941).
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
     (bsc#1190941).
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
   - sctp: fully initialize v4 addr in some functions (bsc#1188563).
   - selinux: fix error initialization in inode_doinit_with_dentry()
     (git-fixes).
   - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
     (git-fxes).
   - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1190317).
   - smb3: Add debug message for new file creation with idsfromsid mount
     option (bsc#1190317).
   - smb3: Add new parm "nodelete" (bsc#1190317).
   - smb3: Avoid Mid pending list corruption (bsc#1190317).
   - smb3: Call cifs reconnect from demultiplex thread (bsc#1190317).
   - smb3: Handle error case during offload read path (bsc#1190317).
   - smb3: add indatalen that can be a non-zero value to calculation of
     credit charge in smb2 ioctl (bsc#1190317).
   - smb3: add some missing definitions from MS-FSCC (bsc#1190317).
   - smb3: allow uid and gid owners to be set on create with idsfromsid mount
     option (bsc#1190317).
   - smb3: do not try to cache root directory if dir leases not supported
     (bsc#1190317).
   - smb3: fix access denied on change notify request to some servers
     (bsc#1190317).
   - smb3: fix cached file size problems in duplicate extents (reflink)
     (bsc#1190317).
   - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K
     (bsc#1190317).
   - smb3: fix possible access to uninitialized pointer to DACL (bsc#1190317).
   - smb3: fix stat when special device file and mounted with modefromsid
     (bsc#1190317).
   - smb3: fix unneeded error message on change notify (bsc#1190317).
   - smb3: limit noisy error (bsc#1190317).
   - smb3: minor update to compression header definitions (bsc#1190317).
   - smb3: prevent races updating CurrentMid (bsc#1190317).
   - smb3: rc uninitialized in one fallocate path (bsc#1190317).
   - smb3: remove static checker warning (bsc#1190317).
   - tcp/dccp: fix possible race __inet_lookup_established() (bsc#1180624).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
     (bsc#1065729).
   - uapi: nfnetlink_cthelper.h: fix userspace compilation error (git-fixes).
   - update structure definitions from updated protocol documentation
     (bsc#1190317).
   - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
     (git-fixes).
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes).
   - usb: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
   - usb: xhci: dbc: Simplify error handling in 'xhci_dbc_alloc_requests()'
     (git-fixes).
   - usb: xhci: dbc: Use GFP_KERNEL instead of GFP_ATOMIC in
     'xhci_dbc_alloc_requests()' (git-fixes).
   - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
     (bsc#1114648).
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
     (bsc#1114648).
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: always honor OWN_UNKNOWN rmap removal requests (bsc#1191500).
   - xfs: convert growfs AG header init to use buffer lists (bsc#1191500).
   - xfs: factor ag btree root block initialisation (bsc#1191500).
   - xfs: factor out AG header initialisation from growfs core (bsc#1191500).
   - xfs: fix check on struct_version for versions 4 or greater (bsc#1191500,
     git-fixes).
   - xfs: fix string handling in label get/set functions (bsc#1191500,
     git-fixes).
   - xfs: hoist xfs_fs_geometry to libxfs (bsc#1191500).
   - xfs: implement online get/set fs label (bsc#1191500).
   - xfs: make imaxpct changes in growfs separate (bsc#1191500).
   - xfs: move growfs core to libxfs (bsc#1191500).
   - xfs: one-shot cached buffers (bsc#1191500).
   - xfs: refactor the geometry structure filling function (bsc#1191500).
   - xfs: rework secondary superblock updates in growfs (bsc#1191500).
   - xfs: separate secondary sb update in growfs (bsc#1191500).
   - xfs: turn ag header initialisation into a table driven operation
     (bsc#1191500).
   - xfs: xfs_fsops: drop useless LIST_HEAD (bsc#1191500, git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 12-SP5:

      zypper in -t patch SUSE-SLE-RT-12-SP5-2021-3723=1



Package List:

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):

      cluster-md-kmp-rt-4.12.14-10.65.1
      cluster-md-kmp-rt-debuginfo-4.12.14-10.65.1
      dlm-kmp-rt-4.12.14-10.65.1
      dlm-kmp-rt-debuginfo-4.12.14-10.65.1
      gfs2-kmp-rt-4.12.14-10.65.1
      gfs2-kmp-rt-debuginfo-4.12.14-10.65.1
      kernel-rt-4.12.14-10.65.1
      kernel-rt-base-4.12.14-10.65.1
      kernel-rt-base-debuginfo-4.12.14-10.65.1
      kernel-rt-debuginfo-4.12.14-10.65.1
      kernel-rt-debugsource-4.12.14-10.65.1
      kernel-rt-devel-4.12.14-10.65.1
      kernel-rt-devel-debuginfo-4.12.14-10.65.1
      kernel-rt_debug-4.12.14-10.65.1
      kernel-rt_debug-debuginfo-4.12.14-10.65.1
      kernel-rt_debug-debugsource-4.12.14-10.65.1
      kernel-rt_debug-devel-4.12.14-10.65.1
      kernel-rt_debug-devel-debuginfo-4.12.14-10.65.1
      kernel-syms-rt-4.12.14-10.65.1
      ocfs2-kmp-rt-4.12.14-10.65.1
      ocfs2-kmp-rt-debuginfo-4.12.14-10.65.1

   - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):

      kernel-devel-rt-4.12.14-10.65.1
      kernel-source-rt-4.12.14-10.65.1


References:

   https://www.suse.com/security/cve/CVE-2018-13405.html
   https://www.suse.com/security/cve/CVE-2021-33033.html
   https://www.suse.com/security/cve/CVE-2021-34556.html
   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-35477.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3715.html
   https://www.suse.com/security/cve/CVE-2021-37159.html
   https://www.suse.com/security/cve/CVE-2021-3760.html
   https://www.suse.com/security/cve/CVE-2021-3772.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42252.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://bugzilla.suse.com/1050549
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1094840
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1180624
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1186063
   https://bugzilla.suse.com/1186109
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1188601
   https://bugzilla.suse.com/1188983
   https://bugzilla.suse.com/1188985
   https://bugzilla.suse.com/1190006
   https://bugzilla.suse.com/1190067
   https://bugzilla.suse.com/1190317
   https://bugzilla.suse.com/1190349
   https://bugzilla.suse.com/1190351
   https://bugzilla.suse.com/1190479
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1190941
   https://bugzilla.suse.com/1191241
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191317
   https://bugzilla.suse.com/1191349
   https://bugzilla.suse.com/1191450
   https://bugzilla.suse.com/1191452
   https://bugzilla.suse.com/1191455
   https://bugzilla.suse.com/1191500
   https://bugzilla.suse.com/1191579
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191662
   https://bugzilla.suse.com/1191667
   https://bugzilla.suse.com/1191713
   https://bugzilla.suse.com/1191801
   https://bugzilla.suse.com/1192145
   https://bugzilla.suse.com/1192379


From sle-updates at lists.suse.com  Wed Nov 17 14:28:13 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 17 Nov 2021 15:28:13 +0100 (CET)
Subject: SUSE-SU-2021:3710-1: important: Security update for the Linux Kernel
 (Live Patch 15 for SLE 15 SP2)
Message-ID: <20211117142813.68B66FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP2)
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3710-1
Rating:             important
References:         #1190432 #1191318 
Cross-References:   CVE-2021-3752 CVE-2021-41864
CVSS scores:
                    CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for the Linux Kernel 5.3.18-24_53_4 fixes several issues.

   The following security issues were fixed:

   - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf
     module (bsc#1190432).
   - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds
     write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c
     (bsc#1191318).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3706=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3707=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3708=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3709=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3710=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3711=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3713=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):

      kernel-livepatch-5_3_18-24_37-default-14-2.2
      kernel-livepatch-5_3_18-24_37-default-debuginfo-14-2.2
      kernel-livepatch-5_3_18-24_43-default-13-2.2
      kernel-livepatch-5_3_18-24_43-default-debuginfo-13-2.2
      kernel-livepatch-5_3_18-24_46-default-13-2.2
      kernel-livepatch-5_3_18-24_46-default-debuginfo-13-2.2
      kernel-livepatch-5_3_18-24_52-default-11-2.2
      kernel-livepatch-5_3_18-24_52-default-debuginfo-11-2.2
      kernel-livepatch-5_3_18-24_53_4-default-6-2.2
      kernel-livepatch-5_3_18-24_53_4-default-debuginfo-6-2.2
      kernel-livepatch-5_3_18-24_61-default-8-2.2
      kernel-livepatch-5_3_18-24_61-default-debuginfo-8-2.2
      kernel-livepatch-5_3_18-24_64-default-8-2.2
      kernel-livepatch-5_3_18-24_64-default-debuginfo-8-2.2
      kernel-livepatch-SLE15-SP2_Update_11-debugsource-11-2.2
      kernel-livepatch-SLE15-SP2_Update_12-debugsource-8-2.2
      kernel-livepatch-SLE15-SP2_Update_13-debugsource-8-2.2
      kernel-livepatch-SLE15-SP2_Update_15-debugsource-6-2.2
      kernel-livepatch-SLE15-SP2_Update_7-debugsource-14-2.2
      kernel-livepatch-SLE15-SP2_Update_8-debugsource-13-2.2
      kernel-livepatch-SLE15-SP2_Update_9-debugsource-13-2.2


References:

   https://www.suse.com/security/cve/CVE-2021-3752.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://bugzilla.suse.com/1190432
   https://bugzilla.suse.com/1191318


From sle-updates at lists.suse.com  Wed Nov 17 14:32:22 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 17 Nov 2021 15:32:22 +0100 (CET)
Subject: SUSE-SU-2021:3712-1: important: Security update for the Linux Kernel
 (Live Patch 14 for SLE 15 SP2)
Message-ID: <20211117143222.58F24FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP2)
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3712-1
Rating:             important
References:         #1191318 
Cross-References:   CVE-2021-41864
CVSS scores:
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for the Linux Kernel 5.3.18-24_67 fixes one issue.

   The following security issue was fixed:

   - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds
     write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c
     (bsc#1191318).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3712=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3714=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3715=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3716=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3717=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):

      kernel-livepatch-5_3_18-24_67-default-6-2.2
      kernel-livepatch-5_3_18-24_67-default-debuginfo-6-2.2
      kernel-livepatch-5_3_18-24_70-default-6-2.2
      kernel-livepatch-5_3_18-24_70-default-debuginfo-6-2.2
      kernel-livepatch-5_3_18-24_75-default-5-2.2
      kernel-livepatch-5_3_18-24_75-default-debuginfo-5-2.2
      kernel-livepatch-5_3_18-24_78-default-4-2.2
      kernel-livepatch-5_3_18-24_78-default-debuginfo-4-2.2
      kernel-livepatch-5_3_18-24_83-default-2-2.2
      kernel-livepatch-5_3_18-24_83-default-debuginfo-2-2.2
      kernel-livepatch-SLE15-SP2_Update_14-debugsource-6-2.2
      kernel-livepatch-SLE15-SP2_Update_16-debugsource-6-2.2
      kernel-livepatch-SLE15-SP2_Update_17-debugsource-5-2.2
      kernel-livepatch-SLE15-SP2_Update_18-debugsource-4-2.2
      kernel-livepatch-SLE15-SP2_Update_19-debugsource-2-2.2


References:

   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://bugzilla.suse.com/1191318


From sle-updates at lists.suse.com  Wed Nov 17 14:34:06 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 17 Nov 2021 15:34:06 +0100 (CET)
Subject: SUSE-SU-2021:3684-1: important: Security update for the Linux Kernel
 (Live Patch 16 for SLE 12 SP5)
Message-ID: <20211117143406.DE16DFD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP5)
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3684-1
Rating:             important
References:         #1190432 #1191318 #1192042 
Cross-References:   CVE-2021-0935 CVE-2021-3752 CVE-2021-41864
                   
CVSS scores:
                    CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP1
                    SUSE Linux Enterprise Module for Live Patching 15
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for the Linux Kernel 4.12.14-122_63 fixes several issues.

   The following security issues were fixed:

   - CVE-2021-0935: Fixed use after free that could lead to local escalation
     of privilege in ip6_xmit of ip6_output.c (bsc#1192042).
   - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf
     module (bsc#1190432).
   - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds
     write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c
     (bsc#1191318).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-3697=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3698=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3699=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3700=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3701=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3702=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3703=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3704=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3705=1

   - SUSE Linux Enterprise Module for Live Patching 15:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-3693=1 SUSE-SLE-Module-Live-Patching-15-2021-3694=1 SUSE-SLE-Module-Live-Patching-15-2021-3695=1 SUSE-SLE-Module-Live-Patching-15-2021-3696=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-3681=1 SUSE-SLE-Live-Patching-12-SP5-2021-3682=1 SUSE-SLE-Live-Patching-12-SP5-2021-3683=1 SUSE-SLE-Live-Patching-12-SP5-2021-3684=1 SUSE-SLE-Live-Patching-12-SP5-2021-3685=1 SUSE-SLE-Live-Patching-12-SP5-2021-3686=1 SUSE-SLE-Live-Patching-12-SP5-2021-3687=1 SUSE-SLE-Live-Patching-12-SP5-2021-3688=1 SUSE-SLE-Live-Patching-12-SP5-2021-3689=1 SUSE-SLE-Live-Patching-12-SP5-2021-3690=1 SUSE-SLE-Live-Patching-12-SP5-2021-3691=1

   - SUSE Linux Enterprise Live Patching 12-SP4:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-3676=1 SUSE-SLE-Live-Patching-12-SP4-2021-3677=1 SUSE-SLE-Live-Patching-12-SP4-2021-3678=1 SUSE-SLE-Live-Patching-12-SP4-2021-3679=1 SUSE-SLE-Live-Patching-12-SP4-2021-3680=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):

      kernel-livepatch-4_12_14-197_67-default-14-2.2
      kernel-livepatch-4_12_14-197_72-default-13-2.2
      kernel-livepatch-4_12_14-197_75-default-13-2.2
      kernel-livepatch-4_12_14-197_78-default-13-2.2
      kernel-livepatch-4_12_14-197_83-default-12-2.2
      kernel-livepatch-4_12_14-197_86-default-11-2.2
      kernel-livepatch-4_12_14-197_89-default-8-2.2
      kernel-livepatch-4_12_14-197_92-default-7-2.2
      kernel-livepatch-4_12_14-197_99-default-5-2.2

   - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):

      kernel-livepatch-4_12_14-150_63-default-14-2.2
      kernel-livepatch-4_12_14-150_63-default-debuginfo-14-2.2
      kernel-livepatch-4_12_14-150_69-default-11-2.2
      kernel-livepatch-4_12_14-150_69-default-debuginfo-11-2.2
      kernel-livepatch-4_12_14-150_72-default-8-2.2
      kernel-livepatch-4_12_14-150_72-default-debuginfo-8-2.2
      kernel-livepatch-4_12_14-150_75-default-5-2.2
      kernel-livepatch-4_12_14-150_75-default-debuginfo-5-2.2

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kgraft-patch-4_12_14-122_51-default-15-2.2
      kgraft-patch-4_12_14-122_54-default-13-2.2
      kgraft-patch-4_12_14-122_57-default-13-2.2
      kgraft-patch-4_12_14-122_63-default-11-2.2
      kgraft-patch-4_12_14-122_66-default-9-2.2
      kgraft-patch-4_12_14-122_71-default-8-2.2
      kgraft-patch-4_12_14-122_74-default-6-2.2
      kgraft-patch-4_12_14-122_77-default-6-2.2
      kgraft-patch-4_12_14-122_80-default-5-2.2
      kgraft-patch-4_12_14-122_83-default-4-2.2
      kgraft-patch-4_12_14-122_88-default-2-2.2

   - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):

      kgraft-patch-4_12_14-95_65-default-13-2.2
      kgraft-patch-4_12_14-95_68-default-12-2.2
      kgraft-patch-4_12_14-95_71-default-11-2.2
      kgraft-patch-4_12_14-95_77-default-7-2.2
      kgraft-patch-4_12_14-95_80-default-5-2.2


References:

   https://www.suse.com/security/cve/CVE-2021-0935.html
   https://www.suse.com/security/cve/CVE-2021-3752.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://bugzilla.suse.com/1190432
   https://bugzilla.suse.com/1191318
   https://bugzilla.suse.com/1192042


From sle-updates at lists.suse.com  Wed Nov 17 14:36:12 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 17 Nov 2021 15:36:12 +0100 (CET)
Subject: SUSE-SU-2021:3721-1: important: Security update for MozillaFirefox
Message-ID: <20211117143612.21FB8FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3721-1
Rating:             important
References:         #1192250 
Cross-References:   CVE-2021-38503 CVE-2021-38504 CVE-2021-38505
                    CVE-2021-38506 CVE-2021-38507 CVE-2021-38508
                    CVE-2021-38509 CVE-2021-38510
Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:

   This update for MozillaFirefox fixes the following issues:

   MozillaFirefox was updated to Extended Support Release 91.3.0 ESR

   * Fixed: Various stability, functionality, and security fixes

   MFSA 2021-49 (bsc#1192250)

     * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
     * CVE-2021-38504: Use-after-free in file picker dialog
     * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive
       user data
     * CVE-2021-38506: Firefox could be coaxed into going into fullscreen
       mode without notification or warning
     * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to
       bypass the Same-Origin-Policy on services hosted on other ports
     * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
       confusion and potential spoofing
     * CVE-2021-38509: Javascript alert box could have been spoofed onto an
       arbitrary domain
     * CVE-2021-38510: Download Protections were bypassed by .inetloc files
       on Mac OS
     * MOZ-2021-0008: Use-after-free in HTTP2 Session object
     * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR
       91.3


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3721=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3721=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3721=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3721=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3721=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3721=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3721=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3721=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3721=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3721=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3721=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3721=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3721=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2

   - SUSE OpenStack Cloud 9 (x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2

   - SUSE OpenStack Cloud 8 (x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2

   - HPE Helion Openstack 8 (x86_64):

      MozillaFirefox-91.3.0-112.80.2
      MozillaFirefox-debuginfo-91.3.0-112.80.2
      MozillaFirefox-debugsource-91.3.0-112.80.2
      MozillaFirefox-devel-91.3.0-112.80.2
      MozillaFirefox-translations-common-91.3.0-112.80.2


References:

   https://www.suse.com/security/cve/CVE-2021-38503.html
   https://www.suse.com/security/cve/CVE-2021-38504.html
   https://www.suse.com/security/cve/CVE-2021-38505.html
   https://www.suse.com/security/cve/CVE-2021-38506.html
   https://www.suse.com/security/cve/CVE-2021-38507.html
   https://www.suse.com/security/cve/CVE-2021-38508.html
   https://www.suse.com/security/cve/CVE-2021-38509.html
   https://www.suse.com/security/cve/CVE-2021-38510.html
   https://bugzilla.suse.com/1192250


From sle-updates at lists.suse.com  Wed Nov 17 14:37:43 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 17 Nov 2021 15:37:43 +0100 (CET)
Subject: SUSE-SU-2021:3692-1: important: Security update for the Linux Kernel
 (Live Patch 24 for SLE 12 SP5)
Message-ID: <20211117143743.3E63FFD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP5)
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3692-1
Rating:             important
References:         #1191318 #1192042 
Cross-References:   CVE-2021-0935 CVE-2021-41864
CVSS scores:
                    CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for the Linux Kernel 4.12.14-122_91 fixes several issues.

   The following security issues were fixed:

   - CVE-2021-0935: Fixed use after free that could lead to local escalation
     of privilege in ip6_xmit of ip6_output.c (bsc#1192042).
   - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds
     write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c
     (bsc#1191318).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-3692=1



Package List:

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kgraft-patch-4_12_14-122_91-default-2-2.2


References:

   https://www.suse.com/security/cve/CVE-2021-0935.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://bugzilla.suse.com/1191318
   https://bugzilla.suse.com/1192042


From sle-updates at lists.suse.com  Thu Nov 18 14:23:30 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 18 Nov 2021 15:23:30 +0100 (CET)
Subject: SUSE-RU-2021:3724-1: moderate: Recommended update for powerpc-utils
Message-ID: <20211118142330.A6AC6FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for powerpc-utils
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3724-1
Rating:             moderate
References:         #1192095 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for powerpc-utils fixes the following issue:

   - Avoid error with HCN IDs containing same consecutive bytes (bsc#1192095)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3724=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le):

      powerpc-utils-1.3.9-9.12.1
      powerpc-utils-debuginfo-1.3.9-9.12.1
      powerpc-utils-debugsource-1.3.9-9.12.1


References:

   https://bugzilla.suse.com/1192095


From sle-updates at lists.suse.com  Thu Nov 18 17:17:38 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 18 Nov 2021 18:17:38 +0100 (CET)
Subject: SUSE-SU-2021:3726-1: moderate: Security update for php74
Message-ID: <20211118171738.D77E1FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for php74
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3726-1
Rating:             moderate
References:         #1192050 
Cross-References:   CVE-2021-21703
CVSS scores:
                    CVE-2021-21703 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-21703 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Module for Web Scripting 12
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for php74 fixes the following issues:

   - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM
     (bsc#1192050).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3726=1

   - SUSE Linux Enterprise Module for Web Scripting 12:

      zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-3726=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      php74-debuginfo-7.4.6-1.27.1
      php74-debugsource-7.4.6-1.27.1
      php74-devel-7.4.6-1.27.1

   - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):

      apache2-mod_php74-7.4.6-1.27.1
      apache2-mod_php74-debuginfo-7.4.6-1.27.1
      php74-7.4.6-1.27.1
      php74-bcmath-7.4.6-1.27.1
      php74-bcmath-debuginfo-7.4.6-1.27.1
      php74-bz2-7.4.6-1.27.1
      php74-bz2-debuginfo-7.4.6-1.27.1
      php74-calendar-7.4.6-1.27.1
      php74-calendar-debuginfo-7.4.6-1.27.1
      php74-ctype-7.4.6-1.27.1
      php74-ctype-debuginfo-7.4.6-1.27.1
      php74-curl-7.4.6-1.27.1
      php74-curl-debuginfo-7.4.6-1.27.1
      php74-dba-7.4.6-1.27.1
      php74-dba-debuginfo-7.4.6-1.27.1
      php74-debuginfo-7.4.6-1.27.1
      php74-debugsource-7.4.6-1.27.1
      php74-dom-7.4.6-1.27.1
      php74-dom-debuginfo-7.4.6-1.27.1
      php74-enchant-7.4.6-1.27.1
      php74-enchant-debuginfo-7.4.6-1.27.1
      php74-exif-7.4.6-1.27.1
      php74-exif-debuginfo-7.4.6-1.27.1
      php74-fastcgi-7.4.6-1.27.1
      php74-fastcgi-debuginfo-7.4.6-1.27.1
      php74-fileinfo-7.4.6-1.27.1
      php74-fileinfo-debuginfo-7.4.6-1.27.1
      php74-fpm-7.4.6-1.27.1
      php74-fpm-debuginfo-7.4.6-1.27.1
      php74-ftp-7.4.6-1.27.1
      php74-ftp-debuginfo-7.4.6-1.27.1
      php74-gd-7.4.6-1.27.1
      php74-gd-debuginfo-7.4.6-1.27.1
      php74-gettext-7.4.6-1.27.1
      php74-gettext-debuginfo-7.4.6-1.27.1
      php74-gmp-7.4.6-1.27.1
      php74-gmp-debuginfo-7.4.6-1.27.1
      php74-iconv-7.4.6-1.27.1
      php74-iconv-debuginfo-7.4.6-1.27.1
      php74-intl-7.4.6-1.27.1
      php74-intl-debuginfo-7.4.6-1.27.1
      php74-json-7.4.6-1.27.1
      php74-json-debuginfo-7.4.6-1.27.1
      php74-ldap-7.4.6-1.27.1
      php74-ldap-debuginfo-7.4.6-1.27.1
      php74-mbstring-7.4.6-1.27.1
      php74-mbstring-debuginfo-7.4.6-1.27.1
      php74-mysql-7.4.6-1.27.1
      php74-mysql-debuginfo-7.4.6-1.27.1
      php74-odbc-7.4.6-1.27.1
      php74-odbc-debuginfo-7.4.6-1.27.1
      php74-opcache-7.4.6-1.27.1
      php74-opcache-debuginfo-7.4.6-1.27.1
      php74-openssl-7.4.6-1.27.1
      php74-openssl-debuginfo-7.4.6-1.27.1
      php74-pcntl-7.4.6-1.27.1
      php74-pcntl-debuginfo-7.4.6-1.27.1
      php74-pdo-7.4.6-1.27.1
      php74-pdo-debuginfo-7.4.6-1.27.1
      php74-pgsql-7.4.6-1.27.1
      php74-pgsql-debuginfo-7.4.6-1.27.1
      php74-phar-7.4.6-1.27.1
      php74-phar-debuginfo-7.4.6-1.27.1
      php74-posix-7.4.6-1.27.1
      php74-posix-debuginfo-7.4.6-1.27.1
      php74-readline-7.4.6-1.27.1
      php74-readline-debuginfo-7.4.6-1.27.1
      php74-shmop-7.4.6-1.27.1
      php74-shmop-debuginfo-7.4.6-1.27.1
      php74-snmp-7.4.6-1.27.1
      php74-snmp-debuginfo-7.4.6-1.27.1
      php74-soap-7.4.6-1.27.1
      php74-soap-debuginfo-7.4.6-1.27.1
      php74-sockets-7.4.6-1.27.1
      php74-sockets-debuginfo-7.4.6-1.27.1
      php74-sodium-7.4.6-1.27.1
      php74-sodium-debuginfo-7.4.6-1.27.1
      php74-sqlite-7.4.6-1.27.1
      php74-sqlite-debuginfo-7.4.6-1.27.1
      php74-sysvmsg-7.4.6-1.27.1
      php74-sysvmsg-debuginfo-7.4.6-1.27.1
      php74-sysvsem-7.4.6-1.27.1
      php74-sysvsem-debuginfo-7.4.6-1.27.1
      php74-sysvshm-7.4.6-1.27.1
      php74-sysvshm-debuginfo-7.4.6-1.27.1
      php74-tidy-7.4.6-1.27.1
      php74-tidy-debuginfo-7.4.6-1.27.1
      php74-tokenizer-7.4.6-1.27.1
      php74-tokenizer-debuginfo-7.4.6-1.27.1
      php74-xmlreader-7.4.6-1.27.1
      php74-xmlreader-debuginfo-7.4.6-1.27.1
      php74-xmlrpc-7.4.6-1.27.1
      php74-xmlrpc-debuginfo-7.4.6-1.27.1
      php74-xmlwriter-7.4.6-1.27.1
      php74-xmlwriter-debuginfo-7.4.6-1.27.1
      php74-xsl-7.4.6-1.27.1
      php74-xsl-debuginfo-7.4.6-1.27.1
      php74-zip-7.4.6-1.27.1
      php74-zip-debuginfo-7.4.6-1.27.1
      php74-zlib-7.4.6-1.27.1
      php74-zlib-debuginfo-7.4.6-1.27.1


References:

   https://www.suse.com/security/cve/CVE-2021-21703.html
   https://bugzilla.suse.com/1192050


From sle-updates at lists.suse.com  Fri Nov 19 14:17:45 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 15:17:45 +0100 (CET)
Subject: SUSE-SU-2021:3727-1: moderate: Security update for php72
Message-ID: <20211119141745.AFE1CFD0A@maintenance.suse.de>


   SUSE Security Update: Security update for php72
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3727-1
Rating:             moderate
References:         #1192050 
Cross-References:   CVE-2021-21703
CVSS scores:
                    CVE-2021-21703 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-21703 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Module for Web Scripting 12
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for php72 fixes the following issues:

   - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM
     (bsc#1192050).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3727=1

   - SUSE Linux Enterprise Module for Web Scripting 12:

      zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-3727=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      php72-debuginfo-7.2.5-1.72.1
      php72-debugsource-7.2.5-1.72.1
      php72-devel-7.2.5-1.72.1

   - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):

      apache2-mod_php72-7.2.5-1.72.1
      apache2-mod_php72-debuginfo-7.2.5-1.72.1
      php72-7.2.5-1.72.1
      php72-bcmath-7.2.5-1.72.1
      php72-bcmath-debuginfo-7.2.5-1.72.1
      php72-bz2-7.2.5-1.72.1
      php72-bz2-debuginfo-7.2.5-1.72.1
      php72-calendar-7.2.5-1.72.1
      php72-calendar-debuginfo-7.2.5-1.72.1
      php72-ctype-7.2.5-1.72.1
      php72-ctype-debuginfo-7.2.5-1.72.1
      php72-curl-7.2.5-1.72.1
      php72-curl-debuginfo-7.2.5-1.72.1
      php72-dba-7.2.5-1.72.1
      php72-dba-debuginfo-7.2.5-1.72.1
      php72-debuginfo-7.2.5-1.72.1
      php72-debugsource-7.2.5-1.72.1
      php72-dom-7.2.5-1.72.1
      php72-dom-debuginfo-7.2.5-1.72.1
      php72-enchant-7.2.5-1.72.1
      php72-enchant-debuginfo-7.2.5-1.72.1
      php72-exif-7.2.5-1.72.1
      php72-exif-debuginfo-7.2.5-1.72.1
      php72-fastcgi-7.2.5-1.72.1
      php72-fastcgi-debuginfo-7.2.5-1.72.1
      php72-fileinfo-7.2.5-1.72.1
      php72-fileinfo-debuginfo-7.2.5-1.72.1
      php72-fpm-7.2.5-1.72.1
      php72-fpm-debuginfo-7.2.5-1.72.1
      php72-ftp-7.2.5-1.72.1
      php72-ftp-debuginfo-7.2.5-1.72.1
      php72-gd-7.2.5-1.72.1
      php72-gd-debuginfo-7.2.5-1.72.1
      php72-gettext-7.2.5-1.72.1
      php72-gettext-debuginfo-7.2.5-1.72.1
      php72-gmp-7.2.5-1.72.1
      php72-gmp-debuginfo-7.2.5-1.72.1
      php72-iconv-7.2.5-1.72.1
      php72-iconv-debuginfo-7.2.5-1.72.1
      php72-imap-7.2.5-1.72.1
      php72-imap-debuginfo-7.2.5-1.72.1
      php72-intl-7.2.5-1.72.1
      php72-intl-debuginfo-7.2.5-1.72.1
      php72-json-7.2.5-1.72.1
      php72-json-debuginfo-7.2.5-1.72.1
      php72-ldap-7.2.5-1.72.1
      php72-ldap-debuginfo-7.2.5-1.72.1
      php72-mbstring-7.2.5-1.72.1
      php72-mbstring-debuginfo-7.2.5-1.72.1
      php72-mysql-7.2.5-1.72.1
      php72-mysql-debuginfo-7.2.5-1.72.1
      php72-odbc-7.2.5-1.72.1
      php72-odbc-debuginfo-7.2.5-1.72.1
      php72-opcache-7.2.5-1.72.1
      php72-opcache-debuginfo-7.2.5-1.72.1
      php72-openssl-7.2.5-1.72.1
      php72-openssl-debuginfo-7.2.5-1.72.1
      php72-pcntl-7.2.5-1.72.1
      php72-pcntl-debuginfo-7.2.5-1.72.1
      php72-pdo-7.2.5-1.72.1
      php72-pdo-debuginfo-7.2.5-1.72.1
      php72-pgsql-7.2.5-1.72.1
      php72-pgsql-debuginfo-7.2.5-1.72.1
      php72-phar-7.2.5-1.72.1
      php72-phar-debuginfo-7.2.5-1.72.1
      php72-posix-7.2.5-1.72.1
      php72-posix-debuginfo-7.2.5-1.72.1
      php72-pspell-7.2.5-1.72.1
      php72-pspell-debuginfo-7.2.5-1.72.1
      php72-readline-7.2.5-1.72.1
      php72-readline-debuginfo-7.2.5-1.72.1
      php72-shmop-7.2.5-1.72.1
      php72-shmop-debuginfo-7.2.5-1.72.1
      php72-snmp-7.2.5-1.72.1
      php72-snmp-debuginfo-7.2.5-1.72.1
      php72-soap-7.2.5-1.72.1
      php72-soap-debuginfo-7.2.5-1.72.1
      php72-sockets-7.2.5-1.72.1
      php72-sockets-debuginfo-7.2.5-1.72.1
      php72-sodium-7.2.5-1.72.1
      php72-sodium-debuginfo-7.2.5-1.72.1
      php72-sqlite-7.2.5-1.72.1
      php72-sqlite-debuginfo-7.2.5-1.72.1
      php72-sysvmsg-7.2.5-1.72.1
      php72-sysvmsg-debuginfo-7.2.5-1.72.1
      php72-sysvsem-7.2.5-1.72.1
      php72-sysvsem-debuginfo-7.2.5-1.72.1
      php72-sysvshm-7.2.5-1.72.1
      php72-sysvshm-debuginfo-7.2.5-1.72.1
      php72-tidy-7.2.5-1.72.1
      php72-tidy-debuginfo-7.2.5-1.72.1
      php72-tokenizer-7.2.5-1.72.1
      php72-tokenizer-debuginfo-7.2.5-1.72.1
      php72-wddx-7.2.5-1.72.1
      php72-wddx-debuginfo-7.2.5-1.72.1
      php72-xmlreader-7.2.5-1.72.1
      php72-xmlreader-debuginfo-7.2.5-1.72.1
      php72-xmlrpc-7.2.5-1.72.1
      php72-xmlrpc-debuginfo-7.2.5-1.72.1
      php72-xmlwriter-7.2.5-1.72.1
      php72-xmlwriter-debuginfo-7.2.5-1.72.1
      php72-xsl-7.2.5-1.72.1
      php72-xsl-debuginfo-7.2.5-1.72.1
      php72-zip-7.2.5-1.72.1
      php72-zip-debuginfo-7.2.5-1.72.1
      php72-zlib-7.2.5-1.72.1
      php72-zlib-debuginfo-7.2.5-1.72.1

   - SUSE Linux Enterprise Module for Web Scripting 12 (noarch):

      php72-pear-7.2.5-1.72.1
      php72-pear-Archive_Tar-7.2.5-1.72.1


References:

   https://www.suse.com/security/cve/CVE-2021-21703.html
   https://bugzilla.suse.com/1192050


From sle-updates at lists.suse.com  Fri Nov 19 17:18:20 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 18:18:20 +0100 (CET)
Subject: SUSE-RU-2021:3731-1: moderate: Recommended update for spack
Message-ID: <20211119171820.7D183FD2F@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for spack
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3731-1
Rating:             moderate
References:         #1191395 
Affected Products:
                    SUSE Linux Enterprise Module for HPC 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for spack fixes the following issues:

   - Make sure modules are not called recursively even if modules are loaded
     in an out-of-order fashion from python-Sphinx.
   - Fix typo to export prefix in patch. (bsc#1191395)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for HPC 15-SP3:

      zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2021-3731=1



Package List:

   - SUSE Linux Enterprise Module for HPC 15-SP3 (noarch):

      spack-0.16.1-5.3.1
      spack-info-0.16.1-5.3.1
      spack-man-0.16.1-5.3.1
      spack-recipes-0.16.1-5.3.1


References:

   https://bugzilla.suse.com/1191395


From sle-updates at lists.suse.com  Fri Nov 19 17:19:34 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 18:19:34 +0100 (CET)
Subject: SUSE-RU-2021:3730-1: important: Recommended update for
 SLES12-SP4-SLES15-Migration
Message-ID: <20211119171934.57BBBFD2F@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for SLES12-SP4-SLES15-Migration
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3730-1
Rating:             important
References:         
Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that has 0 recommended fixes can now be installed.

Description:

   This update for SLES12-SP4-SLES15-Migration fixes the following issues:

   - Refreshed the migration image with the latest changes to
     suse-migration-sle15-activation


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-3730=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      SLES15-Migration-2.0.32-6


References:



From sle-updates at lists.suse.com  Fri Nov 19 17:21:59 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 18:21:59 +0100 (CET)
Subject: SUSE-RU-2021:3732-1: moderate: Recommended update for crash
Message-ID: <20211119172159.A8C0AFD2F@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for crash
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3732-1
Rating:             moderate
References:         #1190743 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for crash fixes the following issues:

   - Running 'mod -s|-S' may fail to find or load the module's object
     (bsc#1190743).


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3732=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3732=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      crash-debuginfo-7.2.1-8.14.1
      crash-debugsource-7.2.1-8.14.1
      crash-devel-7.2.1-8.14.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      crash-7.2.1-8.14.1
      crash-debuginfo-7.2.1-8.14.1
      crash-debugsource-7.2.1-8.14.1
      crash-kmp-default-7.2.1_k4.12.14_122.91-8.14.1
      crash-kmp-default-debuginfo-7.2.1_k4.12.14_122.91-8.14.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      crash-gcore-7.2.1-8.14.1
      crash-gcore-debuginfo-7.2.1-8.14.1


References:

   https://bugzilla.suse.com/1190743


From sle-updates at lists.suse.com  Fri Nov 19 17:23:18 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 18:23:18 +0100 (CET)
Subject: SUSE-SU-2021:3729-1: moderate: Security update for ardana-ansible,
 ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder,
 openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates,
 openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp,
 openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma
Message-ID: <20211119172318.7FE40FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3729-1
Rating:             moderate
References:         #1180837 #1185836 #1186868 #1189052 #1191681 
                    SOC-11543 
Cross-References:   CVE-2020-26298 CVE-2021-21419 CVE-2021-22141
                    CVE-2021-41136
CVSS scores:
                    CVE-2020-26298 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
                    CVE-2020-26298 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
                    CVE-2021-21419 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-21419 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-22141 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2021-41136 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
                    CVE-2021-41136 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud 9
______________________________________________________________________________

   An update that solves four vulnerabilities, contains one
   feature and has one errata is now available.

Description:

   This update for ardana-ansible, ardana-monasca, crowbar-openstack,
   influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp,
   openstack-heat-templates, openstack-horizon-plugin-gbp-ui,
   openstack-keystone, openstack-neutron-gbp, openstack-nova,
   python-eventlet, rubygem-redcarpet, rubygem-puma contains the following
   fixes:

   Security fixes included in this update:

   kibana: CVE-2021-22141: Fixed URL redirection flaw (bsc#1186868).

   python-eventlet: CVE-2021-21419: Fixed improper handling of highly
   compressed data and memory allocation with excessive size value.
   (bsc#1185836)

   rubygem-redcarpet: CVE-2020-26298: Fixed XSS via HTML escaping when
   processing quotes. (bsc#1180837)

   rubygem-puma: CVE-2021-41136: Fixes build of the Java state machine for
   parsing HTTP. (bsc#1191681)

   Non-security fixes included in this update:

   Changes in ardana-ansible:
     * Patch service.py to skip blank lines.

   Changes in ardana-monasca:
     * Use specific TLS versions for monasca-thresh DB connections.
       (SOC-11543)

   Changes in crowbar-openstack:
     * keystone wakeup: get new session on any error. (bsc#1189052)

   Changes in influxdb:
   - Set GO111MODULE=auto to fix build with go1.16 and later where default is
     GO111MODULE=on

   Canges in kibana:
     - Fix an open redirect flaw. (CVE-2021-22141, bsc#1186868)

   Changes in openstack-cinder:
     * Fix typo in Dell EMC Unity driver documentation.
     * Drop lower-constraints job.
     * [stable-only] Cap bandit to v1.6.2 and fix constraints.

   Changes in openstack-ec2-api:
     * Remove jobs corresponds to obselete featuresets.
     * OpenDev Migration Patch.

   Changes in openstack-heat-gbp:
     * Add support for Wallaby.
     * Fix upstream gate.

   Changes in openstack-heat-templates:
     * [ussuri][goal] Update contributor documentation.
     * Fix zuul config for heat-templates-check.
     * Remove testr.

   Changes in openstack-horizon-plugin-gbp-ui:
     * Add support for Wallaby.
     * Fix upstream gate.

   Changes in openstack-keystone:
     * Retry update\_user when sqlalchemy raises StaleDataErrors.
     * Pin keystone-tempest-plugin for py27 compatibility.

   Changes in openstack-neutron-gbp:
     * Fix update router API.
     * Fix HA IP DB migration.
     * Revert "Fix HA IP DB migration".
     * Fix HA IP DB migration.
     * Add network\_id column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner
       table.
     * Use custom converter for extra attributes.
     * Validate network before creating or updating router.
     * Fix Data Migration query for HA IP table.
     * System security grp:Add system sg in port sg list.
     * Add vrf column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table.
     * [apic\_aim]: Fix HA IP UTs.
     * Fixing the exception msg for IPAddressGenerationFailure.
     * Enhancement regarding router/instance attachment to an external
       network floating ip and snat subnets.
     * Setting legacy-group-based-policy-dsvm-aim to non-voting gate.
     * Add support for Wallaby.
     * Bug fixes for gbp-validate.
     * [apic\_aim]: Filter endpoint details.
     * Bugfix: Policy Enforcement Pref.
     * Fix unit-tests for tenant-scope validation.
     * [AIM] Add Policy Enforcement Pref to network extension.

   Changes in openstack-nova:
     * [neutron] Get only ID and name of the SGs from Neutron.
     * Remove allocations before setting vm\_status to SHELVED\_OFFLOADED.
     * libvirt:driver:Disallow AIO=native when 'O\_DIRECT' is not available.
     * Update pci stat pools based on PCI device changes.
     * Use subqueryload() instead of joinedload() for (system\_)metadata.

   Changes in python-eventlet: Websocket: Limit maximum uncompressed frame
   length to 8MiB. (bsc#1185836 CVE-2021-21419)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3729=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3729=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      influxdb-1.3.8-4.6.1
      influxdb-debuginfo-1.3.8-4.6.1
      kibana-4.6.6-4.12.1
      kibana-debuginfo-4.6.6-4.12.1
      ruby2.1-rubygem-puma-2.16.0-4.15.1
      ruby2.1-rubygem-puma-debuginfo-2.16.0-4.15.1
      ruby2.1-rubygem-redcarpet-3.2.3-4.3.1
      ruby2.1-rubygem-redcarpet-debuginfo-3.2.3-4.3.1
      rubygem-puma-debugsource-2.16.0-4.15.1
      rubygem-redcarpet-debugsource-3.2.3-4.3.1

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      crowbar-openstack-6.0+git.1630614261.26948f746-3.37.2
      openstack-cinder-13.0.10~dev23-3.31.2
      openstack-cinder-api-13.0.10~dev23-3.31.2
      openstack-cinder-backup-13.0.10~dev23-3.31.2
      openstack-cinder-scheduler-13.0.10~dev23-3.31.2
      openstack-cinder-volume-13.0.10~dev23-3.31.2
      openstack-ec2-api-7.1.1~dev6-3.3.2
      openstack-ec2-api-api-7.1.1~dev6-3.3.2
      openstack-ec2-api-metadata-7.1.1~dev6-3.3.2
      openstack-ec2-api-s3-7.1.1~dev6-3.3.2
      openstack-heat-gbp-12.0.1~dev4-3.6.1
      openstack-heat-templates-0.0.0+git.1628179051.7d761bff-3.12.1
      openstack-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1
      openstack-keystone-14.2.1~dev7-3.25.2
      openstack-neutron-gbp-14.0.1~dev19-3.28.1
      openstack-nova-18.3.1~dev91-3.40.1
      openstack-nova-api-18.3.1~dev91-3.40.1
      openstack-nova-cells-18.3.1~dev91-3.40.1
      openstack-nova-compute-18.3.1~dev91-3.40.1
      openstack-nova-conductor-18.3.1~dev91-3.40.1
      openstack-nova-console-18.3.1~dev91-3.40.1
      openstack-nova-novncproxy-18.3.1~dev91-3.40.1
      openstack-nova-placement-api-18.3.1~dev91-3.40.1
      openstack-nova-scheduler-18.3.1~dev91-3.40.1
      openstack-nova-serialproxy-18.3.1~dev91-3.40.1
      openstack-nova-vncproxy-18.3.1~dev91-3.40.1
      python-cinder-13.0.10~dev23-3.31.2
      python-ec2api-7.1.1~dev6-3.3.2
      python-eventlet-0.20.0-8.3.1
      python-heat-gbp-12.0.1~dev4-3.6.1
      python-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1
      python-keystone-14.2.1~dev7-3.25.2
      python-neutron-gbp-14.0.1~dev19-3.28.1
      python-nova-18.3.1~dev91-3.40.1

   - SUSE OpenStack Cloud 9 (x86_64):

      influxdb-1.3.8-4.6.1
      influxdb-debuginfo-1.3.8-4.6.1
      kibana-4.6.6-4.12.1
      kibana-debuginfo-4.6.6-4.12.1

   - SUSE OpenStack Cloud 9 (noarch):

      ardana-ansible-9.0+git.1628097238.f6cbb0e-3.29.1
      ardana-monasca-9.0+git.1627995376.30bdf85-3.25.1
      openstack-cinder-13.0.10~dev23-3.31.2
      openstack-cinder-api-13.0.10~dev23-3.31.2
      openstack-cinder-backup-13.0.10~dev23-3.31.2
      openstack-cinder-scheduler-13.0.10~dev23-3.31.2
      openstack-cinder-volume-13.0.10~dev23-3.31.2
      openstack-ec2-api-7.1.1~dev6-3.3.2
      openstack-ec2-api-api-7.1.1~dev6-3.3.2
      openstack-ec2-api-metadata-7.1.1~dev6-3.3.2
      openstack-ec2-api-s3-7.1.1~dev6-3.3.2
      openstack-heat-gbp-12.0.1~dev4-3.6.1
      openstack-heat-templates-0.0.0+git.1628179051.7d761bff-3.12.1
      openstack-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1
      openstack-keystone-14.2.1~dev7-3.25.2
      openstack-neutron-gbp-14.0.1~dev19-3.28.1
      openstack-nova-18.3.1~dev91-3.40.1
      openstack-nova-api-18.3.1~dev91-3.40.1
      openstack-nova-cells-18.3.1~dev91-3.40.1
      openstack-nova-compute-18.3.1~dev91-3.40.1
      openstack-nova-conductor-18.3.1~dev91-3.40.1
      openstack-nova-console-18.3.1~dev91-3.40.1
      openstack-nova-novncproxy-18.3.1~dev91-3.40.1
      openstack-nova-placement-api-18.3.1~dev91-3.40.1
      openstack-nova-scheduler-18.3.1~dev91-3.40.1
      openstack-nova-serialproxy-18.3.1~dev91-3.40.1
      openstack-nova-vncproxy-18.3.1~dev91-3.40.1
      python-cinder-13.0.10~dev23-3.31.2
      python-ec2api-7.1.1~dev6-3.3.2
      python-eventlet-0.20.0-8.3.1
      python-heat-gbp-12.0.1~dev4-3.6.1
      python-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1
      python-keystone-14.2.1~dev7-3.25.2
      python-neutron-gbp-14.0.1~dev19-3.28.1
      python-nova-18.3.1~dev91-3.40.1
      venv-openstack-barbican-x86_64-7.0.1~dev24-3.25.1
      venv-openstack-cinder-x86_64-13.0.10~dev23-3.28.1
      venv-openstack-designate-x86_64-7.0.2~dev2-3.25.1
      venv-openstack-glance-x86_64-17.0.1~dev30-3.23.1
      venv-openstack-heat-x86_64-11.0.4~dev4-3.25.1
      venv-openstack-horizon-x86_64-14.1.1~dev11-4.29.1
      venv-openstack-ironic-x86_64-11.1.5~dev17-4.23.1
      venv-openstack-keystone-x86_64-14.2.1~dev7-3.26.1
      venv-openstack-magnum-x86_64-7.2.1~dev1-4.25.1
      venv-openstack-manila-x86_64-7.4.2~dev60-3.31.1
      venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.25.1
      venv-openstack-monasca-x86_64-2.7.1~dev10-3.23.1
      venv-openstack-neutron-x86_64-13.0.8~dev164-6.29.1
      venv-openstack-nova-x86_64-18.3.1~dev91-3.29.1
      venv-openstack-octavia-x86_64-3.2.3~dev7-4.25.1
      venv-openstack-sahara-x86_64-9.0.2~dev15-3.25.1
      venv-openstack-swift-x86_64-2.19.2~dev48-2.20.1


References:

   https://www.suse.com/security/cve/CVE-2020-26298.html
   https://www.suse.com/security/cve/CVE-2021-21419.html
   https://www.suse.com/security/cve/CVE-2021-22141.html
   https://www.suse.com/security/cve/CVE-2021-41136.html
   https://bugzilla.suse.com/1180837
   https://bugzilla.suse.com/1185836
   https://bugzilla.suse.com/1186868
   https://bugzilla.suse.com/1189052
   https://bugzilla.suse.com/1191681


From sle-updates at lists.suse.com  Fri Nov 19 17:25:05 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 18:25:05 +0100 (CET)
Subject: SUSE-SU-2021:3728-1: moderate: Security update for ardana-ansible,
 ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api,
 openstack-heat-templates, python-Django, python-monasca-common,
 rubygem-redcarpet, rubygem-puma
Message-ID: <20211119172505.8FD46FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3728-1
Rating:             moderate
References:         #1180837 #1191681 SOC-11543 
Cross-References:   CVE-2020-26298 CVE-2021-41136
CVSS scores:
                    CVE-2020-26298 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
                    CVE-2020-26298 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
                    CVE-2021-41136 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
                    CVE-2021-41136 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Affected Products:
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 8
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that fixes two vulnerabilities, contains one
   feature is now available.

Description:

   This update for ardana-ansible, ardana-monasca,
   documentation-suse-openstack-cloud, openstack-ec2-api,
   openstack-heat-templates, python-Django, python-monasca-common,
   rubygem-redcarpet, rubygem-puma contains the following fixes:

   Security fixes included in this update:

   rubygem-redcarpet: CVE-2020-26298: Fixed XSS via HTML escaping when
   processing quotes. (bsc#1180837)

   rubygem-puma: CVE-2021-41136: Fixed build of the Java state machine for
   parsing HTTP. (bsc#1191681)

   Non-security fixes included in this update:

   Changes in ardana-ansible:
     * Patch service.py to skip blank lines.

   Changes in ardana-monasca:
     * Use specific TLS versions for monasca-thresh DB connections.
       (SOC-11543)

   Changes in documentation-suse-openstack-cloud:
     * CI: only run on DocBook/AsciiDoc paths, make upload fails nonfatal
     * DC files: Update to 2021 stylesheets (#1327)
     * CI: Use GitHub Actions

   Changes in openstack-ec2-api:
     * Remove jobs corresponds to obselete featuresets
     * OpenDev Migration Patch

   Changes in openstack-heat-templates:
     * [ussuri][goal] Update contributor documentation

   Changes in python-Django:
   - Add missing dependency for CVE-2021-31542

   Changes in python-monasca-common:
   - Remove renderspec source service.
   - Retry publish once on failures. (SOC-11543)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3728=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3728=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3728=1



Package List:

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      documentation-suse-openstack-cloud-deployment-8.20210806-1.35.1
      documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1
      documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1
      documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1
      openstack-ec2-api-5.0.1~dev12-4.9.1
      openstack-ec2-api-api-5.0.1~dev12-4.9.1
      openstack-ec2-api-metadata-5.0.1~dev12-4.9.1
      openstack-ec2-api-s3-5.0.1~dev12-4.9.1
      openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1
      python-Django-1.11.29-3.28.1
      python-ec2api-5.0.1~dev12-4.9.1
      python-monasca-common-2.3.1~dev4-4.9.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      ruby2.1-rubygem-puma-2.16.0-3.15.1
      ruby2.1-rubygem-puma-debuginfo-2.16.0-3.15.1
      ruby2.1-rubygem-redcarpet-3.2.3-3.3.1
      ruby2.1-rubygem-redcarpet-debuginfo-3.2.3-3.3.1
      rubygem-puma-debugsource-2.16.0-3.15.1
      rubygem-redcarpet-debugsource-3.2.3-3.3.1

   - SUSE OpenStack Cloud 8 (noarch):

      ardana-ansible-8.0+git.1632499354.a56668f-3.82.1
      ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1
      documentation-suse-openstack-cloud-installation-8.20210806-1.35.1
      documentation-suse-openstack-cloud-operations-8.20210806-1.35.1
      documentation-suse-openstack-cloud-opsconsole-8.20210806-1.35.1
      documentation-suse-openstack-cloud-planning-8.20210806-1.35.1
      documentation-suse-openstack-cloud-security-8.20210806-1.35.1
      documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1
      documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1
      documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1
      documentation-suse-openstack-cloud-user-8.20210806-1.35.1
      openstack-ec2-api-5.0.1~dev12-4.9.1
      openstack-ec2-api-api-5.0.1~dev12-4.9.1
      openstack-ec2-api-metadata-5.0.1~dev12-4.9.1
      openstack-ec2-api-s3-5.0.1~dev12-4.9.1
      openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1
      python-Django-1.11.29-3.28.1
      python-ec2api-5.0.1~dev12-4.9.1
      python-monasca-common-2.3.1~dev4-4.9.1
      venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1
      venv-openstack-horizon-x86_64-12.0.5~dev6-14.38.2
      venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1

   - HPE Helion Openstack 8 (noarch):

      ardana-ansible-8.0+git.1632499354.a56668f-3.82.1
      ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1
      documentation-hpe-helion-openstack-installation-8.20210806-1.35.1
      documentation-hpe-helion-openstack-operations-8.20210806-1.35.1
      documentation-hpe-helion-openstack-opsconsole-8.20210806-1.35.1
      documentation-hpe-helion-openstack-planning-8.20210806-1.35.1
      documentation-hpe-helion-openstack-security-8.20210806-1.35.1
      documentation-hpe-helion-openstack-user-8.20210806-1.35.1
      openstack-ec2-api-5.0.1~dev12-4.9.1
      openstack-ec2-api-api-5.0.1~dev12-4.9.1
      openstack-ec2-api-metadata-5.0.1~dev12-4.9.1
      openstack-ec2-api-s3-5.0.1~dev12-4.9.1
      openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1
      python-Django-1.11.29-3.28.1
      python-ec2api-5.0.1~dev12-4.9.1
      python-monasca-common-2.3.1~dev4-4.9.1
      venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1
      venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.38.1
      venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1


References:

   https://www.suse.com/security/cve/CVE-2020-26298.html
   https://www.suse.com/security/cve/CVE-2021-41136.html
   https://bugzilla.suse.com/1180837
   https://bugzilla.suse.com/1191681


From sle-updates at lists.suse.com  Fri Nov 19 20:18:17 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 21:18:17 +0100 (CET)
Subject: SUSE-SU-2021:3735-1: important: Security update for the Linux Kernel
 (Live Patch 15 for SLE 12 SP5)
Message-ID: <20211119201817.953B0FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP5)
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3735-1
Rating:             important
References:         #1190432 #1191318 #1192042 
Cross-References:   CVE-2021-0935 CVE-2021-3752 CVE-2021-41864
                   
CVSS scores:
                    CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for the Linux Kernel 4.12.14-122_60 fixes several issues.

   The following security issues were fixed:

   - CVE-2021-0935: Fixed use after free that could lead to local escalation
     of privilege in ip6_xmit of ip6_output.c (bsc#1192042).
   - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf
     module (bsc#1190432).
   - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds
     write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c
     (bsc#1191318).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-3736=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-3735=1

   - SUSE Linux Enterprise Live Patching 12-SP4:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-3734=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):

      kernel-livepatch-4_12_14-150_66-default-12-2.2
      kernel-livepatch-4_12_14-150_66-default-debuginfo-12-2.2

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kgraft-patch-4_12_14-122_60-default-12-2.2

   - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):

      kgraft-patch-4_12_14-95_74-default-8-2.2


References:

   https://www.suse.com/security/cve/CVE-2021-0935.html
   https://www.suse.com/security/cve/CVE-2021-3752.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://bugzilla.suse.com/1190432
   https://bugzilla.suse.com/1191318
   https://bugzilla.suse.com/1192042


From sle-updates at lists.suse.com  Fri Nov 19 20:19:55 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 21:19:55 +0100 (CET)
Subject: SUSE-SU-2021:3747-1: important: Security update for samba
Message-ID: <20211119201955.E59C8FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3747-1
Rating:             important
References:         #1014440 #1192284 
Cross-References:   CVE-2016-2124 CVE-2020-25717
CVSS scores:
                    CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Linux Enterprise High Availability 15
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for samba fixes the following issues:

   - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
     require kerberos (bsc#1014440).
   - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
     user could become root on domain members (bsc#1192284).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3747=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3747=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3747=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3747=1

   - SUSE Linux Enterprise High Availability 15:

      zypper in -t patch SUSE-SLE-Product-HA-15-2021-3747=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      libdcerpc-binding0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-binding0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-policy-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-policy0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-core-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-debugsource-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1

   - SUSE Linux Enterprise Server for SAP 15 (x86_64):

      libdcerpc-binding0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-binding0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      libdcerpc-binding0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-binding0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-policy-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-policy0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-core-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-debugsource-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      libdcerpc-binding0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-binding0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-policy-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-policy0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-core-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-debugsource-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):

      libdcerpc-binding0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-binding0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      libdcerpc-binding0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-binding0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-samr0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-policy-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-policy0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-core-devel-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-debugsource-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):

      libdcerpc-binding0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc-binding0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libdcerpc0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-krb5pac0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-nbt0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr-standard0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libndr0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libnetapi0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-credentials0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-errors0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-passdb0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamba-util0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsamdb0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbclient0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbconf0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libsmbldap2-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libtevent-util0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      libwbclient0-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-client-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-libs-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-32bit-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-winbind-32bit-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1

   - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):

      ctdb-4.7.11+git.352.41e30c5a0f7-4.57.1
      ctdb-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-debuginfo-4.7.11+git.352.41e30c5a0f7-4.57.1
      samba-debugsource-4.7.11+git.352.41e30c5a0f7-4.57.1


References:

   https://www.suse.com/security/cve/CVE-2016-2124.html
   https://www.suse.com/security/cve/CVE-2020-25717.html
   https://bugzilla.suse.com/1014440
   https://bugzilla.suse.com/1192284


From sle-updates at lists.suse.com  Fri Nov 19 20:21:25 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 21:21:25 +0100 (CET)
Subject: SUSE-SU-2021:3737-1: important: Security update for the Linux Kernel
 (Live Patch 10 for SLE 15 SP2)
Message-ID: <20211119202125.1C6F3FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP2)
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3737-1
Rating:             important
References:         #1190432 #1191318 
Cross-References:   CVE-2021-3752 CVE-2021-41864
CVSS scores:
                    CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for the Linux Kernel 5.3.18-24_49 fixes several issues.

   The following security issues were fixed:

   - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf
     module (bsc#1190432).
   - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds
     write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c
     (bsc#1191318).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3737=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):

      kernel-livepatch-5_3_18-24_49-default-12-2.2
      kernel-livepatch-5_3_18-24_49-default-debuginfo-12-2.2
      kernel-livepatch-SLE15-SP2_Update_10-debugsource-12-2.2


References:

   https://www.suse.com/security/cve/CVE-2021-3752.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://bugzilla.suse.com/1190432
   https://bugzilla.suse.com/1191318


From sle-updates at lists.suse.com  Fri Nov 19 20:22:59 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 21:22:59 +0100 (CET)
Subject: SUSE-SU-2021:3746-1: important: Security update for samba
Message-ID: <20211119202259.47A55FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3746-1
Rating:             important
References:         #1014440 #1192284 
Cross-References:   CVE-2016-2124 CVE-2020-25717
CVSS scores:
                    CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise High Availability 12-SP4
                    SUSE Linux Enterprise High Availability 12-SP3
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for samba fixes the following issues:

   - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
     require kerberos (bsc#1014440).
   - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
     user could become root on domain members (bsc#1192284).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3746=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3746=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3746=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3746=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3746=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3746=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3746=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3746=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3746=1

   - SUSE Linux Enterprise High Availability 12-SP4:

      zypper in -t patch SUSE-SLE-HA-12-SP4-2021-3746=1

   - SUSE Linux Enterprise High Availability 12-SP3:

      zypper in -t patch SUSE-SLE-HA-12-SP3-2021-3746=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3746=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      samba-doc-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      libdcerpc-binding0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      samba-doc-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      libdcerpc-binding0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE OpenStack Cloud 9 (x86_64):

      libdcerpc-binding0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE OpenStack Cloud 9 (noarch):

      samba-doc-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE OpenStack Cloud 8 (x86_64):

      libdcerpc-binding0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE OpenStack Cloud 8 (noarch):

      samba-doc-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      libdcerpc-binding0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):

      samba-doc-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):

      libdcerpc-binding0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      libdcerpc-binding0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):

      libdcerpc-binding0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):

      samba-doc-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      libdcerpc-binding0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):

      libdcerpc-binding0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):

      samba-doc-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      libdcerpc-binding0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):

      libdcerpc-binding0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):

      samba-doc-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      libdcerpc-binding0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise Server 12-SP3-BCL (noarch):

      samba-doc-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):

      ctdb-4.6.16+git.307.b3899d08cc6-3.64.2
      ctdb-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2

   - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):

      ctdb-4.6.16+git.307.b3899d08cc6-3.64.2
      ctdb-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2

   - HPE Helion Openstack 8 (x86_64):

      libdcerpc-binding0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc-binding0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libdcerpc0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-krb5pac0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-nbt0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr-standard0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libndr0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libnetapi0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-credentials0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-errors0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-hostconfig0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-passdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamba-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsamdb0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbconf0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libsmbldap0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libtevent-util0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      libwbclient0-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-client-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-debugsource-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-libs-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-32bit-4.6.16+git.307.b3899d08cc6-3.64.2
      samba-winbind-debuginfo-4.6.16+git.307.b3899d08cc6-3.64.2

   - HPE Helion Openstack 8 (noarch):

      samba-doc-4.6.16+git.307.b3899d08cc6-3.64.2


References:

   https://www.suse.com/security/cve/CVE-2016-2124.html
   https://www.suse.com/security/cve/CVE-2020-25717.html
   https://bugzilla.suse.com/1014440
   https://bugzilla.suse.com/1192284


From sle-updates at lists.suse.com  Fri Nov 19 20:24:32 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 21:24:32 +0100 (CET)
Subject: SUSE-SU-2021:3743-1: important: Security update for the Linux Kernel
 (Live Patch 7 for SLE 15 SP3)
Message-ID: <20211119202432.96172FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP3)
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3743-1
Rating:             important
References:         #1191318 
Cross-References:   CVE-2021-41864
CVSS scores:
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP3
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for the Linux Kernel 5.3.18-59_27 fixes one issue.

   The following security issue was fixed:

   - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds
     write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c
     (bsc#1191318).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3743=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3744=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):

      kernel-livepatch-5_3_18-59_27-default-2-2.2

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):

      kernel-livepatch-5_3_18-24_86-default-2-2.3
      kernel-livepatch-5_3_18-24_86-default-debuginfo-2-2.3
      kernel-livepatch-SLE15-SP2_Update_20-debugsource-2-2.3


References:

   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://bugzilla.suse.com/1191318


From sle-updates at lists.suse.com  Fri Nov 19 20:25:53 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 21:25:53 +0100 (CET)
Subject: SUSE-SU-2021:3745-1: important: Security update for MozillaFirefox
Message-ID: <20211119202553.E4022FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3745-1
Rating:             important
References:         #1192250 
Cross-References:   CVE-2021-38503 CVE-2021-38504 CVE-2021-38505
                    CVE-2021-38506 CVE-2021-38507 CVE-2021-38508
                    CVE-2021-38509 CVE-2021-38510
Affected Products:
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP3
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP2
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:

   This update for MozillaFirefox fixes the following issues:

   MozillaFirefox was updated to Extended Support Release 91.3.0 ESR

   * Fixed: Various stability, functionality, and security fixes

   MFSA 2021-49 (bsc#1192250)

     * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
     * CVE-2021-38504: Use-after-free in file picker dialog
     * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive
       user data
     * CVE-2021-38506: Firefox could be coaxed into going into fullscreen
       mode without notification or warning
     * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to
       bypass the Same-Origin-Policy on services hosted on other ports
     * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
       confusion and potential spoofing
     * CVE-2021-38509: Javascript alert box could have been spoofed onto an
       arbitrary domain
     * CVE-2021-38510: Download Protections were bypassed by .inetloc files
       on Mac OS
     * MOZ-2021-0008: Use-after-free in HTTP2 Session object
     * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR
       91.3


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3745=1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3745=1



Package List:

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      MozillaFirefox-91.3.0-152.6.1
      MozillaFirefox-debuginfo-91.3.0-152.6.1
      MozillaFirefox-debugsource-91.3.0-152.6.1
      MozillaFirefox-translations-common-91.3.0-152.6.1
      MozillaFirefox-translations-other-91.3.0-152.6.1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64):

      MozillaFirefox-devel-91.3.0-152.6.1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64):

      MozillaFirefox-91.3.0-152.6.1
      MozillaFirefox-debuginfo-91.3.0-152.6.1
      MozillaFirefox-debugsource-91.3.0-152.6.1
      MozillaFirefox-devel-91.3.0-152.6.1
      MozillaFirefox-translations-common-91.3.0-152.6.1
      MozillaFirefox-translations-other-91.3.0-152.6.1


References:

   https://www.suse.com/security/cve/CVE-2021-38503.html
   https://www.suse.com/security/cve/CVE-2021-38504.html
   https://www.suse.com/security/cve/CVE-2021-38505.html
   https://www.suse.com/security/cve/CVE-2021-38506.html
   https://www.suse.com/security/cve/CVE-2021-38507.html
   https://www.suse.com/security/cve/CVE-2021-38508.html
   https://www.suse.com/security/cve/CVE-2021-38509.html
   https://www.suse.com/security/cve/CVE-2021-38510.html
   https://bugzilla.suse.com/1192250


From sle-updates at lists.suse.com  Fri Nov 19 20:27:22 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 21:27:22 +0100 (CET)
Subject: SUSE-SU-2021:3742-1: important: Security update for the Linux Kernel
 (Live Patch 5 for SLE 15 SP3)
Message-ID: <20211119202722.3BDEFFD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP3)
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3742-1
Rating:             important
References:         #1191318 #1191646 
Cross-References:   CVE-2021-34866 CVE-2021-41864
CVSS scores:
                    CVE-2021-34866 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP3
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for the Linux Kernel 5.3.18-59_19 fixes several issues.

   The following security issues were fixed:

   - CVE-2021-34866: Fixed possible eBPF Type Confusion privilege escalation
     vulnerability via eBPF type confusion (bsc#1191646).
   - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds
     write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c
     (bsc#1191318).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3739=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-3740=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-3741=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-3742=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):

      kernel-livepatch-5_3_18-59_10-default-6-2.2
      kernel-livepatch-5_3_18-59_10-default-debuginfo-6-2.2
      kernel-livepatch-5_3_18-59_16-default-5-2.2
      kernel-livepatch-5_3_18-59_16-default-debuginfo-5-2.2
      kernel-livepatch-5_3_18-59_19-default-4-2.2
      kernel-livepatch-5_3_18-59_19-default-debuginfo-4-2.2
      kernel-livepatch-5_3_18-59_5-default-6-2.2
      kernel-livepatch-5_3_18-59_5-default-debuginfo-6-2.2
      kernel-livepatch-SLE15-SP3_Update_1-debugsource-6-2.2
      kernel-livepatch-SLE15-SP3_Update_2-debugsource-6-2.2
      kernel-livepatch-SLE15-SP3_Update_4-debugsource-5-2.2
      kernel-livepatch-SLE15-SP3_Update_5-debugsource-4-2.2


References:

   https://www.suse.com/security/cve/CVE-2021-34866.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://bugzilla.suse.com/1191318
   https://bugzilla.suse.com/1191646


From sle-updates at lists.suse.com  Fri Nov 19 20:28:50 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 21:28:50 +0100 (CET)
Subject: SUSE-SU-2021:3738-1: important: Security update for the Linux Kernel
 (Live Patch 0 for SLE 15 SP3)
Message-ID: <20211119202850.D0B0BFD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3)
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3738-1
Rating:             important
References:         #1190432 #1191318 #1191646 
Cross-References:   CVE-2021-34866 CVE-2021-3752 CVE-2021-41864
                   
CVSS scores:
                    CVE-2021-34866 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP3
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for the Linux Kernel 5.3.18-57 fixes several issues.

   The following security issues were fixed:

   - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf
     module (bsc#1190432).
   - CVE-2021-34866: Fixed possible eBPF Type Confusion privilege escalation
     vulnerability via eBPF type confusion (bsc#1191646).
   - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds
     write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c
     (bsc#1191318).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3738=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):

      kernel-livepatch-5_3_18-57-default-8-3.2
      kernel-livepatch-5_3_18-57-default-debuginfo-8-3.2
      kernel-livepatch-SLE15-SP3_Update_0-debugsource-8-3.2


References:

   https://www.suse.com/security/cve/CVE-2021-34866.html
   https://www.suse.com/security/cve/CVE-2021-3752.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://bugzilla.suse.com/1190432
   https://bugzilla.suse.com/1191318
   https://bugzilla.suse.com/1191646


From sle-updates at lists.suse.com  Fri Nov 19 20:31:52 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 21:31:52 +0100 (CET)
Subject: SUSE-SU-2021:3751-1: important: Security update for the Linux Kernel
 (Live Patch 38 for SLE 12 SP3)
Message-ID: <20211119203152.F109AFD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3)
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3751-1
Rating:             important
References:         #1190432 #1192042 
Cross-References:   CVE-2021-0935 CVE-2021-3752
CVSS scores:
                    CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP3-LTSS
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for the Linux Kernel 4.4.180-94_141 fixes several issues.

   The following security issues were fixed:

   - CVE-2021-0935: Fixed use after free that could lead to local escalation
     of privilege in ip6_xmit of ip6_output.c (bsc#1192042).
   - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf
     module (bsc#1190432).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3749=1 SUSE-SLE-SAP-12-SP3-2021-3750=1 SUSE-SLE-SAP-12-SP3-2021-3751=1 SUSE-SLE-SAP-12-SP3-2021-3752=1 SUSE-SLE-SAP-12-SP3-2021-3753=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3749=1 SUSE-SLE-SERVER-12-SP3-2021-3750=1 SUSE-SLE-SERVER-12-SP3-2021-3751=1 SUSE-SLE-SERVER-12-SP3-2021-3752=1 SUSE-SLE-SERVER-12-SP3-2021-3753=1



Package List:

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      kgraft-patch-4_4_180-94_135-default-14-2.2
      kgraft-patch-4_4_180-94_135-default-debuginfo-14-2.2
      kgraft-patch-4_4_180-94_138-default-12-2.2
      kgraft-patch-4_4_180-94_138-default-debuginfo-12-2.2
      kgraft-patch-4_4_180-94_141-default-11-2.2
      kgraft-patch-4_4_180-94_141-default-debuginfo-11-2.2
      kgraft-patch-4_4_180-94_144-default-8-2.2
      kgraft-patch-4_4_180-94_144-default-debuginfo-8-2.2
      kgraft-patch-4_4_180-94_147-default-5-2.2
      kgraft-patch-4_4_180-94_147-default-debuginfo-5-2.2

   - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64):

      kgraft-patch-4_4_180-94_135-default-14-2.2
      kgraft-patch-4_4_180-94_135-default-debuginfo-14-2.2
      kgraft-patch-4_4_180-94_138-default-12-2.2
      kgraft-patch-4_4_180-94_138-default-debuginfo-12-2.2
      kgraft-patch-4_4_180-94_141-default-11-2.2
      kgraft-patch-4_4_180-94_141-default-debuginfo-11-2.2
      kgraft-patch-4_4_180-94_144-default-8-2.2
      kgraft-patch-4_4_180-94_144-default-debuginfo-8-2.2
      kgraft-patch-4_4_180-94_147-default-5-2.2
      kgraft-patch-4_4_180-94_147-default-debuginfo-5-2.2


References:

   https://www.suse.com/security/cve/CVE-2021-0935.html
   https://www.suse.com/security/cve/CVE-2021-3752.html
   https://bugzilla.suse.com/1190432
   https://bugzilla.suse.com/1192042


From sle-updates at lists.suse.com  Fri Nov 19 20:33:32 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 19 Nov 2021 21:33:32 +0100 (CET)
Subject: SUSE-SU-2021:3748-1: important: Security update for the Linux Kernel
Message-ID: <20211119203332.A1B68FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3748-1
Rating:             important
References:         #1050549 #1065729 #1085030 #1114648 #1180624 
                    #1184673 #1186063 #1186109 #1188563 #1188601 
                    #1188983 #1188985 #1190006 #1190067 #1190317 
                    #1190349 #1190397 #1190479 #1190620 #1190795 
                    #1190941 #1191241 #1191315 #1191317 #1191349 
                    #1191450 #1191452 #1191455 #1191500 #1191579 
                    #1191628 #1191662 #1191667 #1191713 #1191801 
                    #1191888 #1192145 #1192267 
Cross-References:   CVE-2018-13405 CVE-2021-33033 CVE-2021-34556
                    CVE-2021-3542 CVE-2021-35477 CVE-2021-3655
                    CVE-2021-3715 CVE-2021-37159 CVE-2021-3760
                    CVE-2021-41864 CVE-2021-42008 CVE-2021-42252
                    CVE-2021-42739
CVSS scores:
                    CVE-2018-13405 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2018-13405 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
                    CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________

   An update that solves 13 vulnerabilities and has 25 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
     (bsc#1188563).
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in
     net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the
     DOI definitions is mishandled (bsc#1186109).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
     (bsc#1186063).
   - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass
     via unprivileged BPF program that could have obtain sensitive
     information from kernel memory (bsc#1188983).
   - CVE-2021-35477: Fixed BPF stack frame pointer which could have been
     abused to disclose content of arbitrary kernel memory (bsc#1188985).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
     (bnc#1190479).
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access
     (bsc#1191315).
   - CVE-2021-37159: Fixed use-after-free and a double free inside
     hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is
     called without checking for the NETREG_REGISTERED state (bnc#1188601).



   The following non-security bugs were fixed:

   - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - NFS: Fix backport error - dir_cookie is a pointer to a u64, not a u64.
   - PM: base: power: do not try to use non-existing RTC for storing data
     (git-fixes).
   - SMB3.1.1: Fix ids returned in POSIX query dir (bsc#1190317).
   - SMB3.1.1: do not log warning message if server does not populate salt
     (bsc#1190317).
   - SMB3.1.1: fix mount failure to some servers when compression enabled
     (bsc#1190317).
   - SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot
     rsp (bsc#1190317).
   - SMB3.1.1: update comments clarifying SPNEGO info in negprot response
     (bsc#1190317).
   - SMB3: Add new info level for query directory (bsc#1190317).
   - SMB3: Add support for getting and setting SACLs (bsc#1190317).
   - SMB3: Fix mkdir when idsfromsid configured on mount (bsc#1190317).
   - SMB3: Resolve data corruption of TCP server info fields (bsc#1190317).
   - SMB3: add support for recognizing WSL reparse tags (bsc#1190317).
   - SMB3: avoid confusing warning message on mount to Azure (bsc#1190317).
   - SMB3: fix readpage for large swap cache (bsc#1190317).
   - SMB3: incorrect file id in requests compounded with open (bsc#1190317).
   - SMB3: update structures for new compression protocol definitions
     (bsc#1190317).
   - USB: cdc-acm: fix break reporting (git-fixes).
   - USB: cdc-acm: fix racy tty buffer accesses (git-fixes).
   - USB: iowarrior: fix control-message timeouts (git-fixes).
   - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
     (git-fixes).
   - USB: serial: keyspan: fix memleak on probe errors (git-fixes).
   - USB: serial: option: add Telit LN920 compositions (git-fixes).
   - USB: serial: option: add device id for Foxconn T99W265 (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - bitmap: remove unused function declaration (git-fixes).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
     (bsc#1191452).
   - cdc_ncm: Set NTB format again after altsetting switch for Huawei devices
     (git-fixes).
   - ceph: take snap_empty_lock atomically with snaprealm refcount change
     (bsc#1191888).
   - cifs: Add get_security_type_str function to return sec type
     (bsc#1190317).
   - cifs: Avoid field over-reading memcpy() (bsc#1190317).
   - cifs: Change SIDs in ACEs while transferring file ownership
     (bsc#1190317).
   - cifs: Clarify SMB1 code for POSIX Create (bsc#1190317).
   - cifs: Clarify SMB1 code for POSIX Lock (bsc#1190317).
   - cifs: Clarify SMB1 code for POSIX delete file (bsc#1190317).
   - cifs: Clarify SMB1 code for SetFileSize (bsc#1190317).
   - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1190317).
   - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1190317).
   - cifs: Clarify SMB1 code for delete (bsc#1190317).
   - cifs: Clarify SMB1 code for rename open file (bsc#1190317).
   - cifs: Display local UID details for SMB sessions in DebugData
     (bsc#1190317).
   - cifs: Do not use the original cruid when following DFS links for
     multiuser mounts (bsc#1190317).
   - cifs: Enable sticky bit with cifsacl mount option (bsc#1190317).
   - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1190317).
   - cifs: Fix chmod with modefromsid when an older ACE already exists
     (bsc#1190317).
   - cifs: Fix cifsacl ACE mask for group and others (bsc#1190317).
   - cifs: Fix double add page to memcg when cifs_readpages (bsc#1190317).
   - cifs: Fix in error types returned for out-of-credit situations
     (bsc#1190317).
   - cifs: Fix unix perm bits to cifsacl conversion for "other" bits
     (bsc#1190317).
   - cifs: Grab a reference for the dentry of the cached directory during the
     lifetime of the cache (bsc#1190317).
   - cifs: If a corrupted DACL is returned by the server, bail out
     (bsc#1190317).
   - cifs: Make extract_hostname function public (bsc#1190317).
   - cifs: Make extract_sharename function public (bsc#1190317).
   - cifs: Print the address and port we are connecting to in
     generic_ip_connect() (bsc#1190317).
   - cifs: Retain old ACEs when converting between mode bits and ACL
     (bsc#1190317).
   - cifs: Silently ignore unknown oplock break handle (bsc#1190317).
   - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1190317).
   - cifs: add a function to get a cached dir based on its dentry
     (bsc#1190317).
   - cifs: add a timestamp to track when the lease of the cached dir was
     taken (bsc#1190317).
   - cifs: add shutdown support (bsc#1190317).
   - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1190317).
   - cifs: added WARN_ON for all the count decrements (bsc#1190317).
   - cifs: ask for more credit on async read/write code paths (bsc#1190317).
   - cifs: avoid extra calls in posix_info_parse (bsc#1190317).
   - cifs: check pointer before freeing (bsc#1190317).
   - cifs: check the timestamp for the cached dirent when deciding on
     revalidate (bsc#1190317).
   - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1190317).
   - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1190317).
   - cifs: cleanup misc.c (bsc#1190317).
   - cifs: compute full_path already in cifs_readdir() (bsc#1190317).
   - cifs: constify path argument of ->make_node() (bsc#1190317).
   - cifs: constify pathname arguments in a bunch of helpers (bsc#1190317).
   - cifs: convert list_for_each to entry variant in cifs_debug.c
     (bsc#1190317).
   - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1190317).
   - cifs: convert to use be32_add_cpu() (bsc#1190317).
   - cifs: create sd context must be a multiple of 8 (bsc#1190317).
   - cifs: detect dead connections only when echoes are enabled (bsc#1190317).
   - cifs: do not fail __smb_send_rqst if non-fatal signals are pending
     (bsc#1190317).
   - cifs: dump Security Type info in DebugData (bsc#1190317).
   - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1190317).
   - cifs: fix NULL dereference in smb2_check_message() (bsc#1190317).
   - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1190317).
   - cifs: fix a memleak with modefromsid (bsc#1190317).
   - cifs: fix allocation size on newly created files (bsc#1190317).
   - cifs: fix chown and chgrp when idsfromsid mount option enabled
     (bsc#1190317).
   - cifs: fix fallocate when trying to allocate a hole (bsc#1190317).
   - cifs: fix leaked reference on requeued write (bsc#1190317).
   - cifs: fix missing null session check in mount (bsc#1190317).
   - cifs: fix missing spinlock around update to ses->status (bsc#1190317).
   - cifs: fix out-of-bound memory access when calling smb3_notify() at mount
     point (bsc#1190317).
   - cifs: fix reference leak for tlink (bsc#1190317).
   - cifs: fix rsize/wsize to be negotiated values (bsc#1190317).
   - cifs: fix string declarations and assignments in tracepoints
     (bsc#1190317).
   - cifs: fix the out of range assignment to bit fields in
     parse_server_interfaces (bsc#1190317).
   - cifs: handle "nolease" option for vers=1.0 (bsc#1190317).
   - cifs: handle -EINTR in cifs_setattr (bsc#1190317).
   - cifs: handle ERRBaduid for SMB1 (bsc#1190317).
   - cifs: handle reconnect of tcon when there is no cached dfs referral
     (bsc#1190317).
   - cifs: have ->mkdir() handle race with another client sanely
     (bsc#1190317).
   - cifs: improve fallocate emulation (bsc#1190317).
   - cifs: make build_path_from_dentry() return const char * (bsc#1190317).
   - cifs: make const array static, makes object smaller (bsc#1190317).
   - cifs: make locking consistent around the server session status
     (bsc#1190317).
   - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1190317).
   - cifs: minor kernel style fixes for comments (bsc#1190317).
   - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1190317).
   - cifs: missing null check for newinode pointer (bsc#1190317).
   - cifs: move some variables off the stack in smb2_ioctl_query_info
     (bsc#1190317).
   - cifs: move the check for nohandlecache into open_shroot (bsc#1190317).
   - cifs: only write 64kb at a time when fallocating a small region of a
     file (bsc#1190317).
   - cifs: pass a path to open_shroot and check if it is the root or not
     (bsc#1190317).
   - cifs: pass the dentry instead of the inode down to the revalidation
     check functions (bsc#1190317).
   - cifs: prevent truncation from long to int in wait_for_free_credits
     (bsc#1190317).
   - cifs: reduce stack use in smb2_compound_op (bsc#1190317).
   - cifs: refactor create_sd_buf() and and avoid corrupting the buffer
     (bsc#1190317).
   - cifs: remove old dead code (bsc#1190317).
   - cifs: remove some minor warnings pointed out by kernel test robot
     (bsc#1190317).
   - cifs: remove the retry in cifs_poxis_lock_set (bsc#1190317).
   - cifs: remove two cases where rc is set unnecessarily in sid_to_id
     (bsc#1190317).
   - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1190317).
   - cifs: remove various function description warnings (bsc#1190317).
   - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1190317).
   - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1190317).
   - cifs: return cached_fid from open_shroot (bsc#1190317).
   - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1190317).
   - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1190317).
   - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails
     (bsc#1190317).
   - cifs: store a pointer to the root dentry in cifs_sb_info once we have
     completed mounting the share (bsc#1190317).
   - cifs: update ctime and mtime during truncate (bsc#1190317).
   - cifs: update new ACE pointer after populate_new_aces (bsc#1190317).
   - cifs: use echo_interval even when connection not ready (bsc#1190317).
   - cifs: use the expiry output of dns_query to schedule next resolution
     (bsc#1190317).
   - crypto: qat - detect PFVF collision after ACK (git-fixes).
   - crypto: qat - disregard spurious PFVF interrupts (git-fixes).
   - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes).
   - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - fs: copy BTRFS_IOC_[SG]ET_FSLABEL to vfs (bsc#1191500).
   - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
   - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).
   - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).
   - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
     (git-fixes).
   - gianfar: simplify FCS handling and fix memory leak (git-fixes).
   - icmpv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - ipc: remove memcg accounting for sops objects in do_semtimedop()
   - ipv4: fix race condition between route lookup and invalidation
     (bsc#1190397).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - ipv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - kernel, fs: Introduce and use set_restart_fn() and
     arch_set_restart_data() (bsc#1191713).
   - kernel/locking/mutex.c: remove caller signal_pending branch predictions
     (bsc#1050549).
   - lib: iov_iter_fault_in_readable() should do nothing in xarray case
     (bsc#1191579).
   - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
     (git-fixes).
   - locking/pvqspinlock/x86: Use LOCK_PREFIX in __pv_queued_spin_unlock()
     assembly code (bsc#1050549).
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - net: cdc_ncm: use tasklet_init() for tasklet_struct init (git-fixes).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
     (git-fixes).
   - net: hso: remove redundant unused variable dev (git-fixes).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
     bsc#1191801).
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
     (git-fixes).
   - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem
     family (git-fixes).
   - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
   - net_sched: cls_route: remove the right filter from hashtable
     (networking-stable-20_03_28).
   - netfilter: Drop fragmented ndisc packets assembled in netfilter
     (git-fixes).
   - ocfs2: Fix data corruption after conversion from inline format
     (bsc#1190795).
   - ocfs2: Fix data corruption on truncate (bsc#1190795).
   - ocfs2: do not zero pages beyond i_size (bsc#1190795).
   - ocfs2: drop acl cache for directories too (bsc#1191667).
   - powerpc/64s: Fix crashes when toggling entry flush barrier
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
     git-fixes).
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
     (git-fixes).
   - s390x: Turn off CONFIG_NUMA_EMU (jsc#SLE-11600).
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
     (bsc#1192145).
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix crash when nvmet transport calls host_release
     (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
     (bsc#1192145).
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
     (bsc#1191349).
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
     (bsc#1190941).
   - scsi: qla2xxx: Check for firmware capability before creating QPair
     (bsc#1190941).
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
     (bsc#1190941).
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
     (bsc#1190941).
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
     (bsc#1190941).
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
     (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
     (bsc#1190941).
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
     (bsc#1190941).
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190941).
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
     (bsc#1190941).
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
   - sctp: fully initialize v4 addr in some functions (bsc#1188563).
   - selinux: fix error initialization in inode_doinit_with_dentry()
     (git-fixes).
   - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
     (git-fxes).
   - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1190317).
   - smb3: Add debug message for new file creation with idsfromsid mount
     option (bsc#1190317).
   - smb3: Add new parm "nodelete" (bsc#1190317).
   - smb3: Avoid Mid pending list corruption (bsc#1190317).
   - smb3: Call cifs reconnect from demultiplex thread (bsc#1190317).
   - smb3: Handle error case during offload read path (bsc#1190317).
   - smb3: add indatalen that can be a non-zero value to calculation of
     credit charge in smb2 ioctl (bsc#1190317).
   - smb3: add some missing definitions from MS-FSCC (bsc#1190317).
   - smb3: allow uid and gid owners to be set on create with idsfromsid mount
     option (bsc#1190317).
   - smb3: do not try to cache root directory if dir leases not supported
     (bsc#1190317).
   - smb3: fix access denied on change notify request to some servers
     (bsc#1190317).
   - smb3: fix cached file size problems in duplicate extents (reflink)
     (bsc#1190317).
   - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K
     (bsc#1190317).
   - smb3: fix possible access to uninitialized pointer to DACL (bsc#1190317).
   - smb3: fix stat when special device file and mounted with modefromsid
     (bsc#1190317).
   - smb3: fix unneeded error message on change notify (bsc#1190317).
   - smb3: limit noisy error (bsc#1190317).
   - smb3: minor update to compression header definitions (bsc#1190317).
   - smb3: prevent races updating CurrentMid (bsc#1190317).
   - smb3: rc uninitialized in one fallocate path (bsc#1190317).
   - smb3: remove static checker warning (bsc#1190317).
   - tcp/dccp: fix possible race __inet_lookup_established() (bsc#1180624).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
     (bsc#1065729).
   - uapi: nfnetlink_cthelper.h: fix userspace compilation error (git-fixes).
   - update structure definitions from updated protocol documentation
     (bsc#1190317).
   - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
     (git-fixes).
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes).
   - usb: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
   - usb: xhci: dbc: Simplify error handling in 'xhci_dbc_alloc_requests()'
     (git-fixes).
   - usb: xhci: dbc: Use GFP_KERNEL instead of GFP_ATOMIC in
     'xhci_dbc_alloc_requests()' (git-fixes).
   - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
     (bsc#1114648).
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
     (bsc#1114648).
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: always honor OWN_UNKNOWN rmap removal requests (bsc#1191500).
   - xfs: convert growfs AG header init to use buffer lists (bsc#1191500).
   - xfs: factor ag btree root block initialisation (bsc#1191500).
   - xfs: factor out AG header initialisation from growfs core (bsc#1191500).
   - xfs: fix check on struct_version for versions 4 or greater (bsc#1191500,
     git-fixes).
   - xfs: fix string handling in label get/set functions (bsc#1191500,
     git-fixes).
   - xfs: hoist xfs_fs_geometry to libxfs (bsc#1191500).
   - xfs: implement online get/set fs label (bsc#1191500).
   - xfs: make imaxpct changes in growfs separate (bsc#1191500).
   - xfs: move growfs core to libxfs (bsc#1191500).
   - xfs: one-shot cached buffers (bsc#1191500).
   - xfs: refactor the geometry structure filling function (bsc#1191500).
   - xfs: rework secondary superblock updates in growfs (bsc#1191500).
   - xfs: separate secondary sb update in growfs (bsc#1191500).
   - xfs: turn ag header initialisation into a table driven operation
     (bsc#1191500).
   - xfs: xfs_fsops: drop useless LIST_HEAD (bsc#1191500, git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3748=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3748=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3748=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-3748=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2021-3748=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.98.1
      kernel-default-debugsource-4.12.14-122.98.1
      kernel-default-extra-4.12.14-122.98.1
      kernel-default-extra-debuginfo-4.12.14-122.98.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.98.1
      kernel-obs-build-debugsource-4.12.14-122.98.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.98.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.98.1
      kernel-default-base-4.12.14-122.98.1
      kernel-default-base-debuginfo-4.12.14-122.98.1
      kernel-default-debuginfo-4.12.14-122.98.1
      kernel-default-debugsource-4.12.14-122.98.1
      kernel-default-devel-4.12.14-122.98.1
      kernel-syms-4.12.14-122.98.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.98.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.98.1
      kernel-macros-4.12.14-122.98.1
      kernel-source-4.12.14-122.98.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.98.1

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.98.1
      kernel-default-debugsource-4.12.14-122.98.1
      kernel-default-kgraft-4.12.14-122.98.1
      kernel-default-kgraft-devel-4.12.14-122.98.1
      kgraft-patch-4_12_14-122_98-default-1-8.7.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.98.1
      cluster-md-kmp-default-debuginfo-4.12.14-122.98.1
      dlm-kmp-default-4.12.14-122.98.1
      dlm-kmp-default-debuginfo-4.12.14-122.98.1
      gfs2-kmp-default-4.12.14-122.98.1
      gfs2-kmp-default-debuginfo-4.12.14-122.98.1
      kernel-default-debuginfo-4.12.14-122.98.1
      kernel-default-debugsource-4.12.14-122.98.1
      ocfs2-kmp-default-4.12.14-122.98.1
      ocfs2-kmp-default-debuginfo-4.12.14-122.98.1


References:

   https://www.suse.com/security/cve/CVE-2018-13405.html
   https://www.suse.com/security/cve/CVE-2021-33033.html
   https://www.suse.com/security/cve/CVE-2021-34556.html
   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-35477.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3715.html
   https://www.suse.com/security/cve/CVE-2021-37159.html
   https://www.suse.com/security/cve/CVE-2021-3760.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42252.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://bugzilla.suse.com/1050549
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1114648
   https://bugzilla.suse.com/1180624
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1186063
   https://bugzilla.suse.com/1186109
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1188601
   https://bugzilla.suse.com/1188983
   https://bugzilla.suse.com/1188985
   https://bugzilla.suse.com/1190006
   https://bugzilla.suse.com/1190067
   https://bugzilla.suse.com/1190317
   https://bugzilla.suse.com/1190349
   https://bugzilla.suse.com/1190397
   https://bugzilla.suse.com/1190479
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1190941
   https://bugzilla.suse.com/1191241
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191317
   https://bugzilla.suse.com/1191349
   https://bugzilla.suse.com/1191450
   https://bugzilla.suse.com/1191452
   https://bugzilla.suse.com/1191455
   https://bugzilla.suse.com/1191500
   https://bugzilla.suse.com/1191579
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191662
   https://bugzilla.suse.com/1191667
   https://bugzilla.suse.com/1191713
   https://bugzilla.suse.com/1191801
   https://bugzilla.suse.com/1191888
   https://bugzilla.suse.com/1192145
   https://bugzilla.suse.com/1192267


From sle-updates at lists.suse.com  Fri Nov 19 23:19:18 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Sat, 20 Nov 2021 00:19:18 +0100 (CET)
Subject: SUSE-SU-2021:3754-1: important: Security update for the Linux Kernel
Message-ID: <20211119231918.70262FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3754-1
Rating:             important
References:         #1065729 #1085030 #1152489 #1154353 #1156395 
                    #1157177 #1167773 #1172073 #1173604 #1176940 
                    #1184673 #1185762 #1186063 #1187167 #1188563 
                    #1189841 #1190006 #1190067 #1190349 #1190351 
                    #1190479 #1190620 #1190642 #1190795 #1190941 
                    #1191229 #1191241 #1191315 #1191317 #1191349 
                    #1191384 #1191449 #1191450 #1191451 #1191452 
                    #1191455 #1191456 #1191628 #1191731 #1191800 
                    #1191934 #1191958 #1192040 #1192041 #1192107 
                    #1192145 #1192267 #1192549 
Cross-References:   CVE-2021-3542 CVE-2021-3655 CVE-2021-3715
                    CVE-2021-3760 CVE-2021-3772 CVE-2021-3896
                    CVE-2021-41864 CVE-2021-42008 CVE-2021-42252
                    CVE-2021-42739 CVE-2021-43056
CVSS scores:
                    CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:
                    SUSE MicroOS 5.0
                    SUSE Linux Enterprise Workstation Extension 15-SP2
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
                    SUSE Linux Enterprise Module for Legacy Software 15-SP2
                    SUSE Linux Enterprise Module for Development Tools 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 37 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
   - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
     which may have allowed the kernel to read uninitialized memory
     (bsc#1188563).
   - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
     Power8 (bnc#1192107).
   - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
     drivers/isdn/capi/kcapi.c (bsc#1191958).
   - CVE-2021-3760: Fixed a use-after-free vulnerability with the
     ndev->rf_conn_info object (bsc#1190067).
   - CVE-2021-42739: The firewire subsystem had a buffer overflow related to
     drivers/media/firewire/firedtv-avc.c and
     drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
     bounds checking (bsc#1184673).
   - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
     (bsc#1186063).
   - CVE-2021-3715: Fixed a use-after-free in route4_change() in
     net/sched/cls_route.c (bsc#1190349).
   - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
     have allowed local attackers to access the Aspeed LPC control interface
     to overwrite memory in the kernel and potentially execute privileges
     (bnc#1190479).
   - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
     unprivileged users to trigger an eBPF multiplication integer overflow
     with a resultant out-of-bounds write (bnc#1191317).
   - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
     function in drivers/net/hamradio/6pack.c. Input from a process that had
     the CAP_NET_ADMIN capability could have lead to root access
     (bsc#1191315).

   The following non-security bugs were fixed:

   - ACPI: bgrt: Fix CFI violation (git-fixes).
   - ACPI: fix NULL pointer dereference (git-fixes).
   - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
   - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
     (git-fixes).
   - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
     (git-fixes).
   - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
   - ALSA: seq: Fix a potential UAF by wrong private_free call order
     (git-fixes).
   - ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
   - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
   - ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
   - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
   - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
   - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
     (git-fixes).
   - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
   - HID: u2fzero: ignore incomplete packets without data (git-fixes).
   - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
   - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
     (git-fixes).
   - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
   - IPv6: reply ICMP error if the first fragment do not include all headers
     (bsc#1191241).
   - Input: snvs_pwrkey - add clk handling (git-fixes).
   - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
   - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
     SPRs are live (bsc#1156395).
   - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
     (bsc#1156395).
   - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
   - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
     registers (bsc#1156395).
   - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
   - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
   - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
     (git-fixes).
   - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
     (git-fixes).
   - NFS: dir_cookie is a pointer to the cookie in older kernels, not the
     cookie itself (bsc#1191628 bsc#1192549).
   - NFS: Do uncached readdir when we're seeking a cookie in an empty page
     cache (bsc#1191628).
   - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
   - USB: cdc-acm: clean up probe error labels (git-fixes).
   - USB: cdc-acm: fix minor-number release (git-fixes).
   - USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
   - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
   - USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
   - USB: serial: qcserial: add EM9191 QDL support (git-fixes).
   - USB: xhci: dbc: fix tty registration race (git-fixes).
   - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
   - ata: ahci_platform: fix null-ptr-deref in
     ahci_platform_enable_regulators() (git-fixes).
   - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
     (git-fixes).
   - audit: fix possible null-pointer dereference in audit_filter_rules
     (git-fixes).
   - bfq: Remove merged request already in bfq_requests_merged()
     (bsc#1191456).
   - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
   - blktrace: Fix uaf in blk_trace access after removing by sysfs
     (bsc#1191452).
   - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
   - bnxt_en: Fix TX timeout when TX ring size is set to the smallest
     (git-fixes).
   - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
     (git-fixes).
   - bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
   - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
   - can: dev: can_restart: fix use after free bug (git-fixes).
   - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
   - can: peak_usb: fix use after free bugs (git-fixes).
   - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
     state notification (git-fixes).
   - can: rcar_can: fix suspend/resume (git-fixes).
   - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
     error path (git-fixes).
   - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
   - cb710: avoid NULL pointer subtraction (git-fixes).
   - ceph: fix handling of "meta" errors (bsc#1192041).
   - ceph: skip existing superblocks that are blocklisted or shut down when
     mounting (bsc#1192040).
   - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
   - drm/amd/display: Pass PCI deviceid into DC (git-fixes).
   - drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
   - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
   - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
     (git-fixes).
   - drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
   - drm/nouveau/debugfs: fix file release memory leak (git-fixes).
   - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
   - e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
   - e100: fix buffer overrun in e100_get_regs (git-fixes).
   - e100: fix length calculation in e100_get_regs_len (git-fixes).
   - e100: handle eeprom as little endian (git-fixes).
   - ext4: fix reserved space counter leakage (bsc#1191450).
   - ext4: report correct st_size for encrypted symlinks (bsc#1191449).
   - fs, mm: fix race in unlinking swapfile (bsc#1191455).
   - fscrypt: add fscrypt_symlink_getattr() for computing st_size
     (bsc#1191449).
   - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
   - gpio: pca953x: Improve bias setting (git-fixes).
   - gve: Avoid freeing NULL pointer (git-fixes).
   - gve: Correct available tx qpl check (git-fixes).
   - gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
   - gve: fix gve_get_stats() (git-fixes).
   - gve: report 64bit tx_bytes counter from gve_handle_report_stats()
     (bsc#1176940).
   - hso: fix bailout in error case of probe (git-fixes).
   - i2c: acpi: fix resource leak in reconfiguration device addition
     (git-fixes).
   - i40e: Fix ATR queue selection (git-fixes).
   - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
   - i40e: fix endless loop under rtnl (git-fixes).
   - iavf: fix double unlock of crit_lock (git-fixes).
   - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
   - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
     (git-fixes).
   - iio: adc: aspeed: set driver data when adc probe (git-fixes).
   - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
   - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
   - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
   - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
     (git-fixes).
   - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
   - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
   - ipv6/netfilter: Discard first fragment not including all headers
     (bsc#1191241).
   - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
   - isdn: mISDN: Fix sleeping function called from invalid context
     (git-fixes).
   - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
   - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
   - kernel-binary.spec: Do not sign kernel when no key provided
     (bsc#1187167).
   - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
     well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating
     (bsc#1189841).")
   - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
   - lan78xx: select CRC32 (git-fixes).
   - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
     (git-fixes).
   - mac80211: Drop frames from invalid MAC address in ad-hoc mode
     (git-fixes).
   - mac80211: check return value of rhashtable_init (git-fixes).
   - mei: me: add Ice Lake-N device id (git-fixes).
   - mlx5: count all link events (git-fixes).
   - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
   - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
   - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
     (git-fixes).
   - mmc: vub300: fix control-message timeouts (git-fixes).
   - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
   - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
   - net/mlx4_en: Resolve bad operstate value (git-fixes).
   - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
   - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
   - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
   - net: batman-adv: fix error handling (git-fixes).
   - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
     (git-fixes).
   - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
     (git-fixes).
   - net: cdc_eem: fix tx fixup skb leak (git-fixes).
   - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
   - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
   - net: hso: add failure handler for add_net_device (git-fixes).
   - net: hso: fix NULL-deref on disconnect regression (git-fixes).
   - net: hso: fix null-ptr-deref during tty device unregistration
     (git-fixes).
   - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
   - net: lan78xx: fix division by zero in send path (git-fixes).
   - net: mana: Fix error handling in mana_create_rxq() (git-fixes,
     bsc#1191800).
   - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
     (git-fixes).
   - netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
   - nfc: fix error handling of nfc_proto_register() (git-fixes).
   - nfc: port100: fix using -ERRNO as command type mask (git-fixes).
   - nvme-fc: avoid race between time out and tear down (bsc#1185762).
   - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
   - nvme-fc: update hardware queues before using them (bsc#1185762).
   - nvme-pci: Fix abort command id (git-fixes).
   - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
   - nvme-pci: refactor nvme_unmap_data (bsc#1191934).
   - nvme: add command id quirk for apple controllers (git-fixes).
   - ocfs2: fix data corruption after conversion from inline format
     (bsc#1190795).
   - pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
   - phy: mdio: fix memory leak (git-fixes).
   - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
     (git-fixes).
   - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
     run_smbios_call (git-fixes).
   - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
   - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
   - powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
   - powerpc/lib: Fix emulate_step() std test (bsc#1065729).
   - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
     git-fixes).
   - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
     (bsc#1085030 git-fixes).
   - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
     (git-fixes).
   - ptp_pch: Load module automatically if ID matches (git-fixes).
   - ptp_pch: Restore dependency on PCI (git-fixes).
   - qed: Fix missing error code in qed_slowpath_start() (git-fixes).
   - qed: Handle management FW error (git-fixes).
   - qed: rdma - do not wait for resources under hw error recovery flow
     (git-fixes).
   - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
   - rpm: fix kmp install path
   - rpm: use _rpmmacrodir (boo#1191384)
   - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
     (bsc#1192145).
   - scsi: lpfc: Allow fabric node recovery if recovery is in progress before
     devloss (bsc#1192145).
   - scsi: lpfc: Correct sysfs reporting of loop support after SFP status
     change (bsc#1192145).
   - scsi: lpfc: Fix link down processing to address NULL pointer dereference
     (bsc#1192145).
   - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
     (bsc#1191349).
   - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
   - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
     driver_resource_setup() (bsc#1192145).
   - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
   - scsi: lpfc: Wait for successful restart of SLI3 adapter during host
     sg_reset (bsc#1192145).
   - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
   - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
   - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
   - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
   - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
   - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
   - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
     (bsc#1190941).
   - scsi: qla2xxx: Check for firmware capability before creating QPair
     (bsc#1190941).
   - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
     (bsc#1190941).
   - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
     (bsc#1190941).
   - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
   - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
   - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
   - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
   - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
   - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
   - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
     (bsc#1190941).
   - scsi: qla2xxx: Fix port type info (bsc#1190941).
   - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
   - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
   - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
     (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
   - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
   - scsi: qla2xxx: Remove redundant initialization of pointer req
     (bsc#1190941).
   - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
   - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
   - scsi: qla2xxx: Suppress unnecessary log messages during login
     (bsc#1190941).
   - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
   - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
   - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (bsc#1190941).
   - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
   - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
     (bsc#1190941).
   - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
   - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
   - scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
   - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
   - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
   - sctp: check asoc peer.asconf_capable before processing asconf
     (bsc#1190351).
   - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
   - spi: spi-nxp-fspi: do not depend on a specific node name erratum
     workaround (git-fixes).
   - tpm: ibmvtpm: Avoid error message when process gets signal while waiting
     (bsc#1065729).
   - usb: hso: fix error handling code of hso_create_net_device (git-fixes).
   - usb: hso: remove the bailout parameter (git-fixes).
   - usb: musb: dsps: Fix the probe error path (git-fixes).
   - video: fbdev: gbefb: Only instantiate device when built for IP32
     (git-fixes).
   - virtio: write back F_VERSION_1 before validate (git-fixes).
   - watchdog: orion: use 0 for unset heartbeat (git-fixes).
   - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
   - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
     (bsc#1152489).
   - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
     (bsc#1152489).
   - xen: fix setting of max_pfn in shared_info (git-fixes).
   - xen: reset legacy rtc flag for PV domU (git-fixes).
   - xfs: Fixed non-directory creation in SGID directories introduced by
     CVE-2018-13405 patch (bsc#1190006).
   - xfs: ensure that the inode uid/gid match values match the icdinode ones
     (bsc#1190006).
   - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
     (bsc#1190642).
   - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
   - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
   - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
     (git-fixes).
   - xhci: Fix command ring pointer corruption while aborting a command
     (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
   - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3754=1

   - SUSE Linux Enterprise Workstation Extension 15-SP2:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3754=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3754=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-3754=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3754=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3754=1

   - SUSE Linux Enterprise High Availability 15-SP2:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3754=1



Package List:

   - SUSE MicroOS 5.0 (aarch64 x86_64):

      kernel-default-5.3.18-24.93.1
      kernel-default-base-5.3.18-24.93.1.9.42.5
      kernel-default-debuginfo-5.3.18-24.93.1
      kernel-default-debugsource-5.3.18-24.93.1

   - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):

      kernel-default-debuginfo-5.3.18-24.93.1
      kernel-default-debugsource-5.3.18-24.93.1
      kernel-default-extra-5.3.18-24.93.1
      kernel-default-extra-debuginfo-5.3.18-24.93.1
      kernel-preempt-extra-5.3.18-24.93.1
      kernel-preempt-extra-debuginfo-5.3.18-24.93.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-24.93.1
      kernel-default-debugsource-5.3.18-24.93.1
      kernel-default-livepatch-5.3.18-24.93.1
      kernel-default-livepatch-devel-5.3.18-24.93.1
      kernel-livepatch-5_3_18-24_93-default-1-5.3.5
      kernel-livepatch-5_3_18-24_93-default-debuginfo-1-5.3.5
      kernel-livepatch-SLE15-SP2_Update_21-debugsource-1-5.3.5

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-24.93.1
      kernel-default-debugsource-5.3.18-24.93.1
      reiserfs-kmp-default-5.3.18-24.93.1
      reiserfs-kmp-default-debuginfo-5.3.18-24.93.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-5.3.18-24.93.1
      kernel-obs-build-debugsource-5.3.18-24.93.1
      kernel-syms-5.3.18-24.93.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):

      kernel-preempt-debuginfo-5.3.18-24.93.1
      kernel-preempt-debugsource-5.3.18-24.93.1
      kernel-preempt-devel-5.3.18-24.93.1
      kernel-preempt-devel-debuginfo-5.3.18-24.93.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):

      kernel-docs-5.3.18-24.93.1
      kernel-source-5.3.18-24.93.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      kernel-default-5.3.18-24.93.1
      kernel-default-base-5.3.18-24.93.1.9.42.5
      kernel-default-debuginfo-5.3.18-24.93.1
      kernel-default-debugsource-5.3.18-24.93.1
      kernel-default-devel-5.3.18-24.93.1
      kernel-default-devel-debuginfo-5.3.18-24.93.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):

      kernel-preempt-5.3.18-24.93.1
      kernel-preempt-debuginfo-5.3.18-24.93.1
      kernel-preempt-debugsource-5.3.18-24.93.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):

      kernel-devel-5.3.18-24.93.1
      kernel-macros-5.3.18-24.93.1

   - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-24.93.1
      cluster-md-kmp-default-debuginfo-5.3.18-24.93.1
      dlm-kmp-default-5.3.18-24.93.1
      dlm-kmp-default-debuginfo-5.3.18-24.93.1
      gfs2-kmp-default-5.3.18-24.93.1
      gfs2-kmp-default-debuginfo-5.3.18-24.93.1
      kernel-default-debuginfo-5.3.18-24.93.1
      kernel-default-debugsource-5.3.18-24.93.1
      ocfs2-kmp-default-5.3.18-24.93.1
      ocfs2-kmp-default-debuginfo-5.3.18-24.93.1


References:

   https://www.suse.com/security/cve/CVE-2021-3542.html
   https://www.suse.com/security/cve/CVE-2021-3655.html
   https://www.suse.com/security/cve/CVE-2021-3715.html
   https://www.suse.com/security/cve/CVE-2021-3760.html
   https://www.suse.com/security/cve/CVE-2021-3772.html
   https://www.suse.com/security/cve/CVE-2021-3896.html
   https://www.suse.com/security/cve/CVE-2021-41864.html
   https://www.suse.com/security/cve/CVE-2021-42008.html
   https://www.suse.com/security/cve/CVE-2021-42252.html
   https://www.suse.com/security/cve/CVE-2021-42739.html
   https://www.suse.com/security/cve/CVE-2021-43056.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1085030
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1157177
   https://bugzilla.suse.com/1167773
   https://bugzilla.suse.com/1172073
   https://bugzilla.suse.com/1173604
   https://bugzilla.suse.com/1176940
   https://bugzilla.suse.com/1184673
   https://bugzilla.suse.com/1185762
   https://bugzilla.suse.com/1186063
   https://bugzilla.suse.com/1187167
   https://bugzilla.suse.com/1188563
   https://bugzilla.suse.com/1189841
   https://bugzilla.suse.com/1190006
   https://bugzilla.suse.com/1190067
   https://bugzilla.suse.com/1190349
   https://bugzilla.suse.com/1190351
   https://bugzilla.suse.com/1190479
   https://bugzilla.suse.com/1190620
   https://bugzilla.suse.com/1190642
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1190941
   https://bugzilla.suse.com/1191229
   https://bugzilla.suse.com/1191241
   https://bugzilla.suse.com/1191315
   https://bugzilla.suse.com/1191317
   https://bugzilla.suse.com/1191349
   https://bugzilla.suse.com/1191384
   https://bugzilla.suse.com/1191449
   https://bugzilla.suse.com/1191450
   https://bugzilla.suse.com/1191451
   https://bugzilla.suse.com/1191452
   https://bugzilla.suse.com/1191455
   https://bugzilla.suse.com/1191456
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191731
   https://bugzilla.suse.com/1191800
   https://bugzilla.suse.com/1191934
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1192040
   https://bugzilla.suse.com/1192041
   https://bugzilla.suse.com/1192107
   https://bugzilla.suse.com/1192145
   https://bugzilla.suse.com/1192267
   https://bugzilla.suse.com/1192549


From sle-updates at lists.suse.com  Sat Nov 20 07:28:30 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Sat, 20 Nov 2021 08:28:30 +0100 (CET)
Subject: SUSE-CU-2021:513-1: Security update of bci/openjdk-devel
Message-ID: <20211120072830.629C3FD0A@maintenance.suse.de>

SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:513-1
Container Tags        : bci/openjdk-devel:11
Container Release     : 4.61
Severity              : important
Type                  : security
References            : 1172973 1172974 1177127 1186503 1186602 1187224 1187425 1187466
                        1187738 1187760 1188156 1188435 1189031 1190052 1190059 1190199
                        1190465 1190552 1190712 1190793 1190815 1190850 1191901 1191903
                        1191904 1191906 1191909 1191910 1191911 1191912 1191913 1191914
                        1191987 CVE-2019-20838 CVE-2020-14155 CVE-2021-35550 CVE-2021-35556
                        CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567
                        CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 CVE-2021-39537 
-----------------------------------------------------------------

The container bci/openjdk-devel was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3026-1
Released:    Fri Oct 23 15:35:49 2020
Summary:     Optional update for the Public Cloud Module
Type:        optional
Severity:    moderate
References:  

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:

- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:294-1
Released:    Wed Feb  3 12:54:28 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate
References:  

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:656-1
Released:    Mon Mar  1 09:34:21 2021
Summary:     Recommended update for protobuf
Type:        recommended
Severity:    moderate
References:  1177127
This update for protobuf fixes the following issues:

- Add missing dependency of python subpackages on python-six. (bsc#1177127)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3501-1
Released:    Fri Oct 22 10:42:46 2021
Summary:     Recommended update for libzypp, zypper, libsolv, protobuf
Type:        recommended
Severity:    moderate
References:  1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3545-1
Released:    Wed Oct 27 14:46:39 2021
Summary:     Recommended update for less
Type:        recommended
Severity:    low
References:  1190552
This update for less fixes the following issues:

- Add missing runtime dependency on package 'which', that is used by
  lessopen.sh (bsc#1190552)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3564-1
Released:    Wed Oct 27 16:12:08 2021
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    moderate
References:  1190850
This update for rpm-config-SUSE fixes the following issues:

- Support ZSTD compressed kernel modules. (bsc#1190850)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3671-1
Released:    Tue Nov 16 14:48:10 2021
Summary:     Security update for java-11-openjdk
Type:        security
Severity:    important
References:  1191901,1191903,1191904,1191906,1191909,1191910,1191911,1191912,1191913,1191914,CVE-2021-35550,CVE-2021-35556,CVE-2021-35559,CVE-2021-35561,CVE-2021-35564,CVE-2021-35565,CVE-2021-35567,CVE-2021-35578,CVE-2021-35586,CVE-2021-35603
This update for java-11-openjdk fixes the following issues:

Update to 11.0.13+8 (October 2021 CPU)

- CVE-2021-35550, bsc#1191901: Update the default enabled cipher suites preference
- CVE-2021-35565, bsc#1191909: com.sun.net.HttpsServer spins on TLS session close
- CVE-2021-35556, bsc#1191910: Richer Text Editors
- CVE-2021-35559, bsc#1191911: Enhanced style for RTF kit
- CVE-2021-35561, bsc#1191912: Better hashing support
- CVE-2021-35564, bsc#1191913: Improve Keystore integrity
- CVE-2021-35567, bsc#1191903: More Constrained Delegation
- CVE-2021-35578, bsc#1191904: Improve TLS client handshaking
- CVE-2021-35586, bsc#1191914: Better BMP support
- CVE-2021-35603, bsc#1191906: Better session identification
- Improve Stream handling for SSL
- Improve requests of certificates
- Correct certificate requests
- Enhance DTLS client handshake


The following package changes have been done:

- java-11-openjdk-devel-11.0.13.0-3.65.1 updated
- java-11-openjdk-headless-11.0.13.0-3.65.1 updated
- java-11-openjdk-11.0.13.0-3.65.1 updated
- less-530-3.3.2 updated
- libncurses6-6.1-5.9.1 updated
- libpcre1-8.45-20.10.1 updated
- libprotobuf-lite20-3.9.2-4.9.1 added
- libsolv-tools-0.7.20-9.2 updated
- libzypp-17.28.5-15.2 updated
- ncurses-utils-6.1-5.9.1 updated
- pam-1.3.0-6.50.1 updated
- rpm-config-SUSE-1-5.3.1 updated
- terminfo-base-6.1-5.9.1 updated
- which-2.21-2.20 added
- zypper-1.14.49-16.1 updated
- container:openjdk11-image-15.3.0-5.41 updated
- libFLAC8-1.3.2-3.6.1 removed
- libdbus-1-3-1.12.2-8.11.2 removed
- libogg0-1.3.2-1.24 removed
- libpulse0-14.2-4.2 removed
- libsndfile1-1.0.28-5.12.1 removed
- libspeex1-1.2-1.27 removed
- libvorbis0-1.3.6-4.3.1 removed
- libvorbisenc2-1.3.6-4.3.1 removed

From sle-updates at lists.suse.com  Sat Nov 20 07:28:51 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Sat, 20 Nov 2021 08:28:51 +0100 (CET)
Subject: SUSE-CU-2021:514-1: Security update of bci/openjdk
Message-ID: <20211120072851.75345FD0A@maintenance.suse.de>

SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:514-1
Container Tags        : bci/openjdk:11
Container Release     : 5.41
Severity              : important
Type                  : security
References            : 1172973 1172974 1177127 1178236 1185016 1185524 1186503 1186602
                        1186910 1187224 1187270 1187425 1187466 1187512 1187738 1187760
                        1188156 1188344 1188435 1188921 1189031 1190052 1190059 1190199
                        1190465 1190645 1190712 1190739 1190793 1190815 1190850 1190915
                        1190933 1191901 1191903 1191904 1191906 1191909 1191910 1191911
                        1191912 1191913 1191914 1191987 CVE-2019-20838 CVE-2020-14155
                        CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564
                        CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603
                        CVE-2021-37600 CVE-2021-39537 
-----------------------------------------------------------------

The container bci/openjdk was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3026-1
Released:    Fri Oct 23 15:35:49 2020
Summary:     Optional update for the Public Cloud Module
Type:        optional
Severity:    moderate
References:  

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:

- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:294-1
Released:    Wed Feb  3 12:54:28 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate
References:  

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:656-1
Released:    Mon Mar  1 09:34:21 2021
Summary:     Recommended update for protobuf
Type:        recommended
Severity:    moderate
References:  1177127
This update for protobuf fixes the following issues:

- Add missing dependency of python subpackages on python-six. (bsc#1177127)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3474-1
Released:    Wed Oct 20 08:41:31 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:10 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3501-1
Released:    Fri Oct 22 10:42:46 2021
Summary:     Recommended update for libzypp, zypper, libsolv, protobuf
Type:        recommended
Severity:    moderate
References:  1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3564-1
Released:    Wed Oct 27 16:12:08 2021
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    moderate
References:  1190850
This update for rpm-config-SUSE fixes the following issues:

- Support ZSTD compressed kernel modules. (bsc#1190850)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3671-1
Released:    Tue Nov 16 14:48:10 2021
Summary:     Security update for java-11-openjdk
Type:        security
Severity:    important
References:  1191901,1191903,1191904,1191906,1191909,1191910,1191911,1191912,1191913,1191914,CVE-2021-35550,CVE-2021-35556,CVE-2021-35559,CVE-2021-35561,CVE-2021-35564,CVE-2021-35565,CVE-2021-35567,CVE-2021-35578,CVE-2021-35586,CVE-2021-35603
This update for java-11-openjdk fixes the following issues:

Update to 11.0.13+8 (October 2021 CPU)

- CVE-2021-35550, bsc#1191901: Update the default enabled cipher suites preference
- CVE-2021-35565, bsc#1191909: com.sun.net.HttpsServer spins on TLS session close
- CVE-2021-35556, bsc#1191910: Richer Text Editors
- CVE-2021-35559, bsc#1191911: Enhanced style for RTF kit
- CVE-2021-35561, bsc#1191912: Better hashing support
- CVE-2021-35564, bsc#1191913: Improve Keystore integrity
- CVE-2021-35567, bsc#1191903: More Constrained Delegation
- CVE-2021-35578, bsc#1191904: Improve TLS client handshaking
- CVE-2021-35586, bsc#1191914: Better BMP support
- CVE-2021-35603, bsc#1191906: Better session identification
- Improve Stream handling for SSL
- Improve requests of certificates
- Correct certificate requests
- Enhance DTLS client handshake


The following package changes have been done:

- java-11-openjdk-headless-11.0.13.0-3.65.1 updated
- java-11-openjdk-11.0.13.0-3.65.1 updated
- libaugeas0-1.10.1-3.3.1 updated
- libblkid1-2.36.2-4.5.1 updated
- libfdisk1-2.36.2-4.5.1 updated
- libmount1-2.36.2-4.5.1 updated
- libncurses6-6.1-5.9.1 updated
- libpcre1-8.45-20.10.1 updated
- libprotobuf-lite20-3.9.2-4.9.1 added
- libsmartcols1-2.36.2-4.5.1 updated
- libsolv-tools-0.7.20-9.2 updated
- libuuid1-2.36.2-4.5.1 updated
- libzypp-17.28.5-15.2 updated
- ncurses-utils-6.1-5.9.1 updated
- pam-1.3.0-6.50.1 updated
- rpm-config-SUSE-1-5.3.1 updated
- terminfo-base-6.1-5.9.1 updated
- util-linux-2.36.2-4.5.1 updated
- zypper-1.14.49-16.1 updated
- container:sles15-image-15.0.0-17.8.32 updated
- libFLAC8-1.3.2-3.6.1 removed
- libdbus-1-3-1.12.2-8.11.2 removed
- libogg0-1.3.2-1.24 removed
- libpulse0-14.2-4.2 removed
- libsndfile1-1.0.28-5.12.1 removed
- libspeex1-1.2-1.27 removed
- libvorbis0-1.3.6-4.3.1 removed
- libvorbisenc2-1.3.6-4.3.1 removed

From sle-updates at lists.suse.com  Sat Nov 20 20:17:50 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Sat, 20 Nov 2021 21:17:50 +0100 (CET)
Subject: SUSE-SU-2021:3755-1: important: Security update for postgresql,
 postgresql13, postgresql14 
Message-ID: <20211120201750.6EA58FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for postgresql, postgresql13, postgresql14 
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3755-1
Rating:             important
References:         #1192516 SLE-22673 
Cross-References:   CVE-2021-23214 CVE-2021-23222
CVSS scores:
                    CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that fixes two vulnerabilities, contains one
   feature is now available.

Description:

   This update for postgresql, postgresql13 and postgresql14 fixes the
   following issues:

   Security issues fixed:

   - CVE-2021-23214: Make the server reject extraneous data after an SSL or
     GSS encryption handshake (bsc#1192516).
   - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS
     encryption handshake (bsc#1192516).

   This update also ships postgresql14 to SUSE Linux Enterprise 12 SP5.
   (jsc#SLE-22673) On older service packs only libpq5 and libecpg6 are being
   replaced by the postgresql14 variants.

   Feature changes in postgresql14:

   - https://www.postgresql.org/about/news/postgresql-14-released-2318/
   - https://www.postgresql.org/docs/14/release-14.html


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3755=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3755=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3755=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3755=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3755=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3755=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3755=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3755=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3755=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3755=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3755=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3755=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3755=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1

   - SUSE OpenStack Cloud 9 (x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - SUSE OpenStack Cloud 9 (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1

   - SUSE OpenStack Cloud 8 (x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - SUSE OpenStack Cloud 8 (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      postgresql13-debugsource-13.5-3.15.2
      postgresql13-devel-13.5-3.15.2
      postgresql13-devel-debuginfo-13.5-3.15.2
      postgresql14-debugsource-14.1-3.3.1
      postgresql14-devel-14.1-3.3.1
      postgresql14-devel-debuginfo-14.1-3.3.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64):

      postgresql13-server-devel-13.5-3.15.2
      postgresql13-server-devel-debuginfo-13.5-3.15.2
      postgresql14-server-devel-14.1-3.3.1
      postgresql14-server-devel-debuginfo-14.1-3.3.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      postgresql-devel-14-4.10.1
      postgresql-server-devel-14-4.10.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):

      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):

      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1
      postgresql13-13.5-3.15.2
      postgresql13-contrib-13.5-3.15.2
      postgresql13-contrib-debuginfo-13.5-3.15.2
      postgresql13-debuginfo-13.5-3.15.2
      postgresql13-debugsource-13.5-3.15.2
      postgresql13-plperl-13.5-3.15.2
      postgresql13-plperl-debuginfo-13.5-3.15.2
      postgresql13-plpython-13.5-3.15.2
      postgresql13-plpython-debuginfo-13.5-3.15.2
      postgresql13-pltcl-13.5-3.15.2
      postgresql13-pltcl-debuginfo-13.5-3.15.2
      postgresql13-server-13.5-3.15.2
      postgresql13-server-debuginfo-13.5-3.15.2
      postgresql14-14.1-3.3.1
      postgresql14-contrib-14.1-3.3.1
      postgresql14-contrib-debuginfo-14.1-3.3.1
      postgresql14-debuginfo-14.1-3.3.1
      postgresql14-debugsource-14.1-3.3.1
      postgresql14-plperl-14.1-3.3.1
      postgresql14-plperl-debuginfo-14.1-3.3.1
      postgresql14-plpython-14.1-3.3.1
      postgresql14-plpython-debuginfo-14.1-3.3.1
      postgresql14-pltcl-14.1-3.3.1
      postgresql14-pltcl-debuginfo-14.1-3.3.1
      postgresql14-server-14.1-3.3.1
      postgresql14-server-debuginfo-14.1-3.3.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):

      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1
      postgresql13-docs-13.5-3.15.2
      postgresql14-docs-14.1-3.3.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):

      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):

      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - HPE Helion Openstack 8 (x86_64):

      libecpg6-14.1-3.3.1
      libecpg6-debuginfo-14.1-3.3.1
      libpq5-14.1-3.3.1
      libpq5-32bit-14.1-3.3.1
      libpq5-debuginfo-14.1-3.3.1
      libpq5-debuginfo-32bit-14.1-3.3.1

   - HPE Helion Openstack 8 (noarch):

      postgresql-14-4.10.1
      postgresql-contrib-14-4.10.1
      postgresql-docs-14-4.10.1
      postgresql-plperl-14-4.10.1
      postgresql-plpython-14-4.10.1
      postgresql-pltcl-14-4.10.1
      postgresql-server-14-4.10.1


References:

   https://www.suse.com/security/cve/CVE-2021-23214.html
   https://www.suse.com/security/cve/CVE-2021-23222.html
   https://bugzilla.suse.com/1192516


From sle-updates at lists.suse.com  Mon Nov 22 08:17:40 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 22 Nov 2021 09:17:40 +0100 (CET)
Subject: SUSE-RU-2021:3756-1: moderate: Recommended update for ocfs2-tools
Message-ID: <20211122081740.05EB2FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for ocfs2-tools
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3756-1
Rating:             moderate
References:         #1191810 #1192103 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP4
                    SUSE Linux Enterprise High Availability 12-SP3
______________________________________________________________________________

   An update that has two recommended fixes can now be
   installed.

Description:

   This update for ocfs2-tools fixes the following issues:

   - Fix mounted.ocfs2 output when some devices are not ready (bsc#1191810)
   - Rollback when dir_index creation fails (bsc#1192103)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3756=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2021-3756=1

   - SUSE Linux Enterprise High Availability 12-SP4:

      zypper in -t patch SUSE-SLE-HA-12-SP4-2021-3756=1

   - SUSE Linux Enterprise High Availability 12-SP3:

      zypper in -t patch SUSE-SLE-HA-12-SP3-2021-3756=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      ocfs2-tools-debuginfo-1.8.5-3.11.1
      ocfs2-tools-debugsource-1.8.5-3.11.1
      ocfs2-tools-devel-1.8.5-3.11.1
      ocfs2-tools-devel-static-1.8.5-3.11.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      ocfs2-tools-1.8.5-3.11.1
      ocfs2-tools-debuginfo-1.8.5-3.11.1
      ocfs2-tools-debugsource-1.8.5-3.11.1
      ocfs2-tools-o2cb-1.8.5-3.11.1
      ocfs2-tools-o2cb-debuginfo-1.8.5-3.11.1
      ocfs2console-1.8.5-3.11.1
      ocfs2console-debuginfo-1.8.5-3.11.1

   - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):

      ocfs2-tools-1.8.5-3.11.1
      ocfs2-tools-debuginfo-1.8.5-3.11.1
      ocfs2-tools-debugsource-1.8.5-3.11.1
      ocfs2-tools-o2cb-1.8.5-3.11.1
      ocfs2-tools-o2cb-debuginfo-1.8.5-3.11.1
      ocfs2console-1.8.5-3.11.1
      ocfs2console-debuginfo-1.8.5-3.11.1

   - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):

      ocfs2-tools-1.8.5-3.11.1
      ocfs2-tools-debuginfo-1.8.5-3.11.1
      ocfs2-tools-debugsource-1.8.5-3.11.1
      ocfs2-tools-o2cb-1.8.5-3.11.1
      ocfs2-tools-o2cb-debuginfo-1.8.5-3.11.1
      ocfs2console-1.8.5-3.11.1
      ocfs2console-debuginfo-1.8.5-3.11.1


References:

   https://bugzilla.suse.com/1191810
   https://bugzilla.suse.com/1192103


From sle-updates at lists.suse.com  Mon Nov 22 14:22:51 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 22 Nov 2021 15:22:51 +0100 (CET)
Subject: SUSE-SU-2021:3760-1: important: Security update for postgresql12
Message-ID: <20211122142251.59AA4FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for postgresql12
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3760-1
Rating:             important
References:         #1192516 
Cross-References:   CVE-2021-23214 CVE-2021-23222
CVSS scores:
                    CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for postgresql12 fixes the following issues:

   - CVE-2021-23214: Make the server reject extraneous data after an SSL or
     GSS encryption handshake (bsc#1192516).
   - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS
     encryption handshake (bsc#1192516).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3760=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3760=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      postgresql12-debugsource-12.9-3.21.1
      postgresql12-devel-12.9-3.21.1
      postgresql12-devel-debuginfo-12.9-3.21.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64):

      postgresql12-server-devel-12.9-3.21.1
      postgresql12-server-devel-debuginfo-12.9-3.21.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      postgresql12-12.9-3.21.1
      postgresql12-contrib-12.9-3.21.1
      postgresql12-contrib-debuginfo-12.9-3.21.1
      postgresql12-debuginfo-12.9-3.21.1
      postgresql12-debugsource-12.9-3.21.1
      postgresql12-plperl-12.9-3.21.1
      postgresql12-plperl-debuginfo-12.9-3.21.1
      postgresql12-plpython-12.9-3.21.1
      postgresql12-plpython-debuginfo-12.9-3.21.1
      postgresql12-pltcl-12.9-3.21.1
      postgresql12-pltcl-debuginfo-12.9-3.21.1
      postgresql12-server-12.9-3.21.1
      postgresql12-server-debuginfo-12.9-3.21.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      postgresql12-docs-12.9-3.21.1


References:

   https://www.suse.com/security/cve/CVE-2021-23214.html
   https://www.suse.com/security/cve/CVE-2021-23222.html
   https://bugzilla.suse.com/1192516


From sle-updates at lists.suse.com  Mon Nov 22 14:24:21 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 22 Nov 2021 15:24:21 +0100 (CET)
Subject: SUSE-SU-2021:3762-1: important: Security update for postgresql13
Message-ID: <20211122142421.C3402FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for postgresql13
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3762-1
Rating:             important
References:         #1192516 
Cross-References:   CVE-2021-23214 CVE-2021-23222
CVSS scores:
                    CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15-SP3
                    SUSE Linux Enterprise Module for Server Applications 15-SP2
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for postgresql13 fixes the following issues:

   - CVE-2021-23214: Make the server reject extraneous data after an SSL or
     GSS encryption handshake (bsc#1192516).
   - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS
     encryption handshake (bsc#1192516).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3762=1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3762=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3762=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3762=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3762=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3762=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      postgresql13-contrib-13.5-5.22.1
      postgresql13-contrib-debuginfo-13.5-5.22.1
      postgresql13-debuginfo-13.5-5.22.1
      postgresql13-debugsource-13.5-5.22.1
      postgresql13-devel-13.5-5.22.1
      postgresql13-devel-debuginfo-13.5-5.22.1
      postgresql13-plperl-13.5-5.22.1
      postgresql13-plperl-debuginfo-13.5-5.22.1
      postgresql13-plpython-13.5-5.22.1
      postgresql13-plpython-debuginfo-13.5-5.22.1
      postgresql13-pltcl-13.5-5.22.1
      postgresql13-pltcl-debuginfo-13.5-5.22.1
      postgresql13-server-13.5-5.22.1
      postgresql13-server-debuginfo-13.5-5.22.1
      postgresql13-server-devel-13.5-5.22.1
      postgresql13-server-devel-debuginfo-13.5-5.22.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):

      postgresql13-docs-13.5-5.22.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64):

      postgresql13-contrib-13.5-5.22.1
      postgresql13-contrib-debuginfo-13.5-5.22.1
      postgresql13-debuginfo-13.5-5.22.1
      postgresql13-debugsource-13.5-5.22.1
      postgresql13-devel-13.5-5.22.1
      postgresql13-devel-debuginfo-13.5-5.22.1
      postgresql13-plperl-13.5-5.22.1
      postgresql13-plperl-debuginfo-13.5-5.22.1
      postgresql13-plpython-13.5-5.22.1
      postgresql13-plpython-debuginfo-13.5-5.22.1
      postgresql13-pltcl-13.5-5.22.1
      postgresql13-pltcl-debuginfo-13.5-5.22.1
      postgresql13-server-13.5-5.22.1
      postgresql13-server-debuginfo-13.5-5.22.1
      postgresql13-server-devel-13.5-5.22.1
      postgresql13-server-devel-debuginfo-13.5-5.22.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch):

      postgresql13-docs-13.5-5.22.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):

      postgresql13-llvmjit-13.5-5.22.1
      postgresql13-llvmjit-debuginfo-13.5-5.22.1
      postgresql13-test-13.5-5.22.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64):

      postgresql13-llvmjit-13.5-5.22.1
      postgresql13-llvmjit-debuginfo-13.5-5.22.1
      postgresql13-test-13.5-5.22.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      postgresql13-13.5-5.22.1
      postgresql13-debuginfo-13.5-5.22.1
      postgresql13-debugsource-13.5-5.22.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      postgresql13-13.5-5.22.1
      postgresql13-debuginfo-13.5-5.22.1
      postgresql13-debugsource-13.5-5.22.1


References:

   https://www.suse.com/security/cve/CVE-2021-23214.html
   https://www.suse.com/security/cve/CVE-2021-23222.html
   https://bugzilla.suse.com/1192516


From sle-updates at lists.suse.com  Mon Nov 22 14:25:53 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 22 Nov 2021 15:25:53 +0100 (CET)
Subject: SUSE-SU-2021:3757-1: important: Security update for postgresql96
Message-ID: <20211122142553.4682BFD0A@maintenance.suse.de>


   SUSE Security Update: Security update for postgresql96
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3757-1
Rating:             important
References:         #1192516 
Cross-References:   CVE-2021-23214 CVE-2021-23222
CVSS scores:
                    CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for postgresql96 fixes the following issues:

   - CVE-2021-23214: Make the server reject extraneous data after an SSL or
     GSS encryption handshake (bsc#1192516).
   - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS
     encryption handshake (bsc#1192516).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3757=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3757=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3757=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3757=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3757=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3757=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3757=1



Package List:

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      postgresql96-docs-9.6.24-6.18.2

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      postgresql96-9.6.24-6.18.2
      postgresql96-contrib-9.6.24-6.18.2
      postgresql96-contrib-debuginfo-9.6.24-6.18.2
      postgresql96-debuginfo-9.6.24-6.18.2
      postgresql96-debugsource-9.6.24-6.18.2
      postgresql96-plperl-9.6.24-6.18.2
      postgresql96-plperl-debuginfo-9.6.24-6.18.2
      postgresql96-plpython-9.6.24-6.18.2
      postgresql96-plpython-debuginfo-9.6.24-6.18.2
      postgresql96-pltcl-9.6.24-6.18.2
      postgresql96-pltcl-debuginfo-9.6.24-6.18.2
      postgresql96-server-9.6.24-6.18.2
      postgresql96-server-debuginfo-9.6.24-6.18.2

   - SUSE OpenStack Cloud 8 (x86_64):

      postgresql96-9.6.24-6.18.2
      postgresql96-contrib-9.6.24-6.18.2
      postgresql96-contrib-debuginfo-9.6.24-6.18.2
      postgresql96-debuginfo-9.6.24-6.18.2
      postgresql96-debugsource-9.6.24-6.18.2
      postgresql96-plperl-9.6.24-6.18.2
      postgresql96-plperl-debuginfo-9.6.24-6.18.2
      postgresql96-plpython-9.6.24-6.18.2
      postgresql96-plpython-debuginfo-9.6.24-6.18.2
      postgresql96-pltcl-9.6.24-6.18.2
      postgresql96-pltcl-debuginfo-9.6.24-6.18.2
      postgresql96-server-9.6.24-6.18.2
      postgresql96-server-debuginfo-9.6.24-6.18.2

   - SUSE OpenStack Cloud 8 (noarch):

      postgresql96-docs-9.6.24-6.18.2

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      postgresql96-9.6.24-6.18.2
      postgresql96-contrib-9.6.24-6.18.2
      postgresql96-contrib-debuginfo-9.6.24-6.18.2
      postgresql96-debuginfo-9.6.24-6.18.2
      postgresql96-debugsource-9.6.24-6.18.2
      postgresql96-plperl-9.6.24-6.18.2
      postgresql96-plperl-debuginfo-9.6.24-6.18.2
      postgresql96-plpython-9.6.24-6.18.2
      postgresql96-plpython-debuginfo-9.6.24-6.18.2
      postgresql96-pltcl-9.6.24-6.18.2
      postgresql96-pltcl-debuginfo-9.6.24-6.18.2
      postgresql96-server-9.6.24-6.18.2
      postgresql96-server-debuginfo-9.6.24-6.18.2

   - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):

      postgresql96-docs-9.6.24-6.18.2

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      postgresql96-9.6.24-6.18.2
      postgresql96-contrib-9.6.24-6.18.2
      postgresql96-contrib-debuginfo-9.6.24-6.18.2
      postgresql96-debuginfo-9.6.24-6.18.2
      postgresql96-debugsource-9.6.24-6.18.2
      postgresql96-plperl-9.6.24-6.18.2
      postgresql96-plperl-debuginfo-9.6.24-6.18.2
      postgresql96-plpython-9.6.24-6.18.2
      postgresql96-plpython-debuginfo-9.6.24-6.18.2
      postgresql96-pltcl-9.6.24-6.18.2
      postgresql96-pltcl-debuginfo-9.6.24-6.18.2
      postgresql96-server-9.6.24-6.18.2
      postgresql96-server-debuginfo-9.6.24-6.18.2

   - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):

      postgresql96-docs-9.6.24-6.18.2

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      postgresql96-9.6.24-6.18.2
      postgresql96-contrib-9.6.24-6.18.2
      postgresql96-contrib-debuginfo-9.6.24-6.18.2
      postgresql96-debuginfo-9.6.24-6.18.2
      postgresql96-debugsource-9.6.24-6.18.2
      postgresql96-plperl-9.6.24-6.18.2
      postgresql96-plperl-debuginfo-9.6.24-6.18.2
      postgresql96-plpython-9.6.24-6.18.2
      postgresql96-plpython-debuginfo-9.6.24-6.18.2
      postgresql96-pltcl-9.6.24-6.18.2
      postgresql96-pltcl-debuginfo-9.6.24-6.18.2
      postgresql96-server-9.6.24-6.18.2
      postgresql96-server-debuginfo-9.6.24-6.18.2

   - SUSE Linux Enterprise Server 12-SP3-BCL (noarch):

      postgresql96-docs-9.6.24-6.18.2

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      postgresql96-9.6.24-6.18.2
      postgresql96-contrib-9.6.24-6.18.2
      postgresql96-contrib-debuginfo-9.6.24-6.18.2
      postgresql96-debuginfo-9.6.24-6.18.2
      postgresql96-debugsource-9.6.24-6.18.2
      postgresql96-plperl-9.6.24-6.18.2
      postgresql96-plperl-debuginfo-9.6.24-6.18.2
      postgresql96-plpython-9.6.24-6.18.2
      postgresql96-plpython-debuginfo-9.6.24-6.18.2
      postgresql96-pltcl-9.6.24-6.18.2
      postgresql96-pltcl-debuginfo-9.6.24-6.18.2
      postgresql96-server-9.6.24-6.18.2
      postgresql96-server-debuginfo-9.6.24-6.18.2

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

      postgresql96-docs-9.6.24-6.18.2

   - HPE Helion Openstack 8 (noarch):

      postgresql96-docs-9.6.24-6.18.2

   - HPE Helion Openstack 8 (x86_64):

      postgresql96-9.6.24-6.18.2
      postgresql96-contrib-9.6.24-6.18.2
      postgresql96-contrib-debuginfo-9.6.24-6.18.2
      postgresql96-debuginfo-9.6.24-6.18.2
      postgresql96-debugsource-9.6.24-6.18.2
      postgresql96-plperl-9.6.24-6.18.2
      postgresql96-plperl-debuginfo-9.6.24-6.18.2
      postgresql96-plpython-9.6.24-6.18.2
      postgresql96-plpython-debuginfo-9.6.24-6.18.2
      postgresql96-pltcl-9.6.24-6.18.2
      postgresql96-pltcl-debuginfo-9.6.24-6.18.2
      postgresql96-server-9.6.24-6.18.2
      postgresql96-server-debuginfo-9.6.24-6.18.2


References:

   https://www.suse.com/security/cve/CVE-2021-23214.html
   https://www.suse.com/security/cve/CVE-2021-23222.html
   https://bugzilla.suse.com/1192516


From sle-updates at lists.suse.com  Mon Nov 22 14:27:26 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 22 Nov 2021 15:27:26 +0100 (CET)
Subject: SUSE-SU-2021:3761-1: important: Security update for postgresql10
Message-ID: <20211122142726.77A5DFD0A@maintenance.suse.de>


   SUSE Security Update: Security update for postgresql10
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3761-1
Rating:             important
References:         #1192516 
Cross-References:   CVE-2021-23214 CVE-2021-23222
CVSS scores:
                    CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for postgresql10 fixes the following issues:

   - CVE-2021-23214: Make the server reject extraneous data after an SSL or
     GSS encryption handshake (bsc#1192516).
   - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS
     encryption handshake (bsc#1192516).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3761=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3761=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3761=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3761=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3761=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3761=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3761=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3761=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3761=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3761=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3761=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3761=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3761=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      postgresql10-docs-10.19-4.22.1

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      postgresql10-docs-10.19-4.22.1

   - SUSE OpenStack Cloud 9 (noarch):

      postgresql10-docs-10.19-4.22.1

   - SUSE OpenStack Cloud 9 (x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - SUSE OpenStack Cloud 8 (x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - SUSE OpenStack Cloud 8 (noarch):

      postgresql10-docs-10.19-4.22.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      postgresql10-debugsource-10.19-4.22.1
      postgresql10-devel-10.19-4.22.1
      postgresql10-devel-debuginfo-10.19-4.22.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):

      postgresql10-docs-10.19-4.22.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):

      postgresql10-docs-10.19-4.22.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      postgresql10-docs-10.19-4.22.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):

      postgresql10-docs-10.19-4.22.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):

      postgresql10-docs-10.19-4.22.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (noarch):

      postgresql10-docs-10.19-4.22.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

      postgresql10-docs-10.19-4.22.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - HPE Helion Openstack 8 (x86_64):

      postgresql10-10.19-4.22.1
      postgresql10-contrib-10.19-4.22.1
      postgresql10-contrib-debuginfo-10.19-4.22.1
      postgresql10-debuginfo-10.19-4.22.1
      postgresql10-debugsource-10.19-4.22.1
      postgresql10-plperl-10.19-4.22.1
      postgresql10-plperl-debuginfo-10.19-4.22.1
      postgresql10-plpython-10.19-4.22.1
      postgresql10-plpython-debuginfo-10.19-4.22.1
      postgresql10-pltcl-10.19-4.22.1
      postgresql10-pltcl-debuginfo-10.19-4.22.1
      postgresql10-server-10.19-4.22.1
      postgresql10-server-debuginfo-10.19-4.22.1

   - HPE Helion Openstack 8 (noarch):

      postgresql10-docs-10.19-4.22.1


References:

   https://www.suse.com/security/cve/CVE-2021-23214.html
   https://www.suse.com/security/cve/CVE-2021-23222.html
   https://bugzilla.suse.com/1192516


From sle-updates at lists.suse.com  Mon Nov 22 14:31:46 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 22 Nov 2021 15:31:46 +0100 (CET)
Subject: SUSE-SU-2021:3758-1: important: Security update for postgresql12
Message-ID: <20211122143146.34B0DFD0A@maintenance.suse.de>


   SUSE Security Update: Security update for postgresql12
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3758-1
Rating:             important
References:         #1192516 
Cross-References:   CVE-2021-23214 CVE-2021-23222
CVSS scores:
                    CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15-SP2
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
                    SUSE Linux Enterprise Module for Legacy Software 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for postgresql12 fixes the following issues:

   - CVE-2021-23214: Make the server reject extraneous data after an SSL or
     GSS encryption handshake (bsc#1192516).
   - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS
     encryption handshake (bsc#1192516).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3758=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3758=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3758=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-3758=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3758=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64):

      postgresql12-contrib-12.9-8.26.1
      postgresql12-contrib-debuginfo-12.9-8.26.1
      postgresql12-debuginfo-12.9-8.26.1
      postgresql12-debugsource-12.9-8.26.1
      postgresql12-devel-12.9-8.26.1
      postgresql12-devel-debuginfo-12.9-8.26.1
      postgresql12-plperl-12.9-8.26.1
      postgresql12-plperl-debuginfo-12.9-8.26.1
      postgresql12-plpython-12.9-8.26.1
      postgresql12-plpython-debuginfo-12.9-8.26.1
      postgresql12-pltcl-12.9-8.26.1
      postgresql12-pltcl-debuginfo-12.9-8.26.1
      postgresql12-server-12.9-8.26.1
      postgresql12-server-debuginfo-12.9-8.26.1
      postgresql12-server-devel-12.9-8.26.1
      postgresql12-server-devel-debuginfo-12.9-8.26.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch):

      postgresql12-docs-12.9-8.26.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):

      postgresql12-llvmjit-12.9-8.26.1
      postgresql12-llvmjit-debuginfo-12.9-8.26.1
      postgresql12-test-12.9-8.26.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64):

      postgresql12-llvmjit-12.9-8.26.1
      postgresql12-llvmjit-debuginfo-12.9-8.26.1
      postgresql12-test-12.9-8.26.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):

      postgresql12-12.9-8.26.1
      postgresql12-contrib-12.9-8.26.1
      postgresql12-contrib-debuginfo-12.9-8.26.1
      postgresql12-debuginfo-12.9-8.26.1
      postgresql12-debugsource-12.9-8.26.1
      postgresql12-devel-12.9-8.26.1
      postgresql12-devel-debuginfo-12.9-8.26.1
      postgresql12-plperl-12.9-8.26.1
      postgresql12-plperl-debuginfo-12.9-8.26.1
      postgresql12-plpython-12.9-8.26.1
      postgresql12-plpython-debuginfo-12.9-8.26.1
      postgresql12-pltcl-12.9-8.26.1
      postgresql12-pltcl-debuginfo-12.9-8.26.1
      postgresql12-server-12.9-8.26.1
      postgresql12-server-debuginfo-12.9-8.26.1
      postgresql12-server-devel-12.9-8.26.1
      postgresql12-server-devel-debuginfo-12.9-8.26.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (noarch):

      postgresql12-docs-12.9-8.26.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      postgresql12-12.9-8.26.1
      postgresql12-debuginfo-12.9-8.26.1
      postgresql12-debugsource-12.9-8.26.1


References:

   https://www.suse.com/security/cve/CVE-2021-23214.html
   https://www.suse.com/security/cve/CVE-2021-23222.html
   https://bugzilla.suse.com/1192516


From sle-updates at lists.suse.com  Mon Nov 22 14:33:20 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 22 Nov 2021 15:33:20 +0100 (CET)
Subject: SUSE-SU-2021:3759-1: important: Security update for postgresql14
Message-ID: <20211122143320.834A1FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for postgresql14
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3759-1
Rating:             important
References:         #1191782 #1192516 
Cross-References:   CVE-2021-23214 CVE-2021-23222
CVSS scores:
                    CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15-SP3
                    SUSE Linux Enterprise Module for Server Applications 15-SP2
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for postgresql14 fixes the following issues:

   - CVE-2021-23214: Make the server reject extraneous data after an SSL or
     GSS encryption handshake (bsc#1192516).
   - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS
     encryption handshake (bsc#1192516).

   - Let rpmlint ignore shlib-policy-name-error (boo#1191782).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3759=1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3759=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3759=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3759=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3759=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3759=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      libecpg6-14.1-5.6.1
      libecpg6-debuginfo-14.1-5.6.1
      postgresql14-contrib-14.1-5.6.1
      postgresql14-contrib-debuginfo-14.1-5.6.1
      postgresql14-debuginfo-14.1-5.6.1
      postgresql14-debugsource-14.1-5.6.1
      postgresql14-devel-14.1-5.6.1
      postgresql14-devel-debuginfo-14.1-5.6.1
      postgresql14-plperl-14.1-5.6.1
      postgresql14-plperl-debuginfo-14.1-5.6.1
      postgresql14-plpython-14.1-5.6.1
      postgresql14-plpython-debuginfo-14.1-5.6.1
      postgresql14-pltcl-14.1-5.6.1
      postgresql14-pltcl-debuginfo-14.1-5.6.1
      postgresql14-server-14.1-5.6.1
      postgresql14-server-debuginfo-14.1-5.6.1
      postgresql14-server-devel-14.1-5.6.1
      postgresql14-server-devel-debuginfo-14.1-5.6.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):

      postgresql14-docs-14.1-5.6.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64):

      libecpg6-14.1-5.6.1
      libecpg6-debuginfo-14.1-5.6.1
      postgresql14-contrib-14.1-5.6.1
      postgresql14-contrib-debuginfo-14.1-5.6.1
      postgresql14-debuginfo-14.1-5.6.1
      postgresql14-debugsource-14.1-5.6.1
      postgresql14-devel-14.1-5.6.1
      postgresql14-devel-debuginfo-14.1-5.6.1
      postgresql14-plperl-14.1-5.6.1
      postgresql14-plperl-debuginfo-14.1-5.6.1
      postgresql14-plpython-14.1-5.6.1
      postgresql14-plpython-debuginfo-14.1-5.6.1
      postgresql14-pltcl-14.1-5.6.1
      postgresql14-pltcl-debuginfo-14.1-5.6.1
      postgresql14-server-14.1-5.6.1
      postgresql14-server-debuginfo-14.1-5.6.1
      postgresql14-server-devel-14.1-5.6.1
      postgresql14-server-devel-debuginfo-14.1-5.6.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch):

      postgresql14-docs-14.1-5.6.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):

      postgresql14-llvmjit-14.1-5.6.1
      postgresql14-llvmjit-debuginfo-14.1-5.6.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):

      postgresql14-test-14.1-5.6.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64):

      postgresql14-llvmjit-14.1-5.6.1
      postgresql14-llvmjit-debuginfo-14.1-5.6.1
      postgresql14-test-14.1-5.6.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      libpq5-14.1-5.6.1
      libpq5-debuginfo-14.1-5.6.1
      postgresql14-14.1-5.6.1
      postgresql14-debuginfo-14.1-5.6.1
      postgresql14-debugsource-14.1-5.6.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      libpq5-14.1-5.6.1
      libpq5-debuginfo-14.1-5.6.1
      postgresql14-14.1-5.6.1
      postgresql14-debuginfo-14.1-5.6.1
      postgresql14-debugsource-14.1-5.6.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64):

      libpq5-32bit-14.1-5.6.1
      libpq5-32bit-debuginfo-14.1-5.6.1


References:

   https://www.suse.com/security/cve/CVE-2021-23214.html
   https://www.suse.com/security/cve/CVE-2021-23222.html
   https://bugzilla.suse.com/1191782
   https://bugzilla.suse.com/1192516


From sle-updates at lists.suse.com  Mon Nov 22 23:18:08 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 23 Nov 2021 00:18:08 +0100 (CET)
Subject: SUSE-RU-2021:3765-1: moderate: Recommended update for grub2
Message-ID: <20211122231808.BC1CBFD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for grub2
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3765-1
Rating:             moderate
References:         #1167756 #1186975 
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

   An update that has two recommended fixes can now be
   installed.

Description:

   This update for grub2 fixes the following issues:

   - Fix boot failure as journaled data not get drained due to abrupt power
     off after grub-install (bsc#1167756)
   - Fix boot failure after kdump due to the content of grub.cfg to pending
     modificaton in xfs journal (bsc#1186975)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3765=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3765=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3765=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3765=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      grub2-2.02-122.7.13
      grub2-debuginfo-2.02-122.7.13

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le):

      grub2-powerpc-ieee1275-2.02-122.7.13

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      grub2-snapper-plugin-2.02-122.7.13
      grub2-systemd-sleep-plugin-2.02-122.7.13

   - SUSE Linux Enterprise Server for SAP 15 (x86_64):

      grub2-debugsource-2.02-122.7.13
      grub2-i386-pc-2.02-122.7.13
      grub2-x86_64-efi-2.02-122.7.13
      grub2-x86_64-xen-2.02-122.7.13

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      grub2-2.02-122.7.13
      grub2-debuginfo-2.02-122.7.13
      grub2-debugsource-2.02-122.7.13

   - SUSE Linux Enterprise Server 15-LTSS (aarch64):

      grub2-arm64-efi-2.02-122.7.13

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      grub2-snapper-plugin-2.02-122.7.13
      grub2-systemd-sleep-plugin-2.02-122.7.13

   - SUSE Linux Enterprise Server 15-LTSS (s390x):

      grub2-s390x-emu-2.02-122.7.13

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      grub2-2.02-122.7.13
      grub2-debuginfo-2.02-122.7.13
      grub2-debugsource-2.02-122.7.13

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64):

      grub2-arm64-efi-2.02-122.7.13

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      grub2-snapper-plugin-2.02-122.7.13
      grub2-systemd-sleep-plugin-2.02-122.7.13

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):

      grub2-i386-pc-2.02-122.7.13
      grub2-x86_64-efi-2.02-122.7.13
      grub2-x86_64-xen-2.02-122.7.13

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      grub2-2.02-122.7.13
      grub2-debuginfo-2.02-122.7.13
      grub2-debugsource-2.02-122.7.13

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64):

      grub2-arm64-efi-2.02-122.7.13

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):

      grub2-i386-pc-2.02-122.7.13
      grub2-x86_64-efi-2.02-122.7.13
      grub2-x86_64-xen-2.02-122.7.13

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      grub2-snapper-plugin-2.02-122.7.13
      grub2-systemd-sleep-plugin-2.02-122.7.13


References:

   https://bugzilla.suse.com/1167756
   https://bugzilla.suse.com/1186975


From sle-updates at lists.suse.com  Tue Nov 23 11:18:04 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 23 Nov 2021 12:18:04 +0100 (CET)
Subject: SUSE-RU-2021:3766-1: moderate: Recommended update for git
Message-ID: <20211123111804.CDDB1FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for git
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3766-1
Rating:             moderate
References:         #1192023 
Affected Products:
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for git fixes the following issues:

   - Installation of the "git-daemon" package needs nogroup group dependency
     (bsc#1192023)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3766=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3766=1



Package List:

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      git-2.31.1-10.6.1
      git-arch-2.31.1-10.6.1
      git-cvs-2.31.1-10.6.1
      git-daemon-2.31.1-10.6.1
      git-daemon-debuginfo-2.31.1-10.6.1
      git-debuginfo-2.31.1-10.6.1
      git-debugsource-2.31.1-10.6.1
      git-email-2.31.1-10.6.1
      git-gui-2.31.1-10.6.1
      git-svn-2.31.1-10.6.1
      git-web-2.31.1-10.6.1
      gitk-2.31.1-10.6.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):

      git-doc-2.31.1-10.6.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      git-core-2.31.1-10.6.1
      git-core-debuginfo-2.31.1-10.6.1
      git-debuginfo-2.31.1-10.6.1
      git-debugsource-2.31.1-10.6.1
      perl-Git-2.31.1-10.6.1


References:

   https://bugzilla.suse.com/1192023


From sle-updates at lists.suse.com  Tue Nov 23 17:20:15 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 23 Nov 2021 18:20:15 +0100 (CET)
Subject: SUSE-RU-2021:3767-1: moderate: Recommended update for apr-util
Message-ID: <20211123172015.4FE37FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for apr-util
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3767-1
Rating:             moderate
References:         #1191619 SLE-12211 
Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15-SP3
                    SUSE Linux Enterprise Module for Legacy Software 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has one recommended fix and contains one
   feature can now be installed.

Description:


   This update for apr-util fixes the following problem:

   - The dbm backend is shipped in the libapr-util1-dbm-db package in the
     Legacy Module.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3767=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-3767=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3767=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      apr-util-debuginfo-1.6.1-18.2.1
      apr-util-debugsource-1.6.1-18.2.1
      libapr-util1-dbd-mysql-1.6.1-18.2.1
      libapr-util1-dbd-mysql-debuginfo-1.6.1-18.2.1
      libapr-util1-dbd-pgsql-1.6.1-18.2.1
      libapr-util1-dbd-pgsql-debuginfo-1.6.1-18.2.1
      libapr-util1-dbd-sqlite3-1.6.1-18.2.1
      libapr-util1-dbd-sqlite3-debuginfo-1.6.1-18.2.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):

      libapr-util1-dbm-db-1.6.1-18.2.1
      libapr-util1-dbm-db-debuginfo-1.6.1-18.2.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      apr-util-debuginfo-1.6.1-18.2.1
      apr-util-debugsource-1.6.1-18.2.1
      apr-util-devel-1.6.1-18.2.1
      libapr-util1-1.6.1-18.2.1
      libapr-util1-debuginfo-1.6.1-18.2.1


References:

   https://bugzilla.suse.com/1191619


From sle-updates at lists.suse.com  Tue Nov 23 20:17:50 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 23 Nov 2021 21:17:50 +0100 (CET)
Subject: SUSE-SU-2021:3772-1: important: Security update for redis
Message-ID: <20211123201750.49F07FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for redis
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3772-1
Rating:             important
References:         #1191299 #1191300 #1191302 #1191303 #1191304 
                    #1191305 #1191306 
Cross-References:   CVE-2021-32626 CVE-2021-32627 CVE-2021-32628
                    CVE-2021-32672 CVE-2021-32675 CVE-2021-32687
                    CVE-2021-32762 CVE-2021-41099
CVSS scores:
                    CVE-2021-32626 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32627 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32627 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32628 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32628 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32672 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-32672 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-32675 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-32675 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-32687 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32687 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32762 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-32762 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-41099 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-41099 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15-SP3
                    SUSE Linux Enterprise Module for Server Applications 15-SP2
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:

   This update for redis fixes the following issues:

   - CVE-2021-32627: Fixed integer to heap buffer overflows with streams
     (bsc#1191305).
   - CVE-2021-32628: Fixed integer to heap buffer overflows handling
     ziplist-encoded data types (bsc#1191305).
   - CVE-2021-32687: Fixed integer to heap buffer overflow with intsets
     (bsc#1191302).
   - CVE-2021-32762: Fixed integer to heap buffer overflow issue in redis-cli
     and redis-sentinel (bsc#1191300).
   - CVE-2021-32626: Fixed heap buffer overflow caused by specially crafted
     Lua scripts (bsc#1191306).
   - CVE-2021-32672: Fixed random heap reading issue with Lua Debugger
     (bsc#1191304).
   - CVE-2021-32675: Fixed Denial Of Service when processing RESP request
     payloads with a large number of elements on many connections
     (bsc#1191303).
   - CVE-2021-41099: Fixed integer to heap buffer overflow handling certain
     string commands and network payloads (bsc#1191299).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3772=1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3772=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      redis-6.0.14-6.8.1
      redis-debuginfo-6.0.14-6.8.1
      redis-debugsource-6.0.14-6.8.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64):

      redis-6.0.14-6.8.1
      redis-debuginfo-6.0.14-6.8.1
      redis-debugsource-6.0.14-6.8.1


References:

   https://www.suse.com/security/cve/CVE-2021-32626.html
   https://www.suse.com/security/cve/CVE-2021-32627.html
   https://www.suse.com/security/cve/CVE-2021-32628.html
   https://www.suse.com/security/cve/CVE-2021-32672.html
   https://www.suse.com/security/cve/CVE-2021-32675.html
   https://www.suse.com/security/cve/CVE-2021-32687.html
   https://www.suse.com/security/cve/CVE-2021-32762.html
   https://www.suse.com/security/cve/CVE-2021-41099.html
   https://bugzilla.suse.com/1191299
   https://bugzilla.suse.com/1191300
   https://bugzilla.suse.com/1191302
   https://bugzilla.suse.com/1191303
   https://bugzilla.suse.com/1191304
   https://bugzilla.suse.com/1191305
   https://bugzilla.suse.com/1191306


From sle-updates at lists.suse.com  Tue Nov 23 20:22:33 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 23 Nov 2021 21:22:33 +0100 (CET)
Subject: SUSE-SU-2021:3770-1: important: Security update for java-1_8_0-openjdk
Message-ID: <20211123202233.9FDD7FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for java-1_8_0-openjdk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3770-1
Rating:             important
References:         #1191901 #1191903 #1191904 #1191905 #1191906 
                    #1191909 #1191910 #1191911 #1191912 #1191913 
                    #1191914 
Cross-References:   CVE-2021-35550 CVE-2021-35556 CVE-2021-35559
                    CVE-2021-35561 CVE-2021-35564 CVE-2021-35565
                    CVE-2021-35567 CVE-2021-35578 CVE-2021-35586
                    CVE-2021-35588 CVE-2021-35603
CVSS scores:
                    CVE-2021-35550 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-35550 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35561 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35561 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35567 (NVD) : 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
                    CVE-2021-35567 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
                    CVE-2021-35578 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35578 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-35603 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-35603 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Module for Legacy Software 15-SP3
                    SUSE Linux Enterprise Module for Legacy Software 15-SP2
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that fixes 11 vulnerabilities is now available.

Description:

   This update for java-1_8_0-openjdk fixes the following issues:

   Update to version OpenJDK 8u312 (October 2021 CPU):

   - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS
     (bsc#1191901).
   - CVE-2021-35556: Fixed excessive memory allocation in RTFParser
     (bsc#1191910).
   - CVE-2021-35559: Fixed excessive memory allocation in RTFReader
     (bsc#1191911).
   - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet
     (bsc#1191912).
   - CVE-2021-35564: Fixed certificates with end dates too far in the future
     can corrupt keystore (bsc#1191913).
   - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session
     close (bsc#1191909).
   - CVE-2021-35567: Fixed incorrect principal selection when using Kerberos
     Constrained Delegation (bsc#1191903).
   - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake
     (bsc#1191904).
   - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader
     (bsc#1191914).
   - CVE-2021-35588: Fixed incomplete validation of inner class references in
     ClassFileParser (bsc#1191905)
   - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes
     (bsc#1191906).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3770=1

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3770=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3770=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3770=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3770=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-3770=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-3770=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3770=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      java-1_8_0-openjdk-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debugsource-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.58.2

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      java-1_8_0-openjdk-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debugsource-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.58.2

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      java-1_8_0-openjdk-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debugsource-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.58.2

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      java-1_8_0-openjdk-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debugsource-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.58.2

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      java-1_8_0-openjdk-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debugsource-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.58.2

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):

      java-1_8_0-openjdk-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debugsource-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.58.2

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64):

      java-1_8_0-openjdk-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debugsource-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.58.2

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      java-1_8_0-openjdk-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debugsource-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.58.2

   - SUSE CaaS Platform 4.0 (x86_64):

      java-1_8_0-openjdk-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-debugsource-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-1.8.0.312-3.58.2
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-1.8.0.312-3.58.2
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.58.2


References:

   https://www.suse.com/security/cve/CVE-2021-35550.html
   https://www.suse.com/security/cve/CVE-2021-35556.html
   https://www.suse.com/security/cve/CVE-2021-35559.html
   https://www.suse.com/security/cve/CVE-2021-35561.html
   https://www.suse.com/security/cve/CVE-2021-35564.html
   https://www.suse.com/security/cve/CVE-2021-35565.html
   https://www.suse.com/security/cve/CVE-2021-35567.html
   https://www.suse.com/security/cve/CVE-2021-35578.html
   https://www.suse.com/security/cve/CVE-2021-35586.html
   https://www.suse.com/security/cve/CVE-2021-35588.html
   https://www.suse.com/security/cve/CVE-2021-35603.html
   https://bugzilla.suse.com/1191901
   https://bugzilla.suse.com/1191903
   https://bugzilla.suse.com/1191904
   https://bugzilla.suse.com/1191905
   https://bugzilla.suse.com/1191906
   https://bugzilla.suse.com/1191909
   https://bugzilla.suse.com/1191910
   https://bugzilla.suse.com/1191911
   https://bugzilla.suse.com/1191912
   https://bugzilla.suse.com/1191913
   https://bugzilla.suse.com/1191914


From sle-updates at lists.suse.com  Tue Nov 23 20:25:25 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 23 Nov 2021 21:25:25 +0100 (CET)
Subject: SUSE-SU-2021:3768-1: important: Security update for webkit2gtk3
Message-ID: <20211123202525.BB81AFD0A@maintenance.suse.de>


   SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3768-1
Rating:             important
References:         #1191937 
Cross-References:   CVE-2021-42762
CVSS scores:
                    CVE-2021-42762 (NVD) : 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
                    CVE-2021-42762 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for webkit2gtk3 fixes the following issues:

   - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak
     (bsc#1191937).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3768=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3768=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3768=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3768=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3768=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3768=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3768=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3768=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3768=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3768=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3768=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3768=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3768=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      libwebkit2gtk3-lang-2.32.4-2.74.5

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      libwebkit2gtk3-lang-2.32.4-2.74.5

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5

   - SUSE OpenStack Cloud 9 (noarch):

      libwebkit2gtk3-lang-2.32.4-2.74.5

   - SUSE OpenStack Cloud 9 (x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5

   - SUSE OpenStack Cloud 8 (noarch):

      libwebkit2gtk3-lang-2.32.4-2.74.5

   - SUSE OpenStack Cloud 8 (x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5
      webkit2gtk3-devel-2.32.4-2.74.5

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5

   - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):

      libwebkit2gtk3-lang-2.32.4-2.74.5

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5

   - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):

      libwebkit2gtk3-lang-2.32.4-2.74.5

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      libwebkit2gtk3-lang-2.32.4-2.74.5

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5

   - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):

      libwebkit2gtk3-lang-2.32.4-2.74.5

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5

   - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):

      libwebkit2gtk3-lang-2.32.4-2.74.5

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5
      webkit2gtk3-devel-2.32.4-2.74.5

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

      libwebkit2gtk3-lang-2.32.4-2.74.5

   - HPE Helion Openstack 8 (x86_64):

      libjavascriptcoregtk-4_0-18-2.32.4-2.74.5
      libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-2.32.4-2.74.5
      libwebkit2gtk-4_0-37-debuginfo-2.32.4-2.74.5
      typelib-1_0-JavaScriptCore-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2-4_0-2.32.4-2.74.5
      typelib-1_0-WebKit2WebExtension-4_0-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-2.32.4-2.74.5
      webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-2.74.5
      webkit2gtk3-debugsource-2.32.4-2.74.5

   - HPE Helion Openstack 8 (noarch):

      libwebkit2gtk3-lang-2.32.4-2.74.5


References:

   https://www.suse.com/security/cve/CVE-2021-42762.html
   https://bugzilla.suse.com/1191937


From sle-updates at lists.suse.com  Tue Nov 23 20:26:55 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 23 Nov 2021 21:26:55 +0100 (CET)
Subject: SUSE-SU-2021:3769-1: important: Security update for webkit2gtk3
Message-ID: <20211123202655.63E05FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3769-1
Rating:             important
References:         #1191937 #1192063 
Cross-References:   CVE-2021-30846 CVE-2021-30851 CVE-2021-42762
                   
CVSS scores:
                    CVE-2021-30846 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-30846 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-30851 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-30851 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-42762 (NVD) : 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
                    CVE-2021-42762 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for webkit2gtk3 fixes the following issues:

   - CVE-2021-30846: Fixed memory corruption issue that could lead to
     arbitrary code execution when processing maliciously crafted web content
     (bsc#1192063).
   - CVE-2021-30851: Fixed memory corruption vulnerability that could lead to
     arbitrary code execution when processing maliciously crafted web content
     (bsc#1192063).
   - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak
     (bsc#1191937).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3769=1

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3769=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3769=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3769=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3769=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3769=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3769=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3769=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3769=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3769=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      libjavascriptcoregtk-4_0-18-2.34.1-3.87.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-debuginfo-2.34.1-3.87.1
      typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-3.87.1
      webkit2gtk3-debugsource-2.34.1-3.87.1
      webkit2gtk3-devel-2.34.1-3.87.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

      libwebkit2gtk3-lang-2.34.1-3.87.1

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      libjavascriptcoregtk-4_0-18-2.34.1-3.87.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-debuginfo-2.34.1-3.87.1
      typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-3.87.1
      webkit2gtk3-debugsource-2.34.1-3.87.1
      webkit2gtk3-devel-2.34.1-3.87.1

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      libwebkit2gtk3-lang-2.34.1-3.87.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.34.1-3.87.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-debuginfo-2.34.1-3.87.1
      typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-3.87.1
      webkit2gtk3-debugsource-2.34.1-3.87.1
      webkit2gtk3-devel-2.34.1-3.87.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

      libwebkit2gtk3-lang-2.34.1-3.87.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

      libwebkit2gtk3-lang-2.34.1-3.87.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      libjavascriptcoregtk-4_0-18-2.34.1-3.87.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-debuginfo-2.34.1-3.87.1
      typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-3.87.1
      webkit2gtk3-debugsource-2.34.1-3.87.1
      webkit2gtk3-devel-2.34.1-3.87.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      libjavascriptcoregtk-4_0-18-2.34.1-3.87.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-debuginfo-2.34.1-3.87.1
      typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-3.87.1
      webkit2gtk3-debugsource-2.34.1-3.87.1
      webkit2gtk3-devel-2.34.1-3.87.1

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      libwebkit2gtk3-lang-2.34.1-3.87.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      libjavascriptcoregtk-4_0-18-2.34.1-3.87.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-debuginfo-2.34.1-3.87.1
      typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-3.87.1
      webkit2gtk3-debugsource-2.34.1-3.87.1
      webkit2gtk3-devel-2.34.1-3.87.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

      libwebkit2gtk3-lang-2.34.1-3.87.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      libjavascriptcoregtk-4_0-18-2.34.1-3.87.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-debuginfo-2.34.1-3.87.1
      typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-3.87.1
      webkit2gtk3-debugsource-2.34.1-3.87.1
      webkit2gtk3-devel-2.34.1-3.87.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

      libwebkit2gtk3-lang-2.34.1-3.87.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      libjavascriptcoregtk-4_0-18-2.34.1-3.87.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-debuginfo-2.34.1-3.87.1
      typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-3.87.1
      webkit2gtk3-debugsource-2.34.1-3.87.1
      webkit2gtk3-devel-2.34.1-3.87.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      libwebkit2gtk3-lang-2.34.1-3.87.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      libjavascriptcoregtk-4_0-18-2.34.1-3.87.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-debuginfo-2.34.1-3.87.1
      typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-3.87.1
      webkit2gtk3-debugsource-2.34.1-3.87.1
      webkit2gtk3-devel-2.34.1-3.87.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      libwebkit2gtk3-lang-2.34.1-3.87.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      libjavascriptcoregtk-4_0-18-2.34.1-3.87.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-debuginfo-2.34.1-3.87.1
      typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-3.87.1
      webkit2gtk3-debugsource-2.34.1-3.87.1
      webkit2gtk3-devel-2.34.1-3.87.1

   - SUSE Enterprise Storage 6 (noarch):

      libwebkit2gtk3-lang-2.34.1-3.87.1

   - SUSE CaaS Platform 4.0 (noarch):

      libwebkit2gtk3-lang-2.34.1-3.87.1

   - SUSE CaaS Platform 4.0 (x86_64):

      libjavascriptcoregtk-4_0-18-2.34.1-3.87.1
      libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-2.34.1-3.87.1
      libwebkit2gtk-4_0-37-debuginfo-2.34.1-3.87.1
      typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2-4_0-2.34.1-3.87.1
      typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1
      webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-3.87.1
      webkit2gtk3-debugsource-2.34.1-3.87.1
      webkit2gtk3-devel-2.34.1-3.87.1


References:

   https://www.suse.com/security/cve/CVE-2021-30846.html
   https://www.suse.com/security/cve/CVE-2021-30851.html
   https://www.suse.com/security/cve/CVE-2021-42762.html
   https://bugzilla.suse.com/1191937
   https://bugzilla.suse.com/1192063


From sle-updates at lists.suse.com  Tue Nov 23 20:28:28 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 23 Nov 2021 21:28:28 +0100 (CET)
Subject: SUSE-SU-2021:3773-1: important: Security update for bind
Message-ID: <20211123202828.36E22FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for bind
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3773-1
Rating:             important
References:         #1192146 
Cross-References:   CVE-2021-25219
CVSS scores:
                    CVE-2021-25219 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-25219 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for bind fixes the following issues:

   - CVE-2021-25219: Fixed lame cache that could have been abused to severely
     degrade resolver performance (bsc#1192146).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3773=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3773=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64):

      bind-9.16.6-12.57.1
      bind-chrootenv-9.16.6-12.57.1
      bind-debuginfo-9.16.6-12.57.1
      bind-debugsource-9.16.6-12.57.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch):

      bind-doc-9.16.6-12.57.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      bind-debuginfo-9.16.6-12.57.1
      bind-debugsource-9.16.6-12.57.1
      bind-devel-9.16.6-12.57.1
      bind-utils-9.16.6-12.57.1
      bind-utils-debuginfo-9.16.6-12.57.1
      libbind9-1600-9.16.6-12.57.1
      libbind9-1600-debuginfo-9.16.6-12.57.1
      libdns1605-9.16.6-12.57.1
      libdns1605-debuginfo-9.16.6-12.57.1
      libirs-devel-9.16.6-12.57.1
      libirs1601-9.16.6-12.57.1
      libirs1601-debuginfo-9.16.6-12.57.1
      libisc1606-9.16.6-12.57.1
      libisc1606-debuginfo-9.16.6-12.57.1
      libisccc1600-9.16.6-12.57.1
      libisccc1600-debuginfo-9.16.6-12.57.1
      libisccfg1600-9.16.6-12.57.1
      libisccfg1600-debuginfo-9.16.6-12.57.1
      libns1604-9.16.6-12.57.1
      libns1604-debuginfo-9.16.6-12.57.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):

      python3-bind-9.16.6-12.57.1


References:

   https://www.suse.com/security/cve/CVE-2021-25219.html
   https://bugzilla.suse.com/1192146


From sle-updates at lists.suse.com  Tue Nov 23 20:31:13 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 23 Nov 2021 21:31:13 +0100 (CET)
Subject: SUSE-SU-2021:3771-1: important: Security update for java-1_8_0-openjdk
Message-ID: <20211123203113.E0039FD2F@maintenance.suse.de>


   SUSE Security Update: Security update for java-1_8_0-openjdk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3771-1
Rating:             important
References:         #1191901 #1191903 #1191904 #1191905 #1191906 
                    #1191909 #1191910 #1191911 #1191912 #1191913 
                    #1191914 
Cross-References:   CVE-2021-35550 CVE-2021-35556 CVE-2021-35559
                    CVE-2021-35561 CVE-2021-35564 CVE-2021-35565
                    CVE-2021-35567 CVE-2021-35578 CVE-2021-35586
                    CVE-2021-35588 CVE-2021-35603
CVSS scores:
                    CVE-2021-35550 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-35550 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35561 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35561 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35567 (NVD) : 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
                    CVE-2021-35567 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
                    CVE-2021-35578 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35578 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-35603 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-35603 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that fixes 11 vulnerabilities is now available.

Description:

   This update for java-1_8_0-openjdk fixes the following issues:

   Update to version OpenJDK 8u312 (October 2021 CPU):

   - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS
     (bsc#1191901).
   - CVE-2021-35556: Fixed excessive memory allocation in RTFParser
     (bsc#1191910).
   - CVE-2021-35559: Fixed excessive memory allocation in RTFReader
     (bsc#1191911).
   - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet
     (bsc#1191912).
   - CVE-2021-35564: Fixed certificates with end dates too far in the future
     can corrupt keystore (bsc#1191913).
   - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session
     close (bsc#1191909).
   - CVE-2021-35567: Fixed incorrect principal selection when using Kerberos
     Constrained Delegation (bsc#1191903).
   - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake
     (bsc#1191904).
   - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader
     (bsc#1191914).
   - CVE-2021-35588: Fixed incomplete validation of inner class references in
     ClassFileParser (bsc#1191905)
   - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes
     (bsc#1191906).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3771=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3771=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3771=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3771=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3771=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3771=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3771=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3771=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3771=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3771=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3771=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3771=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1

   - SUSE OpenStack Cloud 9 (x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1

   - SUSE OpenStack Cloud 8 (x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1

   - HPE Helion Openstack 8 (x86_64):

      java-1_8_0-openjdk-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-debugsource-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-1.8.0.312-27.66.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-1.8.0.312-27.66.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.66.1


References:

   https://www.suse.com/security/cve/CVE-2021-35550.html
   https://www.suse.com/security/cve/CVE-2021-35556.html
   https://www.suse.com/security/cve/CVE-2021-35559.html
   https://www.suse.com/security/cve/CVE-2021-35561.html
   https://www.suse.com/security/cve/CVE-2021-35564.html
   https://www.suse.com/security/cve/CVE-2021-35565.html
   https://www.suse.com/security/cve/CVE-2021-35567.html
   https://www.suse.com/security/cve/CVE-2021-35578.html
   https://www.suse.com/security/cve/CVE-2021-35586.html
   https://www.suse.com/security/cve/CVE-2021-35588.html
   https://www.suse.com/security/cve/CVE-2021-35603.html
   https://bugzilla.suse.com/1191901
   https://bugzilla.suse.com/1191903
   https://bugzilla.suse.com/1191904
   https://bugzilla.suse.com/1191905
   https://bugzilla.suse.com/1191906
   https://bugzilla.suse.com/1191909
   https://bugzilla.suse.com/1191910
   https://bugzilla.suse.com/1191911
   https://bugzilla.suse.com/1191912
   https://bugzilla.suse.com/1191913
   https://bugzilla.suse.com/1191914


From sle-updates at lists.suse.com  Wed Nov 24 02:18:03 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 03:18:03 +0100 (CET)
Subject: SUSE-RU-2021:3777-1: moderate: Recommended update for tigervnc
Message-ID: <20211124021803.7DB57FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for tigervnc
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3777-1
Rating:             moderate
References:         #1179809 
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for tigervnc fixes the following issues:

   - TigerVNC now works in FIPS environment (bsc#1179809)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3777=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3777=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3777=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3777=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      libXvnc-devel-1.8.0-13.17.2
      libXvnc1-1.8.0-13.17.2
      libXvnc1-debuginfo-1.8.0-13.17.2
      tigervnc-1.8.0-13.17.2
      tigervnc-debuginfo-1.8.0-13.17.2
      tigervnc-debugsource-1.8.0-13.17.2
      xorg-x11-Xvnc-1.8.0-13.17.2
      xorg-x11-Xvnc-debuginfo-1.8.0-13.17.2

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      xorg-x11-Xvnc-novnc-1.8.0-13.17.2

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      libXvnc-devel-1.8.0-13.17.2
      libXvnc1-1.8.0-13.17.2
      libXvnc1-debuginfo-1.8.0-13.17.2
      tigervnc-1.8.0-13.17.2
      tigervnc-debuginfo-1.8.0-13.17.2
      tigervnc-debugsource-1.8.0-13.17.2
      xorg-x11-Xvnc-1.8.0-13.17.2
      xorg-x11-Xvnc-debuginfo-1.8.0-13.17.2

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      xorg-x11-Xvnc-novnc-1.8.0-13.17.2

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      libXvnc-devel-1.8.0-13.17.2
      libXvnc1-1.8.0-13.17.2
      libXvnc1-debuginfo-1.8.0-13.17.2
      tigervnc-1.8.0-13.17.2
      tigervnc-debuginfo-1.8.0-13.17.2
      tigervnc-debugsource-1.8.0-13.17.2
      xorg-x11-Xvnc-1.8.0-13.17.2
      xorg-x11-Xvnc-debuginfo-1.8.0-13.17.2

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      xorg-x11-Xvnc-novnc-1.8.0-13.17.2

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      libXvnc-devel-1.8.0-13.17.2
      libXvnc1-1.8.0-13.17.2
      libXvnc1-debuginfo-1.8.0-13.17.2
      tigervnc-1.8.0-13.17.2
      tigervnc-debuginfo-1.8.0-13.17.2
      tigervnc-debugsource-1.8.0-13.17.2
      xorg-x11-Xvnc-1.8.0-13.17.2
      xorg-x11-Xvnc-debuginfo-1.8.0-13.17.2

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      xorg-x11-Xvnc-novnc-1.8.0-13.17.2


References:

   https://bugzilla.suse.com/1179809


From sle-updates at lists.suse.com  Wed Nov 24 02:19:21 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 03:19:21 +0100 (CET)
Subject: SUSE-RU-2021:3774-1: moderate: Recommended update for resource-agents
Message-ID: <20211124021921.476F0FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for resource-agents
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3774-1
Rating:             moderate
References:         #1184382 
Affected Products:
                    SUSE Linux Enterprise High Availability 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for resource-agents fixes the following issue:

   - Improve client fail over to regain access to nfs share (bsc#1184382)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3774=1



Package List:

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      ldirectord-4.8.0+git30.d0077df0-8.17.1
      resource-agents-4.8.0+git30.d0077df0-8.17.1
      resource-agents-debuginfo-4.8.0+git30.d0077df0-8.17.1
      resource-agents-debugsource-4.8.0+git30.d0077df0-8.17.1

   - SUSE Linux Enterprise High Availability 15-SP3 (noarch):

      monitoring-plugins-metadata-4.8.0+git30.d0077df0-8.17.1


References:

   https://bugzilla.suse.com/1184382


From sle-updates at lists.suse.com  Wed Nov 24 02:20:41 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 03:20:41 +0100 (CET)
Subject: SUSE-RU-2021:3780-1: moderate: Recommended update for libzypp, zypper,
 libsolv
Message-ID: <20211124022041.3B1A2FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for libzypp, zypper, libsolv
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3780-1
Rating:             moderate
References:         #1153687 #1182372 #1183268 #1183589 #1184326 
                    #1184399 #1184997 #1185325 #1186447 #1186503 
                    #1186602 #1187224 #1187425 #1187466 #1187738 
                    #1187760 #1188156 #1188435 #1189031 #1190059 
                    #1190199 #1190356 #1190465 #1190712 #1190815 
                    #1191286 #1191324 #1191370 #1191609 #1192337 
                    #1192436 SLE-18858 
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Installer 15
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

   An update that has 31 recommended fixes and contains one
   feature can now be installed.

Description:

   This update for libzypp, zypper and libsolv fixes the following issues:

   - Do not download full files even if the checkExistsOnly flag is set.
     (bsc#1190712)
   - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
   - Make sure to keep states alives while transitioning. (bsc#1190199)
   - May set techpreview variables for testing in /etc/zypp/zypp.conf.
   - If environment variables are unhandy one may enable the desired
     techpreview in zypp.conf
   - CMake/spec: Add option to force SINGLE_RPMTRANS as default for zypper.
   - Make sure singleTrans is zypper-only for now.
   - Do not check of signatures and keys two times(redundant) (bsc#1190059)
   - Fix crashes in logging code when shutting down (bsc#1189031)
   - Rephrase vendor conflict message in case 2 packages are involved
     (bsc#1187760)
   - Fix solver jobs for PTFs (bsc#1186503)
   - spec: switch to pkgconfig(openssl)
   - Show key fpr from signature when signature check fails (bsc#1187224)
   - Implement alternative single transaction commit strategy.
   - Use ZYPP_MEDIANETWORK=1 to enable the experimental new media backend.
   - Implement zchunk download, refactor Downloader backend.
   - Fix purge-kernels fails (bsc#1187738)
   - Avoid calling 'su' to detect a too restrictive sudo user umask
     (bsc#1186602)
   - Fix typo in German translations.
   - Support new reports for singletrans rpm commit.
   - Prompt: choose exact match if prompt options are not prefix free
     (bsc#1188156)
   - Install summary: Show new and removed packages closer to the prompt.
   - Add need reboot/restart hint to XML install summary (bsc#1188435)
   - Add comment option for lock command.
   - Fix obs:// platform guessing for Leap (bsc#1187425)
   - Manpage: Improve description about patch updates(bsc#1187466)
   - Manpage: Recommend the needs-rebooting command to test whether a system
     reboot is suggested.
   - Let a patch's reboot-needed flag overrule included packages.
     (bsc#1183268)
   - Quickfix setting "openSUSE_Tumbleweed" as default platform for "MicroOS"
     (bsc#1153687)
   - Protect against strict/relaxed user umask via sudo (bsc#1183589)
   - zypper-log: protect against thread name indicators in a log.
   - xml summary: add solvables repository alias. (bsc#1182372)
   - Fix service detection with cgroupv2 (bsc#1184997)
   - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325)
   - Allow trusted repos to add additional signing keys (bsc#1184326)
   - Let negative values wait forever for the zypp lock (bsc#1184399)
   - Link all executables with -pie (bsc#1186447)
   - Ship an empty /etc/zypp/needreboot per default (jsc#PM-2645)
   - choice rules: treat orphaned packages as newest (bc#1190465)
   - Consolidate reboot-recommendations across tools and stop using
     /etc/zypp/needreboot (jsc#-SLE-18858)
   - Disable logger in the child after fork (bsc#1192436)
   - Check log writer before accessing it (bsc#1192337)
   - Allow uname-r format in purge kernels keepspec
   - zypper should keep cached files if transaction is aborted (bsc#1190356)
   - Require a minimum number of mirrors for multicurl (bsc#1191609)
   - Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324)
   - Fix translations (bsc#1191370)
   - RepoManager: Don't probe for plaindir repo if URL schema is plugin
     (bsc#1191286)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3780=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3780=1

   - SUSE Linux Enterprise Installer 15:

      zypper in -t patch SUSE-SLE-INSTALLER-15-2021-3780=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3780=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3780=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      libsolv-debuginfo-0.7.20-3.48.1
      libsolv-debugsource-0.7.20-3.48.1
      libsolv-devel-0.7.20-3.48.1
      libsolv-devel-debuginfo-0.7.20-3.48.1
      libsolv-tools-0.7.20-3.48.1
      libsolv-tools-debuginfo-0.7.20-3.48.1
      libzypp-17.28.8-3.78.1
      libzypp-debuginfo-17.28.8-3.78.1
      libzypp-debugsource-17.28.8-3.78.1
      libzypp-devel-17.28.8-3.78.1
      perl-solv-0.7.20-3.48.1
      perl-solv-debuginfo-0.7.20-3.48.1
      python-solv-0.7.20-3.48.1
      python-solv-debuginfo-0.7.20-3.48.1
      python3-solv-0.7.20-3.48.1
      python3-solv-debuginfo-0.7.20-3.48.1
      ruby-solv-0.7.20-3.48.1
      ruby-solv-debuginfo-0.7.20-3.48.1
      zypper-1.14.50-3.60.1
      zypper-debuginfo-1.14.50-3.60.1
      zypper-debugsource-1.14.50-3.60.1

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      zypper-log-1.14.50-3.60.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      libsolv-debuginfo-0.7.20-3.48.1
      libsolv-debugsource-0.7.20-3.48.1
      libsolv-devel-0.7.20-3.48.1
      libsolv-devel-debuginfo-0.7.20-3.48.1
      libsolv-tools-0.7.20-3.48.1
      libsolv-tools-debuginfo-0.7.20-3.48.1
      libzypp-17.28.8-3.78.1
      libzypp-debuginfo-17.28.8-3.78.1
      libzypp-debugsource-17.28.8-3.78.1
      libzypp-devel-17.28.8-3.78.1
      perl-solv-0.7.20-3.48.1
      perl-solv-debuginfo-0.7.20-3.48.1
      python-solv-0.7.20-3.48.1
      python-solv-debuginfo-0.7.20-3.48.1
      python3-solv-0.7.20-3.48.1
      python3-solv-debuginfo-0.7.20-3.48.1
      ruby-solv-0.7.20-3.48.1
      ruby-solv-debuginfo-0.7.20-3.48.1
      zypper-1.14.50-3.60.1
      zypper-debuginfo-1.14.50-3.60.1
      zypper-debugsource-1.14.50-3.60.1

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      zypper-log-1.14.50-3.60.1

   - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64):

      libsolv-tools-0.7.20-3.48.1
      libzypp-17.28.8-3.78.1
      zypper-1.14.50-3.60.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      libsolv-debuginfo-0.7.20-3.48.1
      libsolv-debugsource-0.7.20-3.48.1
      libsolv-devel-0.7.20-3.48.1
      libsolv-devel-debuginfo-0.7.20-3.48.1
      libsolv-tools-0.7.20-3.48.1
      libsolv-tools-debuginfo-0.7.20-3.48.1
      libzypp-17.28.8-3.78.1
      libzypp-debuginfo-17.28.8-3.78.1
      libzypp-debugsource-17.28.8-3.78.1
      libzypp-devel-17.28.8-3.78.1
      perl-solv-0.7.20-3.48.1
      perl-solv-debuginfo-0.7.20-3.48.1
      python-solv-0.7.20-3.48.1
      python-solv-debuginfo-0.7.20-3.48.1
      python3-solv-0.7.20-3.48.1
      python3-solv-debuginfo-0.7.20-3.48.1
      ruby-solv-0.7.20-3.48.1
      ruby-solv-debuginfo-0.7.20-3.48.1
      zypper-1.14.50-3.60.1
      zypper-debuginfo-1.14.50-3.60.1
      zypper-debugsource-1.14.50-3.60.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      zypper-log-1.14.50-3.60.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      libsolv-debuginfo-0.7.20-3.48.1
      libsolv-debugsource-0.7.20-3.48.1
      libsolv-devel-0.7.20-3.48.1
      libsolv-devel-debuginfo-0.7.20-3.48.1
      libsolv-tools-0.7.20-3.48.1
      libsolv-tools-debuginfo-0.7.20-3.48.1
      libzypp-17.28.8-3.78.1
      libzypp-debuginfo-17.28.8-3.78.1
      libzypp-debugsource-17.28.8-3.78.1
      libzypp-devel-17.28.8-3.78.1
      perl-solv-0.7.20-3.48.1
      perl-solv-debuginfo-0.7.20-3.48.1
      python-solv-0.7.20-3.48.1
      python-solv-debuginfo-0.7.20-3.48.1
      python3-solv-0.7.20-3.48.1
      python3-solv-debuginfo-0.7.20-3.48.1
      ruby-solv-0.7.20-3.48.1
      ruby-solv-debuginfo-0.7.20-3.48.1
      zypper-1.14.50-3.60.1
      zypper-debuginfo-1.14.50-3.60.1
      zypper-debugsource-1.14.50-3.60.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      zypper-log-1.14.50-3.60.1


References:

   https://bugzilla.suse.com/1153687
   https://bugzilla.suse.com/1182372
   https://bugzilla.suse.com/1183268
   https://bugzilla.suse.com/1183589
   https://bugzilla.suse.com/1184326
   https://bugzilla.suse.com/1184399
   https://bugzilla.suse.com/1184997
   https://bugzilla.suse.com/1185325
   https://bugzilla.suse.com/1186447
   https://bugzilla.suse.com/1186503
   https://bugzilla.suse.com/1186602
   https://bugzilla.suse.com/1187224
   https://bugzilla.suse.com/1187425
   https://bugzilla.suse.com/1187466
   https://bugzilla.suse.com/1187738
   https://bugzilla.suse.com/1187760
   https://bugzilla.suse.com/1188156
   https://bugzilla.suse.com/1188435
   https://bugzilla.suse.com/1189031
   https://bugzilla.suse.com/1190059
   https://bugzilla.suse.com/1190199
   https://bugzilla.suse.com/1190356
   https://bugzilla.suse.com/1190465
   https://bugzilla.suse.com/1190712
   https://bugzilla.suse.com/1190815
   https://bugzilla.suse.com/1191286
   https://bugzilla.suse.com/1191324
   https://bugzilla.suse.com/1191370
   https://bugzilla.suse.com/1191609
   https://bugzilla.suse.com/1192337
   https://bugzilla.suse.com/1192436


From sle-updates at lists.suse.com  Wed Nov 24 02:25:43 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 03:25:43 +0100 (CET)
Subject: SUSE-RU-2021:3782-1: moderate: Recommended update for dracut
Message-ID: <20211124022543.4A820FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for dracut
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3782-1
Rating:             moderate
References:         #1187190 #1188713 #1190326 
Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that has three recommended fixes can now be
   installed.

Description:

   This update for dracut fixes the following issues:

   - Fixed multipath devices that always default to bfq scheduler
     (bsc#1188713)
   - Fixed unbootable system when testing kernel 5.14 (bsc#1190326)
   - Add support for the new iscsiadm "no-wait" (-W) command (bsc#1187190)
   - Add iscsid.service requirements (bsc#1187190)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3782=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3782=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3782=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      dracut-049.1+suse.216.gf705637b-3.45.1
      dracut-debuginfo-049.1+suse.216.gf705637b-3.45.1
      dracut-debugsource-049.1+suse.216.gf705637b-3.45.1
      dracut-fips-049.1+suse.216.gf705637b-3.45.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      dracut-049.1+suse.216.gf705637b-3.45.1
      dracut-debuginfo-049.1+suse.216.gf705637b-3.45.1
      dracut-debugsource-049.1+suse.216.gf705637b-3.45.1
      dracut-fips-049.1+suse.216.gf705637b-3.45.1
      dracut-ima-049.1+suse.216.gf705637b-3.45.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      dracut-049.1+suse.216.gf705637b-3.45.1
      dracut-debuginfo-049.1+suse.216.gf705637b-3.45.1
      dracut-debugsource-049.1+suse.216.gf705637b-3.45.1
      dracut-fips-049.1+suse.216.gf705637b-3.45.1
      dracut-ima-049.1+suse.216.gf705637b-3.45.1


References:

   https://bugzilla.suse.com/1187190
   https://bugzilla.suse.com/1188713
   https://bugzilla.suse.com/1190326


From sle-updates at lists.suse.com  Wed Nov 24 02:30:06 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 03:30:06 +0100 (CET)
Subject: SUSE-RU-2021:3781-1: moderate: This update for libzypp,
 zypper and libsolv fixes the following issues:
Message-ID: <20211124023006.BC49AFD2F@maintenance.suse.de>


   SUSE Recommended Update: This update for libzypp, zypper and libsolv fixes the following issues:
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3781-1
Rating:             moderate
References:         #1153687 #1182372 #1183268 #1183589 #1184326 
                    #1184399 #1184997 #1185325 #1186447 #1186503 
                    #1186602 #1187224 #1187425 #1187466 #1187738 
                    #1187760 #1188156 #1188435 #1189031 #1190059 
                    #1190199 #1190356 #1190465 #1190712 #1190815 
                    #1191286 #1191324 #1191370 #1191609 #1192337 
                    #1192436 SLE-18858 
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Installer 15-SP1
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that has 31 recommended fixes and contains one
   feature can now be installed.

Description:

   This update for zypper fixes the following issues:

   - Manpage: Recommend the needs-rebooting command to test whether a system
     reboot is suggested.
   - Let a patch's reboot-needed flag overrule included packages.
     (bsc#1183268)
   - Quickfix setting "openSUSE_Tumbleweed" as default platform for
     "MicroOS". (bsc#1153687)
   - Protect against strict/relaxed user umask via sudo. (bsc#1183589)
   - xml summary: Add solvables repository alias. (bsc#1182372)
   - Allow trusted repos to add additional signing keys. (bsc#1184326)
   - MediaCurl: Fix logging of redirects.
   - Let negative values wait forever for the zypp lock. (bsc#1184399)
   - Fix 'purge-kernels' is broken in Leap 15.3. (bsc#1185325)
   - Fix service detection with cgroupv2. (bsc#1184997)
   - Add hints to 'trust GPG key' prompt.
   - Enhance XML output of repo GPG options
   - Add optional attributes showing the raw values actually present in the
     '.repo' file.
   - Link all executables with -pie (bsc#1186447)
   - Ship an empty '/etc/zypp/needreboot' per default. (jsc#PM-2645)
   - Fix solver jobs for PTFs. (bsc#1186503)
   - choice rules: treat orphaned packages as newest. (bc#1190465)
   - Add need reboot/restart hint to XML install summary. (bsc#1188435)
   - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
   - Fix obs:// platform guessing for Leap. (bsc#1187425)
   - Fix purge-kernels fails. (bsc#1187738)
   - Do not download full files even if the checkExistsOnly flag is set.
     (bsc#1190712)
   - Prompt: choose exact match if prompt options are not prefix free.
     (bsc#1188156)
   - Do not check of signatures and keys two times(redundant). (bsc#1190059)
   - Rephrase vendor conflict message in case 2 packages are involved.
     (bsc#1187760)
   - Show key fpr from signature when signature check fails. (bsc#1187224)
   - Make sure to keep states alives while transitioning. (bsc#1190199)
   - Fix crashes in logging code when shutting down. (bsc#1189031)
   - Manpage: Improve description about patch updates. (bsc#1187466)
   - Avoid calling 'su' to detect a too restrictive sudo user umask.
     (bsc#1186602)
   - Consolidate reboot-recommendations across tools and stop using
     /etc/zypp/needreboot (jsc#-SLE-18858)
   - Disable logger in the child after fork (bsc#1192436)
   - Check log writer before accessing it (bsc#1192337)
   - Allow uname-r format in purge kernels keepspec
   - zypper should keep cached files if transaction is aborted (bsc#1190356)
   - Require a minimum number of mirrors for multicurl (bsc#1191609)
   - Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324)
   - Fix translations (bsc#1191370)
   - RepoManager: Don't probe for plaindir repo if URL schema is plugin
     (bsc#1191286)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3781=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3781=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3781=1

   - SUSE Linux Enterprise Installer 15-SP1:

      zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-3781=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3781=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3781=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3781=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      libsolv-debuginfo-0.7.20-4.3.1
      libsolv-debugsource-0.7.20-4.3.1
      libsolv-devel-0.7.20-4.3.1
      libsolv-devel-debuginfo-0.7.20-4.3.1
      libsolv-tools-0.7.20-4.3.1
      libsolv-tools-debuginfo-0.7.20-4.3.1
      libzypp-17.28.8-3.61.1
      libzypp-debuginfo-17.28.8-3.61.1
      libzypp-debugsource-17.28.8-3.61.1
      libzypp-devel-17.28.8-3.61.1
      perl-solv-0.7.20-4.3.1
      perl-solv-debuginfo-0.7.20-4.3.1
      python3-solv-0.7.20-4.3.1
      python3-solv-debuginfo-0.7.20-4.3.1
      ruby-solv-0.7.20-4.3.1
      ruby-solv-debuginfo-0.7.20-4.3.1
      zypper-1.14.50-3.46.1
      zypper-debuginfo-1.14.50-3.46.1
      zypper-debugsource-1.14.50-3.46.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

      zypper-log-1.14.50-3.46.1
      zypper-needs-restarting-1.14.50-3.46.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      libsolv-debuginfo-0.7.20-4.3.1
      libsolv-debugsource-0.7.20-4.3.1
      libsolv-devel-0.7.20-4.3.1
      libsolv-devel-debuginfo-0.7.20-4.3.1
      libsolv-tools-0.7.20-4.3.1
      libsolv-tools-debuginfo-0.7.20-4.3.1
      libzypp-17.28.8-3.61.1
      libzypp-debuginfo-17.28.8-3.61.1
      libzypp-debugsource-17.28.8-3.61.1
      libzypp-devel-17.28.8-3.61.1
      perl-solv-0.7.20-4.3.1
      perl-solv-debuginfo-0.7.20-4.3.1
      python3-solv-0.7.20-4.3.1
      python3-solv-debuginfo-0.7.20-4.3.1
      ruby-solv-0.7.20-4.3.1
      ruby-solv-debuginfo-0.7.20-4.3.1
      zypper-1.14.50-3.46.1
      zypper-debuginfo-1.14.50-3.46.1
      zypper-debugsource-1.14.50-3.46.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

      zypper-log-1.14.50-3.46.1
      zypper-needs-restarting-1.14.50-3.46.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

      zypper-log-1.14.50-3.46.1
      zypper-needs-restarting-1.14.50-3.46.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      libsolv-debuginfo-0.7.20-4.3.1
      libsolv-debugsource-0.7.20-4.3.1
      libsolv-devel-0.7.20-4.3.1
      libsolv-devel-debuginfo-0.7.20-4.3.1
      libsolv-tools-0.7.20-4.3.1
      libsolv-tools-debuginfo-0.7.20-4.3.1
      libzypp-17.28.8-3.61.1
      libzypp-debuginfo-17.28.8-3.61.1
      libzypp-debugsource-17.28.8-3.61.1
      libzypp-devel-17.28.8-3.61.1
      perl-solv-0.7.20-4.3.1
      perl-solv-debuginfo-0.7.20-4.3.1
      python3-solv-0.7.20-4.3.1
      python3-solv-debuginfo-0.7.20-4.3.1
      ruby-solv-0.7.20-4.3.1
      ruby-solv-debuginfo-0.7.20-4.3.1
      zypper-1.14.50-3.46.1
      zypper-debuginfo-1.14.50-3.46.1
      zypper-debugsource-1.14.50-3.46.1

   - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64):

      libsolv-tools-0.7.20-4.3.1
      libzypp-17.28.8-3.61.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      libsolv-debuginfo-0.7.20-4.3.1
      libsolv-debugsource-0.7.20-4.3.1
      libsolv-devel-0.7.20-4.3.1
      libsolv-devel-debuginfo-0.7.20-4.3.1
      libsolv-tools-0.7.20-4.3.1
      libsolv-tools-debuginfo-0.7.20-4.3.1
      libzypp-17.28.8-3.61.1
      libzypp-debuginfo-17.28.8-3.61.1
      libzypp-debugsource-17.28.8-3.61.1
      libzypp-devel-17.28.8-3.61.1
      perl-solv-0.7.20-4.3.1
      perl-solv-debuginfo-0.7.20-4.3.1
      python3-solv-0.7.20-4.3.1
      python3-solv-debuginfo-0.7.20-4.3.1
      ruby-solv-0.7.20-4.3.1
      ruby-solv-debuginfo-0.7.20-4.3.1
      zypper-1.14.50-3.46.1
      zypper-debuginfo-1.14.50-3.46.1
      zypper-debugsource-1.14.50-3.46.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

      zypper-log-1.14.50-3.46.1
      zypper-needs-restarting-1.14.50-3.46.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      libsolv-debuginfo-0.7.20-4.3.1
      libsolv-debugsource-0.7.20-4.3.1
      libsolv-devel-0.7.20-4.3.1
      libsolv-devel-debuginfo-0.7.20-4.3.1
      libsolv-tools-0.7.20-4.3.1
      libsolv-tools-debuginfo-0.7.20-4.3.1
      libzypp-17.28.8-3.61.1
      libzypp-debuginfo-17.28.8-3.61.1
      libzypp-debugsource-17.28.8-3.61.1
      libzypp-devel-17.28.8-3.61.1
      perl-solv-0.7.20-4.3.1
      perl-solv-debuginfo-0.7.20-4.3.1
      python3-solv-0.7.20-4.3.1
      python3-solv-debuginfo-0.7.20-4.3.1
      ruby-solv-0.7.20-4.3.1
      ruby-solv-debuginfo-0.7.20-4.3.1
      zypper-1.14.50-3.46.1
      zypper-debuginfo-1.14.50-3.46.1
      zypper-debugsource-1.14.50-3.46.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

      zypper-log-1.14.50-3.46.1
      zypper-needs-restarting-1.14.50-3.46.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      libsolv-debuginfo-0.7.20-4.3.1
      libsolv-debugsource-0.7.20-4.3.1
      libsolv-devel-0.7.20-4.3.1
      libsolv-devel-debuginfo-0.7.20-4.3.1
      libsolv-tools-0.7.20-4.3.1
      libsolv-tools-debuginfo-0.7.20-4.3.1
      libzypp-17.28.8-3.61.1
      libzypp-debuginfo-17.28.8-3.61.1
      libzypp-debugsource-17.28.8-3.61.1
      libzypp-devel-17.28.8-3.61.1
      perl-solv-0.7.20-4.3.1
      perl-solv-debuginfo-0.7.20-4.3.1
      python3-solv-0.7.20-4.3.1
      python3-solv-debuginfo-0.7.20-4.3.1
      ruby-solv-0.7.20-4.3.1
      ruby-solv-debuginfo-0.7.20-4.3.1
      zypper-1.14.50-3.46.1
      zypper-debuginfo-1.14.50-3.46.1
      zypper-debugsource-1.14.50-3.46.1

   - SUSE Enterprise Storage 6 (noarch):

      zypper-log-1.14.50-3.46.1
      zypper-needs-restarting-1.14.50-3.46.1

   - SUSE CaaS Platform 4.0 (noarch):

      zypper-log-1.14.50-3.46.1
      zypper-needs-restarting-1.14.50-3.46.1

   - SUSE CaaS Platform 4.0 (x86_64):

      libsolv-debuginfo-0.7.20-4.3.1
      libsolv-debugsource-0.7.20-4.3.1
      libsolv-devel-0.7.20-4.3.1
      libsolv-devel-debuginfo-0.7.20-4.3.1
      libsolv-tools-0.7.20-4.3.1
      libsolv-tools-debuginfo-0.7.20-4.3.1
      libzypp-17.28.8-3.61.1
      libzypp-debuginfo-17.28.8-3.61.1
      libzypp-debugsource-17.28.8-3.61.1
      libzypp-devel-17.28.8-3.61.1
      perl-solv-0.7.20-4.3.1
      perl-solv-debuginfo-0.7.20-4.3.1
      python3-solv-0.7.20-4.3.1
      python3-solv-debuginfo-0.7.20-4.3.1
      ruby-solv-0.7.20-4.3.1
      ruby-solv-debuginfo-0.7.20-4.3.1
      zypper-1.14.50-3.46.1
      zypper-debuginfo-1.14.50-3.46.1
      zypper-debugsource-1.14.50-3.46.1


References:

   https://bugzilla.suse.com/1153687
   https://bugzilla.suse.com/1182372
   https://bugzilla.suse.com/1183268
   https://bugzilla.suse.com/1183589
   https://bugzilla.suse.com/1184326
   https://bugzilla.suse.com/1184399
   https://bugzilla.suse.com/1184997
   https://bugzilla.suse.com/1185325
   https://bugzilla.suse.com/1186447
   https://bugzilla.suse.com/1186503
   https://bugzilla.suse.com/1186602
   https://bugzilla.suse.com/1187224
   https://bugzilla.suse.com/1187425
   https://bugzilla.suse.com/1187466
   https://bugzilla.suse.com/1187738
   https://bugzilla.suse.com/1187760
   https://bugzilla.suse.com/1188156
   https://bugzilla.suse.com/1188435
   https://bugzilla.suse.com/1189031
   https://bugzilla.suse.com/1190059
   https://bugzilla.suse.com/1190199
   https://bugzilla.suse.com/1190356
   https://bugzilla.suse.com/1190465
   https://bugzilla.suse.com/1190712
   https://bugzilla.suse.com/1190815
   https://bugzilla.suse.com/1191286
   https://bugzilla.suse.com/1191324
   https://bugzilla.suse.com/1191370
   https://bugzilla.suse.com/1191609
   https://bugzilla.suse.com/1192337
   https://bugzilla.suse.com/1192436


From sle-updates at lists.suse.com  Wed Nov 24 02:35:14 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 03:35:14 +0100 (CET)
Subject: SUSE-RU-2021:3778-1: moderate: Recommended update for tuned
Message-ID: <20211124023514.C5B8CFD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for tuned
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3778-1
Rating:             moderate
References:         #1191341 
Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15-SP3
                    SUSE Linux Enterprise Module for Server Applications 15-SP2
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for tuned fixes the following issues:

   - Follow upstream and set backup latency requirement to 3 (bsc#1191341)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3778=1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3778=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):

      tuned-2.10.0-11.6.1

   - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch):

      tuned-2.10.0-11.6.1


References:

   https://bugzilla.suse.com/1191341


From sle-updates at lists.suse.com  Wed Nov 24 02:39:19 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 03:39:19 +0100 (CET)
Subject: SUSE-RU-2021:3776-1: moderate: Recommended update for yast2-storage-ng
Message-ID: <20211124023919.E58E8FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for yast2-storage-ng
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3776-1
Rating:             moderate
References:         #1186268 #1186298 #1187270 #1192124 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise Installer 15-SP2
______________________________________________________________________________

   An update that has four recommended fixes can now be
   installed.

Description:

   This update for yast2-storage-ng fixes the following issues:

   - Ensure mount options are not doubled (bsc#1186298)
   - Try harder matching device names to fix failing offline upgrade from
     SLE-12 SP5 to SLE-15 SP2 (bsc#1186268)
   - Fix desktop file comment to properly display control center tooltip
     (bsc#1187270)
   - Set the volume group extent size according to the AutoYaST profile
     (bsc#1192124)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3776=1

   - SUSE Linux Enterprise Installer 15-SP2:

      zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-3776=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      yast2-storage-ng-4.2.119-3.24.1

   - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64):

      yast2-storage-ng-4.2.119-3.24.1


References:

   https://bugzilla.suse.com/1186268
   https://bugzilla.suse.com/1186298
   https://bugzilla.suse.com/1187270
   https://bugzilla.suse.com/1192124


From sle-updates at lists.suse.com  Wed Nov 24 02:41:02 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 03:41:02 +0100 (CET)
Subject: SUSE-RU-2021:3775-1: moderate: Recommended update for resource-agents
Message-ID: <20211124024102.7C10FFD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for resource-agents
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3775-1
Rating:             moderate
References:         #1184382 
Affected Products:
                    SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for resource-agents fixes the following issues:

   - Improve client fail over to regain access to nfs share (bsc#1184382)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise High Availability 15-SP2:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3775=1



Package List:

   - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):

      ldirectord-4.4.0+git57.70549516-3.43.1
      resource-agents-4.4.0+git57.70549516-3.43.1
      resource-agents-debuginfo-4.4.0+git57.70549516-3.43.1
      resource-agents-debugsource-4.4.0+git57.70549516-3.43.1

   - SUSE Linux Enterprise High Availability 15-SP2 (noarch):

      monitoring-plugins-metadata-4.4.0+git57.70549516-3.43.1


References:

   https://bugzilla.suse.com/1184382


From sle-updates at lists.suse.com  Wed Nov 24 02:42:23 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 03:42:23 +0100 (CET)
Subject: SUSE-RU-2021:3779-1: moderate: Recommended update for
 yast2-iscsi-client
Message-ID: <20211124024223.A8201FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for yast2-iscsi-client
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3779-1
Rating:             moderate
References:         #1187958 #1188139 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Installer 15-SP3
______________________________________________________________________________

   An update that has two recommended fixes can now be
   installed.

Description:

   This update for yast2-iscsi-client fixes the following issues:

   - Add iscsi support for qedi/qede offload cards (bsc#1188139, bsc#1187958).


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3779=1

   - SUSE Linux Enterprise Installer 15-SP3:

      zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-3779=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      yast2-iscsi-client-4.3.4-3.3.2

   - SUSE Linux Enterprise Installer 15-SP3 (noarch):

      yast2-iscsi-client-4.3.4-3.3.2


References:

   https://bugzilla.suse.com/1187958
   https://bugzilla.suse.com/1188139


From sle-updates at lists.suse.com  Wed Nov 24 08:19:55 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:19:55 +0100 (CET)
Subject: SUSE-RU-2021:3794-1: important: Recommended update for
 yast2-installation
Message-ID: <20211124081955.1F414FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for yast2-installation
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3794-1
Rating:             important
References:         #1190294 
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Installer 15-SP1
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for yast2-installation fixes the following issues:

   - Filter the installation proposals (in the Installation Settings screen)
     according to the AutoYaST profile even before tab switching (related to
     bsc#1190294)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3794=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3794=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3794=1

   - SUSE Linux Enterprise Installer 15-SP1:

      zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-3794=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3794=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3794=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3794=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

      yast2-installation-4.1.55-3.27.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

      yast2-installation-4.1.55-3.27.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

      yast2-installation-4.1.55-3.27.1

   - SUSE Linux Enterprise Installer 15-SP1 (noarch):

      yast2-installation-4.1.55-3.27.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

      yast2-installation-4.1.55-3.27.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

      yast2-installation-4.1.55-3.27.1

   - SUSE Enterprise Storage 6 (noarch):

      yast2-installation-4.1.55-3.27.1

   - SUSE CaaS Platform 4.0 (noarch):

      yast2-installation-4.1.55-3.27.1


References:

   https://bugzilla.suse.com/1190294


From sle-updates at lists.suse.com  Wed Nov 24 08:21:10 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:21:10 +0100 (CET)
Subject: SUSE-RU-2021:3791-1: moderate: Recommended update for cockpit
Message-ID: <20211124082110.943C8FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for cockpit
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3791-1
Rating:             moderate
References:         #1192037 
Affected Products:
                    SUSE MicroOS 5.0
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for cockpit fixes the following issues:

   - Install the graphic assets for cockpit branding (bsc#1192037)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3791=1



Package List:

   - SUSE MicroOS 5.0 (aarch64 x86_64):

      cockpit-195.12-8.3.1
      cockpit-bridge-195.12-8.3.1
      cockpit-bridge-debuginfo-195.12-8.3.1
      cockpit-debuginfo-195.12-8.3.1
      cockpit-debugsource-195.12-8.3.1
      cockpit-ws-195.12-8.3.1
      cockpit-ws-debuginfo-195.12-8.3.1

   - SUSE MicroOS 5.0 (noarch):

      cockpit-dashboard-195.12-8.3.1
      cockpit-system-195.12-8.3.1


References:

   https://bugzilla.suse.com/1192037


From sle-updates at lists.suse.com  Wed Nov 24 08:22:23 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:22:23 +0100 (CET)
Subject: SUSE-RU-2021:3789-1: important: Recommended update for
 yast2-installation
Message-ID: <20211124082223.D1832FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for yast2-installation
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3789-1
Rating:             important
References:         #1190294 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Installer 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for yast2-installation fixes the following issues:

   - Filter the installation proposals (in the Installation Settings screen)
     according to the AutoYaST profile even before tab switching (related to
     bsc#1190294)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3789=1

   - SUSE Linux Enterprise Installer 15-SP3:

      zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-3789=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      yast2-installation-4.3.44-3.16.1

   - SUSE Linux Enterprise Installer 15-SP3 (noarch):

      yast2-installation-4.3.44-3.16.1


References:

   https://bugzilla.suse.com/1190294


From sle-updates at lists.suse.com  Wed Nov 24 08:25:27 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:25:27 +0100 (CET)
Subject: SUSE-RU-2021:3785-1: important: Recommended update for saptune
Message-ID: <20211124082527.B1846FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for saptune
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3785-1
Rating:             important
References:         #1190509 #1192053 #1192062 #1192272 #1192460 
                    
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12-SP5
                    SUSE Linux Enterprise Server for SAP 12-SP4
______________________________________________________________________________

   An update that has 5 recommended fixes can now be installed.

Description:

   This update for saptune fixes the following issues:

   - Fix the scheduler settings for multi path devices and suppress
     missleading warning messages regarding vendor and model information
     during block device detection (bsc#1192460)
   - Fix override of custom solutions (bsc#1192062)
   - Fix Cloud Notes marked as manually reverted after update from saptune2
     to saptune3 (bsc#1192053)
   - saptune_check: degraded system is no longer considered an error
     (bsc#1192272)
   - Log missing model and vendor information to the saptune log file
     (bsc#1190509)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 12-SP5:

      zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-3785=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3785=1



Package List:

   - SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64):

      saptune-3.0.1-4.7.1
      saptune-debuginfo-3.0.1-4.7.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      saptune-3.0.1-4.7.1
      saptune-debuginfo-3.0.1-4.7.1


References:

   https://bugzilla.suse.com/1190509
   https://bugzilla.suse.com/1192053
   https://bugzilla.suse.com/1192062
   https://bugzilla.suse.com/1192272
   https://bugzilla.suse.com/1192460


From sle-updates at lists.suse.com  Wed Nov 24 08:27:16 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:27:16 +0100 (CET)
Subject: SUSE-RU-2021:3786-1: important: Recommended update for rpm-config-SUSE
Message-ID: <20211124082716.F0362FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for rpm-config-SUSE
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3786-1
Rating:             important
References:         #1192160 
Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for rpm-config-SUSE fixes the following issues:

   - Add support for the kernel xz-compressed firmware files (bsc#1192160)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3786=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3786=1



Package List:

   - SUSE MicroOS 5.1 (noarch):

      rpm-config-SUSE-1-5.6.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      rpm-config-SUSE-1-5.6.1


References:

   https://bugzilla.suse.com/1192160


From sle-updates at lists.suse.com  Wed Nov 24 08:29:44 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:29:44 +0100 (CET)
Subject: SUSE-RU-2021:3784-1: important: Recommended update for saptune
Message-ID: <20211124082944.A989FFD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for saptune
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3784-1
Rating:             important
References:         #1190509 #1192053 #1192062 #1192272 #1192460 
                    
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12-SP3
______________________________________________________________________________

   An update that has 5 recommended fixes can now be installed.

Description:

   This update for saptune fixes the following issues:

   - Fix the scheduler settings for multi path devices and suppress
     missleading warning messages regarding vendor and model information
     during block device detection (bsc#1192460)
   - Fix override of custom solutions (bsc#1192062)
   - Fix Cloud Notes marked as manually reverted after update from saptune2
     to saptune3 (bsc#1192053)
   - saptune_check: degraded system is no longer considered an error
     (bsc#1192272)
   - Log missing model and vendor information to the saptune log file
     (bsc#1190509)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3784=1



Package List:

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      saptune-3.0.1-3.30.1
      saptune-debuginfo-3.0.1-3.30.1


References:

   https://bugzilla.suse.com/1190509
   https://bugzilla.suse.com/1192053
   https://bugzilla.suse.com/1192062
   https://bugzilla.suse.com/1192272
   https://bugzilla.suse.com/1192460


From sle-updates at lists.suse.com  Wed Nov 24 08:34:38 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:34:38 +0100 (CET)
Subject: SUSE-RU-2021:3790-1: moderate: Recommended update for open-iscsi
Message-ID: <20211124083438.DC2DBFD2F@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for open-iscsi
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3790-1
Rating:             moderate
References:         #1187190 #1187958 #1188869 #1191054 #1192013 
                    #1192568 
Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has 6 recommended fixes can now be installed.

Description:

   This update for open-iscsi fixes the following issues:

   - Ensure executables are not moved from /sbin to /usr/sbin in SLE
     (bsc#1192013)(bsc#1191054)
   - iscsi-init.service default dependencies can cause the boot to hang so
     they have been removed (bsc#1187190)
   - IPv6 offload iSCSI lun needs to be exposed during installation
     (bsc#1187958)
   - iscsid needs to use the new prctl(PR_SET_IO_FLUSHER) system call
     (bsc#1188869)
   - The iscsi-init.service unit can run too early, when root is read-only,
     causing it to fail (bsc#1192568)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3790=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3790=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      iscsiuio-0.7.8.6-32.12.1
      iscsiuio-debuginfo-0.7.8.6-32.12.1
      libopeniscsiusr0_2_0-2.1.5-32.12.1
      libopeniscsiusr0_2_0-debuginfo-2.1.5-32.12.1
      open-iscsi-2.1.5-32.12.1
      open-iscsi-debuginfo-2.1.5-32.12.1
      open-iscsi-debugsource-2.1.5-32.12.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      iscsiuio-0.7.8.6-32.12.1
      iscsiuio-debuginfo-0.7.8.6-32.12.1
      libopeniscsiusr0_2_0-2.1.5-32.12.1
      libopeniscsiusr0_2_0-debuginfo-2.1.5-32.12.1
      open-iscsi-2.1.5-32.12.1
      open-iscsi-debuginfo-2.1.5-32.12.1
      open-iscsi-debugsource-2.1.5-32.12.1
      open-iscsi-devel-2.1.5-32.12.1


References:

   https://bugzilla.suse.com/1187190
   https://bugzilla.suse.com/1187958
   https://bugzilla.suse.com/1188869
   https://bugzilla.suse.com/1191054
   https://bugzilla.suse.com/1192013
   https://bugzilla.suse.com/1192568


From sle-updates at lists.suse.com  Wed Nov 24 08:36:39 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:36:39 +0100 (CET)
Subject: SUSE-RU-2021:3792-1: moderate: Recommended update for kmod
Message-ID: <20211124083639.35C73FD2F@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for kmod
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3792-1
Rating:             moderate
References:         #1192104 SLE-21256 
Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has one recommended fix and contains one
   feature can now be installed.

Description:

   This update for kmod fixes the following issues:

   - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3792=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3792=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      kmod-29-4.12.1
      kmod-debuginfo-29-4.12.1
      kmod-debugsource-29-4.12.1
      libkmod2-29-4.12.1
      libkmod2-debuginfo-29-4.12.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      kmod-29-4.12.1
      kmod-debuginfo-29-4.12.1
      kmod-debugsource-29-4.12.1
      libkmod-devel-29-4.12.1
      libkmod2-29-4.12.1
      libkmod2-debuginfo-29-4.12.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      kmod-bash-completion-29-4.12.1


References:

   https://bugzilla.suse.com/1192104


From sle-updates at lists.suse.com  Wed Nov 24 08:37:55 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:37:55 +0100 (CET)
Subject: SUSE-RU-2021:3783-1: important: Recommended update for saptune
Message-ID: <20211124083755.73A09FD2F@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for saptune
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3783-1
Rating:             important
References:         #1190509 #1192053 #1192062 #1192272 #1192460 
                    
Affected Products:
                    SUSE Linux Enterprise Module for SAP Applications 15
______________________________________________________________________________

   An update that has 5 recommended fixes can now be installed.

Description:

   This update for saptune fixes the following issues:

   - Fix the scheduler settings for multi path devices and suppress
     missleading warning messages regarding vendor and model information
     during block device detection (bsc#1192460)
   - Fix override of custom solutions (bsc#1192062)
   - Fix Cloud Notes marked as manually reverted after update from saptune2
     to saptune3 (bsc#1192053)
   - saptune_check: degraded system is no longer considered an error
     (bsc#1192272)
   - Log missing model and vendor information to the saptune log file
     (bsc#1190509)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SAP Applications 15:

      zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-3783=1



Package List:

   - SUSE Linux Enterprise Module for SAP Applications 15 (ppc64le x86_64):

      saptune-3.0.1-5.9.1
      saptune-debuginfo-3.0.1-5.9.1


References:

   https://bugzilla.suse.com/1190509
   https://bugzilla.suse.com/1192053
   https://bugzilla.suse.com/1192062
   https://bugzilla.suse.com/1192272
   https://bugzilla.suse.com/1192460


From sle-updates at lists.suse.com  Wed Nov 24 08:39:42 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:39:42 +0100 (CET)
Subject: SUSE-RU-2021:3787-1: moderate: Recommended update for xfsprogs
Message-ID: <20211124083942.EDA11FD2F@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for xfsprogs
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3787-1
Rating:             moderate
References:         #1189983 #1189984 #1191500 #1191566 #1191675 
                    
Affected Products:
                    SUSE MicroOS 5.1
                    SUSE MicroOS 5.0
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that has 5 recommended fixes can now be installed.

Description:

   This update for xfsprogs fixes the following issues:

   - Make libhandle1 an explicit dependency in the xfsprogs-devel package
     (bsc#1191566)
   - Remove deprecated barrier/nobarrier mount options from manual pages
     section 5 (bsc#1191675)
   - xfs_io: include support for label command (bsc#1191500)
   - xfs_quota: state command to report all three (-ugp) grace times
     separately (bsc#1189983)
   - xfs_admin: add support for external log devices (bsc#1189984)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3787=1

   - SUSE MicroOS 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3787=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3787=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3787=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      libhandle1-4.15.0-4.52.1
      libhandle1-debuginfo-4.15.0-4.52.1
      xfsprogs-4.15.0-4.52.1
      xfsprogs-debuginfo-4.15.0-4.52.1
      xfsprogs-debugsource-4.15.0-4.52.1

   - SUSE MicroOS 5.0 (aarch64 x86_64):

      libhandle1-4.15.0-4.52.1
      libhandle1-debuginfo-4.15.0-4.52.1
      xfsprogs-4.15.0-4.52.1
      xfsprogs-debuginfo-4.15.0-4.52.1
      xfsprogs-debugsource-4.15.0-4.52.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      libhandle1-4.15.0-4.52.1
      libhandle1-debuginfo-4.15.0-4.52.1
      xfsprogs-4.15.0-4.52.1
      xfsprogs-debuginfo-4.15.0-4.52.1
      xfsprogs-debugsource-4.15.0-4.52.1
      xfsprogs-devel-4.15.0-4.52.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      libhandle1-4.15.0-4.52.1
      libhandle1-debuginfo-4.15.0-4.52.1
      xfsprogs-4.15.0-4.52.1
      xfsprogs-debuginfo-4.15.0-4.52.1
      xfsprogs-debugsource-4.15.0-4.52.1
      xfsprogs-devel-4.15.0-4.52.1


References:

   https://bugzilla.suse.com/1189983
   https://bugzilla.suse.com/1189984
   https://bugzilla.suse.com/1191500
   https://bugzilla.suse.com/1191566
   https://bugzilla.suse.com/1191675


From sle-updates at lists.suse.com  Wed Nov 24 08:41:30 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:41:30 +0100 (CET)
Subject: SUSE-RU-2021:3793-1: moderate: Recommended update for u-boot
Message-ID: <20211124084130.403C9FD2F@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for u-boot
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3793-1
Rating:             moderate
References:         #1191966 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for u-boot fixes the following issues:

   - Fix boot error on DE0-Nano-Soc board (bsc#1191966)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3793=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      u-boot-tools-2021.01-7.3.1
      u-boot-tools-debuginfo-2021.01-7.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):

      u-boot-rpiarm64-2021.01-7.3.1
      u-boot-rpiarm64-doc-2021.01-7.3.1


References:

   https://bugzilla.suse.com/1191966


From sle-updates at lists.suse.com  Wed Nov 24 08:42:50 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 09:42:50 +0100 (CET)
Subject: SUSE-RU-2021:3788-1: important: Recommended update for
 yast2-installation
Message-ID: <20211124084250.37F1CFD2F@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for yast2-installation
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3788-1
Rating:             important
References:         #1190294 
Affected Products:
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise Installer 15-SP2
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for yast2-installation and yast2-pkg-bindings-devel-doc fixes
   the following issues:

   yast2-installation:

   - Filter the installation proposals (in the Installation Settings screen)
     according to the AutoYaST profile even before tab switching (related to
     bsc#1190294)

   yast2-installation-devel-doc:

   - Solve an installation issue for 'yast2-pkg-bindings-devel-doc' on
     PackageHub 15.2


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3788=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3788=1

   - SUSE Linux Enterprise Installer 15-SP2:

      zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-3788=1



Package List:

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch):

      yast2-pkg-bindings-devel-doc-4.2.16-3.17.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      yast2-pkg-bindings-4.2.16-3.17.1
      yast2-pkg-bindings-debuginfo-4.2.16-3.17.1
      yast2-pkg-bindings-debugsource-4.2.16-3.17.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):

      yast2-installation-4.2.54-3.34.1

   - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64):

      yast2-pkg-bindings-4.2.16-3.17.1

   - SUSE Linux Enterprise Installer 15-SP2 (noarch):

      yast2-installation-4.2.54-3.34.1


References:

   https://bugzilla.suse.com/1190294


From sle-updates at lists.suse.com  Wed Nov 24 14:18:13 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 15:18:13 +0100 (CET)
Subject: SUSE-RU-2021:3795-1: moderate: Recommended update for
 lifecycle-data-sle-module-live-patching
Message-ID: <20211124141813.907E0FD2F@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3795-1
Rating:             moderate
References:         #1020320 
Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP3
                    SUSE Linux Enterprise Module for Live Patching 15-SP2
                    SUSE Linux Enterprise Module for Live Patching 15-SP1
                    SUSE Linux Enterprise Module for Live Patching 15
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP4
                    SUSE Linux Enterprise Live Patching 12-SP3
                    SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for lifecycle-data-sle-module-live-patching fixes the
   following issues:

   Lifecycle data updates. (bsc#1020320)

   - Updates for 5_3_18-24_83, 5_3_18-24_86, 5_3_18-59_24, 5_3_18-59_27.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3796=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3796=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-3796=1

   - SUSE Linux Enterprise Module for Live Patching 15:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-3796=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-3795=1

   - SUSE Linux Enterprise Live Patching 12-SP4:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-3795=1

   - SUSE Linux Enterprise Live Patching 12-SP3:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2021-3795=1

   - SUSE Linux Enterprise Live Patching 12:

      zypper in -t patch SUSE-SLE-Live-Patching-12-2021-3795=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP3 (noarch):

      lifecycle-data-sle-module-live-patching-15-4.63.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch):

      lifecycle-data-sle-module-live-patching-15-4.63.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch):

      lifecycle-data-sle-module-live-patching-15-4.63.1

   - SUSE Linux Enterprise Module for Live Patching 15 (noarch):

      lifecycle-data-sle-module-live-patching-15-4.63.1

   - SUSE Linux Enterprise Live Patching 12-SP5 (noarch):

      lifecycle-data-sle-live-patching-1-10.97.1

   - SUSE Linux Enterprise Live Patching 12-SP4 (noarch):

      lifecycle-data-sle-live-patching-1-10.97.1

   - SUSE Linux Enterprise Live Patching 12-SP3 (noarch):

      lifecycle-data-sle-live-patching-1-10.97.1

   - SUSE Linux Enterprise Live Patching 12 (noarch):

      lifecycle-data-sle-live-patching-1-10.97.1


References:

   https://bugzilla.suse.com/1020320


From sle-updates at lists.suse.com  Wed Nov 24 20:22:03 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 21:22:03 +0100 (CET)
Subject: SUSE-RU-2021:3799-1: moderate: Recommended update for gcc11
Message-ID: <20211124202203.A05C0FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for gcc11
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3799-1
Rating:             moderate
References:         #1187153 #1187273 #1188623 SLE-19618 
Affected Products:
                    SUSE MicroOS 5.1
                    SUSE MicroOS 5.0
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Development Tools 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that has three recommended fixes and contains one
   feature can now be installed.

Description:

   This update for gcc11 fixes the following issues:

   The additional GNU compiler collection GCC 11 is provided:

   To select these compilers install the packages:

   - gcc11
   - gcc-c++11
   - and others with 11 prefix.

   to select them for building:

   - CC="gcc-11"
   - CXX="g++-11"

   The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being
   replaced by the GCC 11 variants.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3799=1

   - SUSE MicroOS 5.0:

      zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3799=1

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3799=1

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3799=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3799=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3799=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3799=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3799=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3799=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3799=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3799=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3799=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3799=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3799=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3799=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3799=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9

   - SUSE MicroOS 5.0 (aarch64 x86_64):

      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      libada11-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):

      cross-nvptx-gcc11-11.2.1+git610-1.3.1
      cross-nvptx-newlib11-devel-11.2.1+git610-1.3.1
      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      libada11-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server for SAP 15 (x86_64):

      cross-nvptx-gcc11-11.2.1+git610-1.3.1
      cross-nvptx-newlib11-devel-11.2.1+git610-1.3.1
      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      libada11-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le x86_64):

      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 s390x x86_64):

      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le x86_64):

      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64):

      libhwasan0-11.2.1+git610-1.3.9
      libhwasan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):

      cross-nvptx-gcc11-11.2.1+git610-1.3.1
      cross-nvptx-newlib11-devel-11.2.1+git610-1.3.1
      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      cross-nvptx-gcc11-11.2.1+git610-1.3.1
      cross-nvptx-newlib11-devel-11.2.1+git610-1.3.1
      libada11-11.2.1+git610-1.3.9
      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      libada11-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Server 15-LTSS (aarch64):

      libhwasan0-11.2.1+git610-1.3.9
      libhwasan0-debuginfo-11.2.1+git610-1.3.9
      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      cpp11-11.2.1+git610-1.3.9
      cpp11-debuginfo-11.2.1+git610-1.3.9
      gcc11-11.2.1+git610-1.3.9
      gcc11-ada-11.2.1+git610-1.3.9
      gcc11-ada-debuginfo-11.2.1+git610-1.3.9
      gcc11-c++-11.2.1+git610-1.3.9
      gcc11-c++-debuginfo-11.2.1+git610-1.3.9
      gcc11-debuginfo-11.2.1+git610-1.3.9
      gcc11-debugsource-11.2.1+git610-1.3.9
      gcc11-fortran-11.2.1+git610-1.3.9
      gcc11-fortran-debuginfo-11.2.1+git610-1.3.9
      gcc11-go-11.2.1+git610-1.3.9
      gcc11-go-debuginfo-11.2.1+git610-1.3.9
      gcc11-locale-11.2.1+git610-1.3.9
      gcc11-obj-c++-11.2.1+git610-1.3.9
      gcc11-obj-c++-debuginfo-11.2.1+git610-1.3.9
      gcc11-objc-11.2.1+git610-1.3.9
      gcc11-objc-debuginfo-11.2.1+git610-1.3.9
      gcc11-testresults-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 s390x x86_64):

      gcc11-d-11.2.1+git610-1.3.9
      gcc11-d-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64):

      gcc11-32bit-11.2.1+git610-1.3.9
      gcc11-ada-32bit-11.2.1+git610-1.3.9
      gcc11-c++-32bit-11.2.1+git610-1.3.9
      gcc11-d-32bit-11.2.1+git610-1.3.9
      gcc11-fortran-32bit-11.2.1+git610-1.3.9
      gcc11-go-32bit-11.2.1+git610-1.3.9
      gcc11-obj-c++-32bit-11.2.1+git610-1.3.9
      gcc11-objc-32bit-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-32bit-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):

      gcc11-info-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64):

      cpp11-11.2.1+git610-1.3.9
      cpp11-debuginfo-11.2.1+git610-1.3.9
      gcc11-11.2.1+git610-1.3.9
      gcc11-ada-11.2.1+git610-1.3.9
      gcc11-ada-debuginfo-11.2.1+git610-1.3.9
      gcc11-c++-11.2.1+git610-1.3.9
      gcc11-c++-debuginfo-11.2.1+git610-1.3.9
      gcc11-debuginfo-11.2.1+git610-1.3.9
      gcc11-debugsource-11.2.1+git610-1.3.9
      gcc11-fortran-11.2.1+git610-1.3.9
      gcc11-fortran-debuginfo-11.2.1+git610-1.3.9
      gcc11-go-11.2.1+git610-1.3.9
      gcc11-go-debuginfo-11.2.1+git610-1.3.9
      gcc11-locale-11.2.1+git610-1.3.9
      gcc11-obj-c++-11.2.1+git610-1.3.9
      gcc11-obj-c++-debuginfo-11.2.1+git610-1.3.9
      gcc11-objc-11.2.1+git610-1.3.9
      gcc11-objc-debuginfo-11.2.1+git610-1.3.9
      gcc11-testresults-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 s390x x86_64):

      gcc11-d-11.2.1+git610-1.3.9
      gcc11-d-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):

      gcc11-info-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64):

      gcc11-32bit-11.2.1+git610-1.3.9
      gcc11-ada-32bit-11.2.1+git610-1.3.9
      gcc11-c++-32bit-11.2.1+git610-1.3.9
      gcc11-d-32bit-11.2.1+git610-1.3.9
      gcc11-fortran-32bit-11.2.1+git610-1.3.9
      gcc11-go-32bit-11.2.1+git610-1.3.9
      gcc11-obj-c++-32bit-11.2.1+git610-1.3.9
      gcc11-objc-32bit-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-32bit-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      libada11-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le x86_64):

      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64):

      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le x86_64):

      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):

      libhwasan0-11.2.1+git610-1.3.9
      libhwasan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):

      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      libada11-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le x86_64):

      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64):

      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le x86_64):

      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64):

      cpp11-11.2.1+git610-1.3.9
      cpp11-debuginfo-11.2.1+git610-1.3.9
      gcc11-debuginfo-11.2.1+git610-1.3.9
      gcc11-debugsource-11.2.1+git610-1.3.9
      libhwasan0-11.2.1+git610-1.3.9
      libhwasan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64):

      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      libada11-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64):

      libhwasan0-11.2.1+git610-1.3.9
      libhwasan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):

      cross-nvptx-gcc11-11.2.1+git610-1.3.1
      cross-nvptx-newlib11-devel-11.2.1+git610-1.3.1
      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      libada11-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64):

      libhwasan0-11.2.1+git610-1.3.9
      libhwasan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):

      cross-nvptx-gcc11-11.2.1+git610-1.3.1
      cross-nvptx-newlib11-devel-11.2.1+git610-1.3.1
      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      libada11-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64):

      libhwasan0-11.2.1+git610-1.3.9
      libhwasan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):

      cross-nvptx-gcc11-11.2.1+git610-1.3.1
      cross-nvptx-newlib11-devel-11.2.1+git610-1.3.1
      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      libada11-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64):

      libhwasan0-11.2.1+git610-1.3.9
      libhwasan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):

      cross-nvptx-gcc11-11.2.1+git610-1.3.1
      cross-nvptx-newlib11-devel-11.2.1+git610-1.3.1
      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      libada11-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9

   - SUSE Enterprise Storage 6 (aarch64):

      libhwasan0-11.2.1+git610-1.3.9
      libhwasan0-debuginfo-11.2.1+git610-1.3.9

   - SUSE Enterprise Storage 6 (x86_64):

      cross-nvptx-gcc11-11.2.1+git610-1.3.1
      cross-nvptx-newlib11-devel-11.2.1+git610-1.3.1
      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9

   - SUSE CaaS Platform 4.0 (x86_64):

      cross-nvptx-gcc11-11.2.1+git610-1.3.1
      cross-nvptx-newlib11-devel-11.2.1+git610-1.3.1
      libada11-11.2.1+git610-1.3.9
      libada11-32bit-11.2.1+git610-1.3.9
      libada11-32bit-debuginfo-11.2.1+git610-1.3.9
      libada11-debuginfo-11.2.1+git610-1.3.9
      libasan6-11.2.1+git610-1.3.9
      libasan6-32bit-11.2.1+git610-1.3.9
      libasan6-32bit-debuginfo-11.2.1+git610-1.3.9
      libasan6-debuginfo-11.2.1+git610-1.3.9
      libatomic1-11.2.1+git610-1.3.9
      libatomic1-32bit-11.2.1+git610-1.3.9
      libatomic1-32bit-debuginfo-11.2.1+git610-1.3.9
      libatomic1-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-11.2.1+git610-1.3.9
      libgcc_s1-32bit-11.2.1+git610-1.3.9
      libgcc_s1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgcc_s1-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-11.2.1+git610-1.3.9
      libgdruntime2-32bit-11.2.1+git610-1.3.9
      libgdruntime2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgdruntime2-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-11.2.1+git610-1.3.9
      libgfortran5-32bit-11.2.1+git610-1.3.9
      libgfortran5-32bit-debuginfo-11.2.1+git610-1.3.9
      libgfortran5-debuginfo-11.2.1+git610-1.3.9
      libgo19-11.2.1+git610-1.3.9
      libgo19-32bit-11.2.1+git610-1.3.9
      libgo19-32bit-debuginfo-11.2.1+git610-1.3.9
      libgo19-debuginfo-11.2.1+git610-1.3.9
      libgomp1-11.2.1+git610-1.3.9
      libgomp1-32bit-11.2.1+git610-1.3.9
      libgomp1-32bit-debuginfo-11.2.1+git610-1.3.9
      libgomp1-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-11.2.1+git610-1.3.9
      libgphobos2-32bit-11.2.1+git610-1.3.9
      libgphobos2-32bit-debuginfo-11.2.1+git610-1.3.9
      libgphobos2-debuginfo-11.2.1+git610-1.3.9
      libitm1-11.2.1+git610-1.3.9
      libitm1-32bit-11.2.1+git610-1.3.9
      libitm1-32bit-debuginfo-11.2.1+git610-1.3.9
      libitm1-debuginfo-11.2.1+git610-1.3.9
      liblsan0-11.2.1+git610-1.3.9
      liblsan0-debuginfo-11.2.1+git610-1.3.9
      libobjc4-11.2.1+git610-1.3.9
      libobjc4-32bit-11.2.1+git610-1.3.9
      libobjc4-32bit-debuginfo-11.2.1+git610-1.3.9
      libobjc4-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-11.2.1+git610-1.3.9
      libquadmath0-32bit-11.2.1+git610-1.3.9
      libquadmath0-32bit-debuginfo-11.2.1+git610-1.3.9
      libquadmath0-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-11.2.1+git610-1.3.9
      libstdc++6-32bit-11.2.1+git610-1.3.9
      libstdc++6-32bit-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-debuginfo-11.2.1+git610-1.3.9
      libstdc++6-devel-gcc11-11.2.1+git610-1.3.9
      libstdc++6-locale-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-11.2.1+git610-1.3.9
      libstdc++6-pp-gcc11-32bit-11.2.1+git610-1.3.9
      libtsan0-11.2.1+git610-1.3.9
      libtsan0-debuginfo-11.2.1+git610-1.3.9
      libubsan1-11.2.1+git610-1.3.9
      libubsan1-32bit-11.2.1+git610-1.3.9
      libubsan1-32bit-debuginfo-11.2.1+git610-1.3.9
      libubsan1-debuginfo-11.2.1+git610-1.3.9


References:

   https://bugzilla.suse.com/1187153
   https://bugzilla.suse.com/1187273
   https://bugzilla.suse.com/1188623


From sle-updates at lists.suse.com  Wed Nov 24 20:31:22 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 21:31:22 +0100 (CET)
Subject: SUSE-RU-2021:3798-1: moderate: Recommended update for gcc7
Message-ID: <20211124203122.46228FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for gcc7
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3798-1
Rating:             moderate
References:         SLE-20049 
Affected Products:
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Development Tools 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that has 0 recommended fixes and contains one
   feature can now be installed.

Description:



   This update for gcc7 fixes the following issues:

   - Fixed a build issue when built with recent kernel headers.
   - Backport the "-fpatchable-function-entry" feature from newer GCC.
     (jsc#SLE-20049)
   - do not handle exceptions in std::thread (jsc#CAR-1182)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3798=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3798=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3798=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3798=1



Package List:

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      gcc7-ada-7.5.0+r278197-4.30.1
      gcc7-ada-debuginfo-7.5.0+r278197-4.30.1
      gcc7-debuginfo-7.5.0+r278197-4.30.1
      gcc7-debugsource-7.5.0+r278197-4.30.1
      gcc7-locale-7.5.0+r278197-4.30.1
      gcc7-objc-7.5.0+r278197-4.30.1
      gcc7-objc-debuginfo-7.5.0+r278197-4.30.1
      libada7-7.5.0+r278197-4.30.1
      libada7-debuginfo-7.5.0+r278197-4.30.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64):

      cross-nvptx-gcc7-7.5.0+r278197-4.30.1
      cross-nvptx-newlib7-devel-7.5.0+r278197-4.30.1
      gcc7-32bit-7.5.0+r278197-4.30.1
      gcc7-c++-32bit-7.5.0+r278197-4.30.1
      gcc7-fortran-32bit-7.5.0+r278197-4.30.1
      libasan4-32bit-7.5.0+r278197-4.30.1
      libasan4-32bit-debuginfo-7.5.0+r278197-4.30.1
      libcilkrts5-32bit-7.5.0+r278197-4.30.1
      libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.30.1
      libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.30.1
      libubsan0-32bit-7.5.0+r278197-4.30.1
      libubsan0-32bit-debuginfo-7.5.0+r278197-4.30.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):

      gcc7-info-7.5.0+r278197-4.30.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64):

      gcc7-ada-7.5.0+r278197-4.30.1
      gcc7-ada-debuginfo-7.5.0+r278197-4.30.1
      gcc7-debuginfo-7.5.0+r278197-4.30.1
      gcc7-debugsource-7.5.0+r278197-4.30.1
      gcc7-locale-7.5.0+r278197-4.30.1
      gcc7-objc-7.5.0+r278197-4.30.1
      gcc7-objc-debuginfo-7.5.0+r278197-4.30.1
      libada7-7.5.0+r278197-4.30.1
      libada7-debuginfo-7.5.0+r278197-4.30.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64):

      cross-nvptx-gcc7-7.5.0+r278197-4.30.1
      cross-nvptx-newlib7-devel-7.5.0+r278197-4.30.1
      gcc7-32bit-7.5.0+r278197-4.30.1
      gcc7-c++-32bit-7.5.0+r278197-4.30.1
      gcc7-fortran-32bit-7.5.0+r278197-4.30.1
      libasan4-32bit-7.5.0+r278197-4.30.1
      libasan4-32bit-debuginfo-7.5.0+r278197-4.30.1
      libcilkrts5-32bit-7.5.0+r278197-4.30.1
      libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.30.1
      libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.30.1
      libubsan0-32bit-7.5.0+r278197-4.30.1
      libubsan0-32bit-debuginfo-7.5.0+r278197-4.30.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):

      gcc7-info-7.5.0+r278197-4.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      cpp7-7.5.0+r278197-4.30.1
      cpp7-debuginfo-7.5.0+r278197-4.30.1
      gcc7-7.5.0+r278197-4.30.1
      gcc7-c++-7.5.0+r278197-4.30.1
      gcc7-c++-debuginfo-7.5.0+r278197-4.30.1
      gcc7-debuginfo-7.5.0+r278197-4.30.1
      gcc7-debugsource-7.5.0+r278197-4.30.1
      gcc7-fortran-7.5.0+r278197-4.30.1
      gcc7-fortran-debuginfo-7.5.0+r278197-4.30.1
      libasan4-7.5.0+r278197-4.30.1
      libasan4-debuginfo-7.5.0+r278197-4.30.1
      libgfortran4-7.5.0+r278197-4.30.1
      libgfortran4-debuginfo-7.5.0+r278197-4.30.1
      libstdc++6-devel-gcc7-7.5.0+r278197-4.30.1
      libubsan0-7.5.0+r278197-4.30.1
      libubsan0-debuginfo-7.5.0+r278197-4.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):

      libcilkrts5-7.5.0+r278197-4.30.1
      libcilkrts5-debuginfo-7.5.0+r278197-4.30.1
      libgfortran4-32bit-7.5.0+r278197-4.30.1
      libgfortran4-32bit-debuginfo-7.5.0+r278197-4.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      cpp7-7.5.0+r278197-4.30.1
      cpp7-debuginfo-7.5.0+r278197-4.30.1
      gcc7-7.5.0+r278197-4.30.1
      gcc7-c++-7.5.0+r278197-4.30.1
      gcc7-c++-debuginfo-7.5.0+r278197-4.30.1
      gcc7-debuginfo-7.5.0+r278197-4.30.1
      gcc7-debugsource-7.5.0+r278197-4.30.1
      gcc7-fortran-7.5.0+r278197-4.30.1
      gcc7-fortran-debuginfo-7.5.0+r278197-4.30.1
      libasan4-7.5.0+r278197-4.30.1
      libasan4-debuginfo-7.5.0+r278197-4.30.1
      libgfortran4-7.5.0+r278197-4.30.1
      libgfortran4-debuginfo-7.5.0+r278197-4.30.1
      libstdc++6-devel-gcc7-7.5.0+r278197-4.30.1
      libubsan0-7.5.0+r278197-4.30.1
      libubsan0-debuginfo-7.5.0+r278197-4.30.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64):

      libcilkrts5-7.5.0+r278197-4.30.1
      libcilkrts5-debuginfo-7.5.0+r278197-4.30.1
      libgfortran4-32bit-7.5.0+r278197-4.30.1
      libgfortran4-32bit-debuginfo-7.5.0+r278197-4.30.1


References:



From sle-updates at lists.suse.com  Wed Nov 24 20:32:44 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Wed, 24 Nov 2021 21:32:44 +0100 (CET)
Subject: SUSE-SU-2021:3797-1: important: Security update for java-1_7_0-openjdk
Message-ID: <20211124203244.978AFFD0A@maintenance.suse.de>


   SUSE Security Update: Security update for java-1_7_0-openjdk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3797-1
Rating:             important
References:         #1191901 #1191905 #1191906 #1191909 #1191910 
                    #1191911 #1191912 #1191913 #1191914 
Cross-References:   CVE-2021-35550 CVE-2021-35556 CVE-2021-35559
                    CVE-2021-35561 CVE-2021-35564 CVE-2021-35565
                    CVE-2021-35586 CVE-2021-35588 CVE-2021-35603
                   
CVSS scores:
                    CVE-2021-35550 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-35550 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35561 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35561 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-35603 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-35603 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud 8
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server for SAP 12-SP3
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:

   This update for java-1_7_0-openjdk fixes the following issues:


   Update to OpenJDK 7u321 (October 2021 CPU):

   - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS
     (bsc#1191901).
   - CVE-2021-35556: Fixed excessive memory allocation in RTFParser
     (bsc#1191910).
   - CVE-2021-35559: Fixed excessive memory allocation in RTFReader
     (bsc#1191911).
   - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet
     (bsc#1191912).
   - CVE-2021-35564: Fixed certificates with end dates too far in the future
     can corrupt keystore (bsc#1191913).
   - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session
     close (bsc#1191909).
   - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader
     (bsc#1191914).
   - CVE-2021-35588: Fixed incomplete validation of inner class references in
     ClassFileParser (bsc#1191905)
   - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes
     (bsc#1191906).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3797=1

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3797=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3797=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3797=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3797=1

   - SUSE Linux Enterprise Server for SAP 12-SP3:

      zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3797=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3797=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3797=1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3797=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3797=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3797=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-3797=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2

   - SUSE OpenStack Cloud 9 (x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2

   - SUSE OpenStack Cloud 8 (x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2

   - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2

   - HPE Helion Openstack 8 (x86_64):

      java-1_7_0-openjdk-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-debugsource-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-1.7.0.321-43.53.2
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-1.7.0.321-43.53.2
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.321-43.53.2


References:

   https://www.suse.com/security/cve/CVE-2021-35550.html
   https://www.suse.com/security/cve/CVE-2021-35556.html
   https://www.suse.com/security/cve/CVE-2021-35559.html
   https://www.suse.com/security/cve/CVE-2021-35561.html
   https://www.suse.com/security/cve/CVE-2021-35564.html
   https://www.suse.com/security/cve/CVE-2021-35565.html
   https://www.suse.com/security/cve/CVE-2021-35586.html
   https://www.suse.com/security/cve/CVE-2021-35588.html
   https://www.suse.com/security/cve/CVE-2021-35603.html
   https://bugzilla.suse.com/1191901
   https://bugzilla.suse.com/1191905
   https://bugzilla.suse.com/1191906
   https://bugzilla.suse.com/1191909
   https://bugzilla.suse.com/1191910
   https://bugzilla.suse.com/1191911
   https://bugzilla.suse.com/1191912
   https://bugzilla.suse.com/1191913
   https://bugzilla.suse.com/1191914


From sle-updates at lists.suse.com  Wed Nov 24 23:17:54 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 25 Nov 2021 00:17:54 +0100 (CET)
Subject: SUSE-RU-2021:3801-1: important: Recommended update for
 cloud-regionsrv-client
Message-ID: <20211124231754.692FBFD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for cloud-regionsrv-client
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3801-1
Rating:             important
References:         #1029162 
Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 15-SP3
                    SUSE Linux Enterprise Module for Public Cloud 15-SP2
                    SUSE Linux Enterprise Module for Public Cloud 15-SP1
                    SUSE Linux Enterprise Module for Public Cloud 15
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for cloud-regionsrv-client fixes the following issues:

   - Update to version 9.3.0
     - Support AHB-v3
     - Support registration of BYOS instances against the update
       infrastructure
     - Properly extract the region for local zones in AWS to ensure instances
       get connected to the proper update servers
     - Azure addon service and executable rename
     - Support non SLE repos
     - Fix handling of regionservers configured with DNS names

   This update for regionServiceClientConfigEC2 fixes the following issues:

     - Update to version 3.1.0 (bsc#1029162)
     - Add IPv6 addresses to config
     - Include IPv6 certificates


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-3801=1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-3801=1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-3801=1

   - SUSE Linux Enterprise Module for Public Cloud 15:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2021-3801=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2021-3801=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):

      cloud-regionsrv-client-9.3.0-6.54.1
      cloud-regionsrv-client-addon-azure-1.0.0-6.54.1
      cloud-regionsrv-client-generic-config-1.0.0-6.54.1
      cloud-regionsrv-client-plugin-azure-1.0.1-6.54.1
      cloud-regionsrv-client-plugin-ec2-1.0.2-6.54.1
      cloud-regionsrv-client-plugin-gce-1.0.0-6.54.1
      regionServiceClientConfigEC2-3.1.0-3.18.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):

      cloud-regionsrv-client-9.3.0-6.54.1
      cloud-regionsrv-client-addon-azure-1.0.0-6.54.1
      cloud-regionsrv-client-generic-config-1.0.0-6.54.1
      cloud-regionsrv-client-plugin-azure-1.0.1-6.54.1
      cloud-regionsrv-client-plugin-ec2-1.0.2-6.54.1
      cloud-regionsrv-client-plugin-gce-1.0.0-6.54.1
      regionServiceClientConfigEC2-3.1.0-3.18.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch):

      cloud-regionsrv-client-9.3.0-6.54.1
      cloud-regionsrv-client-addon-azure-1.0.0-6.54.1
      cloud-regionsrv-client-generic-config-1.0.0-6.54.1
      cloud-regionsrv-client-plugin-azure-1.0.1-6.54.1
      cloud-regionsrv-client-plugin-ec2-1.0.2-6.54.1
      cloud-regionsrv-client-plugin-gce-1.0.0-6.54.1
      regionServiceClientConfigEC2-3.1.0-3.18.1

   - SUSE Linux Enterprise Module for Public Cloud 15 (noarch):

      cloud-regionsrv-client-9.3.0-6.54.1
      cloud-regionsrv-client-generic-config-1.0.0-6.54.1
      cloud-regionsrv-client-plugin-azure-1.0.1-6.54.1
      cloud-regionsrv-client-plugin-ec2-1.0.2-6.54.1
      cloud-regionsrv-client-plugin-gce-1.0.0-6.54.1
      regionServiceClientConfigEC2-3.1.0-3.18.1


References:

   https://bugzilla.suse.com/1029162


From sle-updates at lists.suse.com  Wed Nov 24 23:20:33 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 25 Nov 2021 00:20:33 +0100 (CET)
Subject: SUSE-RU-2021:3800-1: important: Recommended update for
 cloud-regionsrv-client
Message-ID: <20211124232033.799C6FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for cloud-regionsrv-client
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3800-1
Rating:             important
References:         #1029162 
Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for cloud-regionsrv-client fixes the following issues:

   - Update to version 9.3.0:
     - Support AHB-v3
     - Support registration of BYOS instances against the update
       infrastructure
     - Properly extract the region for local zones in AWS to ensure instances
       get connected to the proper update servers
     - Azure addon service and executable rename
     - Support non SLE repos
     - Fix handling of regionservers configured with DNS names

   This update for regionServiceClientConfigEC2 fixes the following issues:

   - Update to version 3.1.0: (bsc#1029162)
     - Add IPv6 addresses to config
     - Include IPv6 certificates


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-3800=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2021-3800=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 12 (noarch):

      cloud-regionsrv-client-9.3.0-52.61.2
      cloud-regionsrv-client-addon-azure-1.0.0-52.61.2
      cloud-regionsrv-client-generic-config-1.0.0-52.61.2
      cloud-regionsrv-client-plugin-azure-1.0.1-52.61.2
      cloud-regionsrv-client-plugin-ec2-1.0.2-52.61.2
      cloud-regionsrv-client-plugin-gce-1.0.0-52.61.2
      regionServiceClientConfigEC2-3.1.0-4.16.2


References:

   https://bugzilla.suse.com/1029162


From sle-updates at lists.suse.com  Wed Nov 24 23:21:51 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 25 Nov 2021 00:21:51 +0100 (CET)
Subject: SUSE-RU-2021:3802-1: important: Recommended update for dolly
Message-ID: <20211124232151.C1A82FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for dolly
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3802-1
Rating:             important
References:         #1191613 
Affected Products:
                    SUSE Linux Enterprise Module for HPC 15-SP3
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for dolly fixes the following issues:

   - Fix hostname resolution is not done in case of usage of an external
     configuration file. (bsc#1191613)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for HPC 15-SP3:

      zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2021-3802=1



Package List:

   - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64):

      dolly-0.63.1-3.3.1
      dolly-debuginfo-0.63.1-3.3.1
      dolly-debugsource-0.63.1-3.3.1


References:

   https://bugzilla.suse.com/1191613


From sle-updates at lists.suse.com  Thu Nov 25 08:00:44 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 25 Nov 2021 09:00:44 +0100 (CET)
Subject: SUSE-CU-2021:522-1: Recommended update of suse/sle15
Message-ID: <20211125080044.13E29FD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:522-1
Container Tags        : suse/sle15:15.1 , suse/sle15:15.1.6.2.533
Container Release     : 6.2.533
Severity              : moderate
Type                  : recommended
References            : 1153687 1182372 1183268 1183589 1184326 1184399 1184997 1185325
                        1186447 1186503 1186602 1187153 1187224 1187273 1187425 1187466
                        1187738 1187760 1188156 1188435 1188623 1189031 1190059 1190199
                        1190356 1190465 1190712 1190815 1191286 1191324 1191370 1191609
                        1192337 1192436 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:305-1
Released:    Thu Feb  4 15:00:37 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate
References:  

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the base products. (jsc#ECO-2911)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3781-1
Released:    Tue Nov 23 23:48:43 2021
Summary:     This update for libzypp, zypper and libsolv fixes the following issues:
Type:        recommended
Severity:    moderate
References:  1153687,1182372,1183268,1183589,1184326,1184399,1184997,1185325,1186447,1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190356,1190465,1190712,1190815,1191286,1191324,1191370,1191609,1192337,1192436
This update for zypper fixes the following issues:

- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Let a patch's reboot-needed flag overrule included packages. (bsc#1183268)
- Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687)
- Protect against strict/relaxed user umask via sudo. (bsc#1183589)
- xml summary: Add solvables repository alias. (bsc#1182372)
- Allow trusted repos to add additional signing keys. (bsc#1184326)
- MediaCurl: Fix logging of redirects.
- Let negative values wait forever for the zypp lock. (bsc#1184399)
- Fix 'purge-kernels' is broken in Leap 15.3. (bsc#1185325)
- Fix service detection with cgroupv2. (bsc#1184997)
- Add hints to 'trust GPG key' prompt.
- Enhance XML output of repo GPG options
- Add optional attributes showing the raw values actually present in the '.repo' file.
- Link all executables with -pie (bsc#1186447)
- Ship an empty '/etc/zypp/needreboot' per default. (jsc#PM-2645)
- Fix solver jobs for PTFs. (bsc#1186503)
- choice rules: treat orphaned packages as newest. (bc#1190465)
- Add need reboot/restart hint to XML install summary. (bsc#1188435)
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix obs:// platform guessing for Leap. (bsc#1187425)
- Fix purge-kernels fails. (bsc#1187738)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Prompt: choose exact match if prompt options are not prefix free. (bsc#1188156)
- Do not check of signatures and keys two times(redundant). (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved. (bsc#1187760)
- Show key fpr from signature when signature check fails. (bsc#1187224)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Fix crashes in logging code when shutting down. (bsc#1189031)
- Manpage: Improve description about patch updates. (bsc#1187466)
- Avoid calling 'su' to detect a too restrictive sudo user umask. (bsc#1186602)
- Consolidate reboot-recommendations across tools and stop using /etc/zypp/needreboot (jsc#-SLE-18858)
- Disable logger in the child after fork (bsc#1192436)
- Check log writer before accessing it (bsc#1192337)
- Allow uname-r format in purge kernels keepspec
- zypper should keep cached files if transaction is aborted (bsc#1190356)
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324)
- Fix translations (bsc#1191370)
- RepoManager: Don't probe for plaindir repo if URL schema is plugin (bsc#1191286)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3799-1
Released:    Wed Nov 24 18:07:54 2021
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1187153,1187273,1188623
This update for gcc11 fixes the following issues:

The additional GNU compiler collection GCC 11 is provided:

To select these compilers install the packages:

- gcc11
- gcc-c++11
- and others with 11 prefix.

to select them for building:

- CC='gcc-11'
- CXX='g++-11'

The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.


The following package changes have been done:

- libgcc_s1-11.2.1+git610-1.3.9 updated
- libprotobuf-lite15-3.5.0-5.2.1 added
- libsolv-tools-0.7.20-4.3.1 updated
- libstdc++6-11.2.1+git610-1.3.9 updated
- libzypp-17.28.8-3.61.1 updated
- zypper-1.14.50-3.46.1 updated

From sle-updates at lists.suse.com  Thu Nov 25 17:17:31 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 25 Nov 2021 18:17:31 +0100 (CET)
Subject: SUSE-SU-2021:3806-1: important: Security update for the Linux Kernel
Message-ID: <20211125171731.97956FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3806-1
Rating:             important
References:         #1094840 #1133021 #1152489 #1154353 #1157177 
                    #1167773 #1169263 #1170269 #1176940 #1180749 
                    #1184924 #1188601 #1190523 #1190795 #1191628 
                    #1191790 #1191851 #1191958 #1191961 #1191980 
                    #1192045 #1192217 #1192229 #1192267 #1192273 
                    #1192288 #1192328 #1192375 #1192473 #1192549 
                    #1192718 #1192740 #1192745 #1192750 #1192753 
                    #1192758 #1192781 #1192802 #1192896 #1192906 
                    #1192918 SLE-22573 
Cross-References:   CVE-2021-0941 CVE-2021-20322 CVE-2021-31916
                    CVE-2021-34981 CVE-2021-37159 CVE-2021-43389
                   
CVSS scores:
                    CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 15-SP3
______________________________________________________________________________

   An update that solves 6 vulnerabilities, contains one
   feature and has 35 fixes is now available.

Description:



   The SUSE Linux Enterprise 15 SP3 kernel for Azure was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - Unprivileged BPF has been disabled by default to reduce attack surface
     as too many security issues have happened in the past (jsc#SLE-22573)

     You can reenable via systemctl setting
   /proc/sys/kernel/unprivileged_bpf_disabled to 0.
   (kernel.unprivileged_bpf_disabled = 0)

   - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible
     out of bounds read due to a use after free. This could lead to local
     escalation of privilege with System execution privileges needed. User
     interaction is not needed for exploitation (bnc#1192045).
   - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in
     list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module
     in the Linux kernel A bound check failure allowed an attacker with
     special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds
     memory leading to a system crash or a leak of internal kernel
     information. The highest threat from this vulnerability is to system
     availability (bnc#1192781).
   - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less
     predictive to avoid information leaks about UDP ports in use.
     (bsc#1191790)
   - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device
     fails  (bsc#1191961).
   - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the
     detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
   - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called
     unregister_netdev without checking for the NETREG_REGISTERED state,
     leading to a use-after-free and a double free (bnc#1188601).

   The following non-security bugs were fixed:

   - ABI: sysfs-kernel-slab: Document some stats (git-fixes).
   - ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes).
   - ALSA: hda: Free card instance properly at probe errors (git-fixes).
   - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14
     (git-fixes).
   - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes).
   - ALSA: hda: Use position buffer for SKL+ again (git-fixes).
   - ALSA: ua101: fix division by zero at probe (git-fixes).
   - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes).
   - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes).
   - ALSA: usb-audio: Add minimal-mute notion in dB mapping table
     (bsc#1192375).
   - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table
     (git-fixes).
   - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375).
   - ALSA: usb-audio: Use int for dB map values (bsc#1192375).
   - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473).
   - ASoC: cs42l42: Correct some register default values (git-fixes).
   - ASoC: cs42l42: Defer probe if request_threaded_irq() returns
     EPROBE_DEFER (git-fixes).
   - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes).
   - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes).
   - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
   - ASoC: rockchip: Use generic dmaengine code (git-fixes).
   - ASoC: SOF: topology: do not power down primary core during topology
     removal (git-fixes).
   - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes).
   - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes).
   - ath10k: fix control-message timeout (git-fixes).
   - ath10k: fix division by zero in send path (git-fixes).
   - ath10k: fix max antenna gain unit (git-fixes).
   - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
   - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes).
   - ath6kl: fix control-message timeout (git-fixes).
   - ath6kl: fix division by zero in send path (git-fixes).
   - ath9k: Fix potential interrupt storm on queue reset (git-fixes).
   - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
   - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes).
   - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
     (git-fixes).
   - b43: fix a lower bounds test (git-fixes).
   - b43legacy: fix a lower bounds test (git-fixes).
   - blacklist.conf: 5c9d706f6133 ("bpf: Fix BPF_LSM kconfig symbol
     dependency") Not needed since 30897832d8b9 ("bpf: Allow local storage to
     be used from LSM programs") is not backported.
   - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes).
   - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes).
   - bnxt_en: Fix TX timeout when TX ring size is set to the smallest
     (git-fixes).
   - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573)
   - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574)
   - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
   - bpf: Disallow unprivileged bpf by default (jsc#SLE-22574).
   - bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574).
   - bpf: Fix potential race in tail call compatibility check (git-fixes).
   - bpf, kconfig: Add consolidated menu entry for bpf with core options
     (jsc#SLE-22574).
   - btrfs: block-group: Rework documentation of check_system_chunk function
     (bsc#1192896).
   - btrfs: fix deadlock between chunk allocation and chunk btree
     modifications (bsc#1192896).
   - btrfs: fix memory ordering between normal and ordered work functions
     (git-fixes).
   - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896).
   - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
     (git-fixes).
   - config: disable unprivileged BPF by default (jsc#SLE-22573)
   - crypto: caam - disable pkc for non-E SoCs (git-fixes).
   - crypto: qat - detect PFVF collision after ACK (git-fixes).
   - crypto: qat - disregard spurious PFVF interrupts (git-fixes).
   - driver core: add a min_align_mask field to struct device_dma_parameters
     (bsc#1191851).
   - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes).
   - drm/amdgpu: fix warning for overflow check (git-fixes).
   - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes).
   - drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758).
   - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
   - drm/msm: potential error pointer dereference in init() (git-fixes).
   - drm/msm: uninitialized variable in msm_gem_import() (git-fixes).
   - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
   - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
   - drm/ttm: stop calling tt_swapin in vm_access (git-fixes).
   - drm/v3d: fix wait for TMU write combiner flush (git-fixes).
   - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh
     (bsc#1192288).
   - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
     (bsc#1152489).
   - Eradicate Patch-mainline: No The pre-commit check can reject this
     deprecated tag then.
   - exfat: fix erroneous discard when clear cluster bit (git-fixes).
   - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes).
   - exfat: properly set s_time_gran (bsc#1192328).
   - exfat: truncate atimes to 2s granularity (bsc#1192328).
   - firmware/psci: fix application of sizeof to pointer (git-fixes).
   - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
   - fuse: fix page stealing (bsc#1192718).
   - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
   - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and
     avoid a leak (git-fixes).
   - gpio/rockchip: add driver for rockchip gpio (bsc#1192217).
   - gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type
     (bsc#1192217).
   - gpio/rockchip: extended debounce support is only available on v2
     (bsc#1192217).
   - gpio/rockchip: fetch deferred output settings on probe (bsc#1192217).
   - gpio/rockchip: fix get_direction value handling (bsc#1192217).
   - gpio/rockchip: support next version gpio controller (bsc#1192217).
   - gpio/rockchip: use struct rockchip_gpio_regs for gpio controller
     (bsc#1192217).
   - gve: Avoid freeing NULL pointer (git-fixes).
   - gve: Correct available tx qpl check (git-fixes).
   - gve: fix gve_get_stats() (git-fixes).
   - gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
   - gve: report 64bit tx_bytes counter from gve_handle_report_stats()
     (bsc#1176940).
   - HID: u2fzero: clarify error check and length calculations (git-fixes).
   - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes).
   - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes).
   - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
   - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of
     lm25066_coeff (git-fixes).
   - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
   - i40e: Fix ATR queue selection (git-fixes).
   - i40e: fix endless loop under rtnl (git-fixes).
   - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
   - iavf: fix double unlock of crit_lock (git-fixes).
   - ibmvnic: check failover_pending in login response (bsc#1190523
     ltc#194510).
   - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
   - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
   - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
   - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
   - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
   - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918).
   - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980).
   - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
   - iwlwifi: mvm: fix some kerneldoc issues (git-fixes).
   - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
   - kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
   - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
   - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer
     (bsc#1133021).
   - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
   - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
   - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021).
   - libertas: Fix possible memory leak in probe and disconnect (git-fixes).
   - libertas_tf: Fix possible memory leak in probe and disconnect
     (git-fixes).
   - media: cedrus: Fix SUNXI tile size calculation (git-fixes).
   - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
   - media: cxd2880-spi: Fix a null pointer dereference on error handling
     path (git-fixes).
   - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
     (git-fixes).
   - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
   - media: em28xx: add missing em28xx_close_extension (git-fixes).
   - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes).
   - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
   - media: ite-cir: IR receiver stop working after receive overflow
     (git-fixes).
   - media: mtk-vpu: Fix a resource leak in the error handling path of
     'mtk_vpu_probe()' (git-fixes).
   - media: mxl111sf: change mutex_init() location (git-fixes).
   - media: radio-wl1273: Avoid card name truncation (git-fixes).
   - media: si470x: Avoid card name truncation (git-fixes).
   - media: staging/intel-ipu3: css: Fix wrong size comparison
     imgu_css_fw_init (git-fixes).
   - media: TDA1997x: handle short reads of hdmi info frame (git-fixes).
   - media: tm6000: Avoid card name truncation (git-fixes).
   - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
   - media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
   - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
     (git-fixes).
   - memstick: avoid out-of-range warning (git-fixes).
   - memstick: jmb38x_ms: use appropriate free function in
     jmb38x_ms_alloc_host() (git-fixes).
   - mlx5: count all link events (git-fixes).
   - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
   - mmc: mxs-mmc: disable regulator on error and in the remove function
     (git-fixes).
   - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes).
   - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not
     configured (git-fixes).
   - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
   - Move upstreamed sound fix into sorted section
   - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi
     (git-fixes).
   - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes).
   - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes).
   - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes).
   - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes).
   - mwifiex: fix division by zero in fw download path (git-fixes).
   - mwifiex: Send DELBA requests according to spec (git-fixes).
   - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
   - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
     (git-fixes).
   - net: dsa: felix: re-enable TX flow control in ocelot_port_flush()
     (git-fixes).
   - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
   - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
   - net/mlx4_en: Resolve bad operstate value (git-fixes).
   - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
   - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
   - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
   - net: mscc: ocelot: fix hardware timestamp dequeue logic.
   - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb
     (git-fixes).
   - net/smc: Correct smc link connection counter in case of smc client
     (git-fixes).
   - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes).
   - nvme-pci: set min_align_mask (bsc#1191851).
   - ocfs2: do not zero pages beyond i_size (bsc#1190795).
   - ocfs2: fix data corruption on truncate (bsc#1190795).
   - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).
   - PCI: aardvark: Do not spam about PIO Response Status (git-fixes).
   - PCI: aardvark: Do not unmask unused interrupts (git-fixes).
   - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes).
   - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes).
   - PCI: aardvark: Fix return value of MSI domain .alloc() method
     (git-fixes).
   - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).
   - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set()
     (bsc#1169263).
   - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
   - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263).
   - PCI/ACPI: Move supported and control calculations to separate functions
     (bsc#1169263).
   - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS
     (bsc#1169263).
   - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
   - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
   - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit
     operation (git-fixes).
   - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes).
   - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours
     (bsc#1192217).
   - pinctrl/rockchip: add a queue for deferred pin output settings on probe
     (bsc#1192217).
   - pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217).
   - pinctrl: rockchip: add rk3308 SoC support (bsc#1192217).
   - pinctrl: rockchip: add support for rk3568 (bsc#1192217).
   - pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217).
   - pinctrl: rockchip: clear int status when driver probed (bsc#1192217).
   - pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217).
   - pinctrl: rockchip: do coding style for mux route struct (bsc#1192217).
   - pinctrl/rockchip: drop the gpio related codes (bsc#1192217).
   - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
     (bsc#1192217).
   - pinctrl: rockchip: make driver be tristate module (bsc#1192217).
   - pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217).
   - pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails
     (bsc#1192217).
   - pinctrl/rockchip: separate struct rockchip_pin_bank to a head file
     (bsc#1192217).
   - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
   - PM: sleep: Do not let "syscore" devices runtime-suspend during system
     transitions (git-fixes).
   - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
     (git-fixes).
   - power: supply: max17042_battery: Prevent int underflow in
     set_soc_threshold (git-fixes).
   - power: supply: max17042_battery: use VFSOC for capacity when no rsns
     (git-fixes).
   - printk/console: Allow to disable console output by using console="" or
     console=null (bsc#1192753).
   - printk: handle blank console arguments passed in (bsc#1192753).
   - qed: Fix missing error code in qed_slowpath_start() (git-fixes).
   - qed: Handle management FW error (git-fixes).
   - qed: rdma - do not wait for resources under hw error recovery flow
     (git-fixes).
   - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
   - r8152: add a helper function about setting EEE (git-fixes).
   - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2
     (git-fixes).
   - r8152: Disable PLA MCU clock speed down (git-fixes).
   - r8152: disable U2P3 for RTL8153B (git-fixes).
   - r8152: divide the tx and rx bottom functions (git-fixes).
   - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes).
   - r8152: fix runtime resume for linking change (git-fixes).
   - r8152: replace array with linking list for rx information (git-fixes).
   - r8152: reset flow control patch when linking on for RTL8153B (git-fixes).
   - r8152: saving the settings of EEE (git-fixes).
   - r8152: separate the rx buffer size (git-fixes).
   - r8152: use alloc_pages for rx buffer (git-fixes).
   - random: fix crash on multiple early calls to add_bootloader_randomness()
     (bsc#1184924)
   - README.BRANCH: Add Oscar Salvador as SLE15-SP3 maintainer
   - regulator: dt-bindings: samsung,s5m8767: correct
     s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
   - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is
     disabled (git-fixes).
   - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523
     ltc#194510).
   - Revert "platform/x86: i2c-multi-instantiate: Do not create platform
     device for INT3515 ACPI nodes" (git-fixes).
   - Revert "r8152: adjust the settings about MAC clock speed down for
     RTL8153" (git-fixes).
   - Revert "scsi: ufs: fix a missing check of devm_reset_control_get"
     (git-fixes).
   - Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes).
   - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
     (git-fixes).
   - rsi: fix control-message timeout (git-fixes).
   - rsi: Fix module dev_oper_mode parameter description (git-fixes).
   - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes).
   - rtl8187: fix control-message timeouts (git-fixes).
   - s390/dasd: fix use after free in dasd path handling (git-fixes).
   - s390/pci: fix use after free of zpci_dev (git-fixes).
   - s390/pci: fix zpci_zdev_put() on reserve (git-fixes).
   - s390/qeth: fix deadlock during failing recovery (git-fixes).
   - s390/qeth: Fix deadlock in remove_discipline (git-fixes).
   - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
   - s390/topology: clear thread/group maps for offline cpus (git-fixes).
   - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
     (git-fixes).
   - scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
   - scsi: core: Fix spelling in a source code comment (git-fixes).
   - scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
   - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
     (git-fixes).
   - scsi: dc395: Fix error case unwinding (git-fixes).
   - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes).
   - scsi: FlashPoint: Rename si_flags field (git-fixes).
   - scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
   - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
   - scsi: mpt3sas: Fix error return value in _scsih_expander_add()
     (git-fixes).
   - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes).
   - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes).
   - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes).
   - scsi: qla2xxx: Fix a memory leak in an error path of
     qla2x00_process_els() (git-fixes).
   - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).
   - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
   - scsi: snic: Fix an error message (git-fixes).
   - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL
     (git-fixes).
   - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).
   - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
   - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes).
   - staging: r8712u: fix control-message timeout (git-fixes).
   - staging: rtl8192u: fix control-message timeouts (git-fixes).
   - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt()
     (git-fixes).
   - swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
   - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
   - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single
     (bsc#1191851).
   - swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
   - swiotlb: factor out a nr_slots helper (bsc#1191851).
   - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
   - swiotlb: respect min_align_mask (bsc#1191851).
   - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
   - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes).
   - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker
     together (bsc#1192745).
   - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
   - Update
     patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch
     (bsc#1191628 bsc#1192549). dir_cookie is a pointer to the cookie in
     older kernels, not the cookie itself.
   - Update patch reference for AMDGPU fix (bsc#1180749)
   - usb: gadget: hid: fix error code in do_config() (git-fixes).
   - USB: iowarrior: fix control-message timeouts (git-fixes).
   - usb: max-3421: Use driver data instead of maintaining a list of bound
     devices (git-fixes).
   - usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
   - usbnet: fix error return code in usbnet_probe() (git-fixes).
   - usbnet: sanity check for maxpacket (git-fixes).
   - USB: serial: keyspan: fix memleak on probe errors (git-fixes).
   - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes).
   - virtio-gpu: fix possible memory allocation failure (git-fixes).
   - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's
     complement (git-fixes).
   - wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
   - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
   - x86/ioapic: Force affinity setup before startup (bsc#1152489).
   - x86/msi: Force affinity setup before startup (bsc#1152489).
   - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
     (bsc#1152489).
   - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
     (bsc#1152489).
   - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes).
   - xen: Fix implicit type conversion (git-fixes).
   - xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
   - xfs: do not allow log writes if the data device is readonly
     (bsc#1192229).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-3806=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):

      kernel-azure-5.3.18-38.31.1
      kernel-azure-debuginfo-5.3.18-38.31.1
      kernel-azure-debugsource-5.3.18-38.31.1
      kernel-azure-devel-5.3.18-38.31.1
      kernel-azure-devel-debuginfo-5.3.18-38.31.1
      kernel-syms-azure-5.3.18-38.31.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):

      kernel-devel-azure-5.3.18-38.31.1
      kernel-source-azure-5.3.18-38.31.1


References:

   https://www.suse.com/security/cve/CVE-2021-0941.html
   https://www.suse.com/security/cve/CVE-2021-20322.html
   https://www.suse.com/security/cve/CVE-2021-31916.html
   https://www.suse.com/security/cve/CVE-2021-34981.html
   https://www.suse.com/security/cve/CVE-2021-37159.html
   https://www.suse.com/security/cve/CVE-2021-43389.html
   https://bugzilla.suse.com/1094840
   https://bugzilla.suse.com/1133021
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1154353
   https://bugzilla.suse.com/1157177
   https://bugzilla.suse.com/1167773
   https://bugzilla.suse.com/1169263
   https://bugzilla.suse.com/1170269
   https://bugzilla.suse.com/1176940
   https://bugzilla.suse.com/1180749
   https://bugzilla.suse.com/1184924
   https://bugzilla.suse.com/1188601
   https://bugzilla.suse.com/1190523
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191790
   https://bugzilla.suse.com/1191851
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1191961
   https://bugzilla.suse.com/1191980
   https://bugzilla.suse.com/1192045
   https://bugzilla.suse.com/1192217
   https://bugzilla.suse.com/1192229
   https://bugzilla.suse.com/1192267
   https://bugzilla.suse.com/1192273
   https://bugzilla.suse.com/1192288
   https://bugzilla.suse.com/1192328
   https://bugzilla.suse.com/1192375
   https://bugzilla.suse.com/1192473
   https://bugzilla.suse.com/1192549
   https://bugzilla.suse.com/1192718
   https://bugzilla.suse.com/1192740
   https://bugzilla.suse.com/1192745
   https://bugzilla.suse.com/1192750
   https://bugzilla.suse.com/1192753
   https://bugzilla.suse.com/1192758
   https://bugzilla.suse.com/1192781
   https://bugzilla.suse.com/1192802
   https://bugzilla.suse.com/1192896
   https://bugzilla.suse.com/1192906
   https://bugzilla.suse.com/1192918


From sle-updates at lists.suse.com  Thu Nov 25 17:23:58 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 25 Nov 2021 18:23:58 +0100 (CET)
Subject: SUSE-SU-2021:3805-1: important: Security update for netcdf
Message-ID: <20211125172358.68E7DFD0A@maintenance.suse.de>


   SUSE Security Update: Security update for netcdf
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3805-1
Rating:             important
References:         #1191856 
Cross-References:   CVE-2019-20005 CVE-2019-20006 CVE-2019-20007
                    CVE-2019-20198 CVE-2019-20199 CVE-2019-20200
                    CVE-2019-20201 CVE-2019-20202 CVE-2021-26220
                    CVE-2021-26221 CVE-2021-26222 CVE-2021-30485
                    CVE-2021-31229 CVE-2021-31347 CVE-2021-31348
                    CVE-2021-31598
CVSS scores:
                    CVE-2019-20005 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20005 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20006 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2019-20006 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20007 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20007 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20198 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20198 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20199 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20199 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20200 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20200 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20201 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20201 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20202 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20202 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-26220 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-26221 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-26222 (SUSE): 6 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H
                    CVE-2021-30485 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-30485 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31229 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31347 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31348 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31348 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31598 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-31598 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Module for HPC 15-SP2
______________________________________________________________________________

   An update that fixes 16 vulnerabilities is now available.

Description:

   This update for netcdf fixes the following issues:

   - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006,
     CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200,
     CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485,
     CVE-2021-31229, CVE-2021-31347, CVE-2021-31348, CVE-2021-31598
     (bsc#1191856) Note:
      * CVE-2021-26220 https://sourceforge.net/p/ezxml/bugs/23 not relevant
        for netcdf: code isn't used.
      * CVE-2019-20005 https://sourceforge.net/p/ezxml/bugs/14 Issue cannot
        be reproduced and no patch is available upstream.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for HPC 15-SP2:

      zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2021-3805=1



Package List:

   - SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64):

      libnetcdf-gnu-hpc-4.7.3-3.7.2
      libnetcdf-gnu-mpich-hpc-4.7.3-3.7.2
      libnetcdf-gnu-mvapich2-hpc-4.7.3-3.7.2
      libnetcdf-gnu-openmpi2-hpc-4.7.3-3.7.2
      libnetcdf-gnu-openmpi3-hpc-4.7.3-3.7.2
      libnetcdf_4_7_3-gnu-hpc-4.7.3-3.7.2
      libnetcdf_4_7_3-gnu-hpc-debuginfo-4.7.3-3.7.2
      libnetcdf_4_7_3-gnu-mpich-hpc-4.7.3-3.7.2
      libnetcdf_4_7_3-gnu-mpich-hpc-debuginfo-4.7.3-3.7.2
      libnetcdf_4_7_3-gnu-mvapich2-hpc-4.7.3-3.7.2
      libnetcdf_4_7_3-gnu-mvapich2-hpc-debuginfo-4.7.3-3.7.2
      libnetcdf_4_7_3-gnu-openmpi2-hpc-4.7.3-3.7.2
      libnetcdf_4_7_3-gnu-openmpi2-hpc-debuginfo-4.7.3-3.7.2
      libnetcdf_4_7_3-gnu-openmpi3-hpc-4.7.3-3.7.2
      libnetcdf_4_7_3-gnu-openmpi3-hpc-debuginfo-4.7.3-3.7.2
      netcdf_4_7_3-gnu-hpc-4.7.3-3.7.2
      netcdf_4_7_3-gnu-hpc-debuginfo-4.7.3-3.7.2
      netcdf_4_7_3-gnu-hpc-debugsource-4.7.3-3.7.2
      netcdf_4_7_3-gnu-hpc-devel-4.7.3-3.7.2
      netcdf_4_7_3-gnu-hpc-devel-debuginfo-4.7.3-3.7.2
      netcdf_4_7_3-gnu-hpc-devel-static-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mpich-hpc-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mpich-hpc-debuginfo-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mpich-hpc-debugsource-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mpich-hpc-devel-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mpich-hpc-devel-debuginfo-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mpich-hpc-devel-static-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mvapich2-hpc-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mvapich2-hpc-debuginfo-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mvapich2-hpc-debugsource-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mvapich2-hpc-devel-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mvapich2-hpc-devel-debuginfo-4.7.3-3.7.2
      netcdf_4_7_3-gnu-mvapich2-hpc-devel-static-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi2-hpc-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi2-hpc-debuginfo-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi2-hpc-debugsource-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi2-hpc-devel-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi2-hpc-devel-debuginfo-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi2-hpc-devel-static-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi3-hpc-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi3-hpc-debuginfo-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi3-hpc-debugsource-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi3-hpc-devel-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi3-hpc-devel-debuginfo-4.7.3-3.7.2
      netcdf_4_7_3-gnu-openmpi3-hpc-devel-static-4.7.3-3.7.2

   - SUSE Linux Enterprise Module for HPC 15-SP2 (noarch):

      netcdf-gnu-hpc-4.7.3-3.7.2
      netcdf-gnu-hpc-devel-4.7.3-3.7.2
      netcdf-gnu-mpich-hpc-4.7.3-3.7.2
      netcdf-gnu-mpich-hpc-devel-4.7.3-3.7.2
      netcdf-gnu-mvapich2-hpc-4.7.3-3.7.2
      netcdf-gnu-mvapich2-hpc-devel-4.7.3-3.7.2
      netcdf-gnu-openmpi2-hpc-4.7.3-3.7.2
      netcdf-gnu-openmpi2-hpc-devel-4.7.3-3.7.2
      netcdf-gnu-openmpi3-hpc-4.7.3-3.7.2
      netcdf-gnu-openmpi3-hpc-devel-4.7.3-3.7.2


References:

   https://www.suse.com/security/cve/CVE-2019-20005.html
   https://www.suse.com/security/cve/CVE-2019-20006.html
   https://www.suse.com/security/cve/CVE-2019-20007.html
   https://www.suse.com/security/cve/CVE-2019-20198.html
   https://www.suse.com/security/cve/CVE-2019-20199.html
   https://www.suse.com/security/cve/CVE-2019-20200.html
   https://www.suse.com/security/cve/CVE-2019-20201.html
   https://www.suse.com/security/cve/CVE-2019-20202.html
   https://www.suse.com/security/cve/CVE-2021-26220.html
   https://www.suse.com/security/cve/CVE-2021-26221.html
   https://www.suse.com/security/cve/CVE-2021-26222.html
   https://www.suse.com/security/cve/CVE-2021-30485.html
   https://www.suse.com/security/cve/CVE-2021-31229.html
   https://www.suse.com/security/cve/CVE-2021-31347.html
   https://www.suse.com/security/cve/CVE-2021-31348.html
   https://www.suse.com/security/cve/CVE-2021-31598.html
   https://bugzilla.suse.com/1191856


From sle-updates at lists.suse.com  Thu Nov 25 17:25:31 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 25 Nov 2021 18:25:31 +0100 (CET)
Subject: SUSE-SU-2021:3804-1: important: Security update for netcdf
Message-ID: <20211125172531.17BE7FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for netcdf
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3804-1
Rating:             important
References:         #1191856 
Cross-References:   CVE-2019-20005 CVE-2019-20006 CVE-2019-20007
                    CVE-2019-20198 CVE-2019-20199 CVE-2019-20200
                    CVE-2019-20201 CVE-2019-20202 CVE-2021-26220
                    CVE-2021-26221 CVE-2021-26222 CVE-2021-30485
                    CVE-2021-31229 CVE-2021-31347 CVE-2021-31348
                    CVE-2021-31598
CVSS scores:
                    CVE-2019-20005 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20005 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20006 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2019-20006 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20007 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20007 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20198 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20198 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20199 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20199 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20200 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20200 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20201 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20201 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20202 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20202 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-26220 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-26221 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-26222 (SUSE): 6 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H
                    CVE-2021-30485 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-30485 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31229 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31347 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31348 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31348 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31598 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-31598 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

   An update that fixes 16 vulnerabilities is now available.

Description:

   This update for netcdf fixes the following issues:

   - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006,
     CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200,
     CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485,
     CVE-2021-31229, CVE-2021-31347, CVE-2021-31348, CVE-2021-31598
     (bsc#1191856) Note:
      * CVE-2021-26220 https://sourceforge.net/p/ezxml/bugs/23 not relevant
        for netcdf: code isn't used.
      * CVE-2019-20005 https://sourceforge.net/p/ezxml/bugs/14 Issue cannot
        be reproduced and no patch is available upstream.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3804=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3804=1



Package List:

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      libnetcdf-gnu-hpc-4.6.1-5.7.1
      libnetcdf-gnu-mpich-hpc-4.6.1-5.7.1
      libnetcdf-gnu-mvapich2-hpc-4.6.1-5.7.1
      libnetcdf-gnu-openmpi2-hpc-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-hpc-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-hpc-debuginfo-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-mpich-hpc-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-mpich-hpc-debuginfo-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-mvapich2-hpc-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-mvapich2-hpc-debuginfo-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-openmpi2-hpc-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-openmpi2-hpc-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-hpc-4.6.1-5.7.1
      netcdf_4_6_1-gnu-hpc-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-hpc-devel-4.6.1-5.7.1
      netcdf_4_6_1-gnu-hpc-devel-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-hpc-devel-static-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-debugsource-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-devel-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-devel-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-devel-static-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-debugsource-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-static-4.6.1-5.7.1
      netcdf_4_6_1-gnu-openmpi2-hpc-4.6.1-5.7.1
      netcdf_4_6_1-gnu-openmpi2-hpc-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-4.6.1-5.7.1
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-static-4.6.1-5.7.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      netcdf-gnu-hpc-4.6.1-5.7.1
      netcdf-gnu-hpc-devel-4.6.1-5.7.1
      netcdf-gnu-mpich-hpc-4.6.1-5.7.1
      netcdf-gnu-mpich-hpc-devel-4.6.1-5.7.1
      netcdf-gnu-mvapich2-hpc-4.6.1-5.7.1
      netcdf-gnu-mvapich2-hpc-devel-4.6.1-5.7.1
      netcdf-gnu-openmpi2-hpc-4.6.1-5.7.1
      netcdf-gnu-openmpi2-hpc-devel-4.6.1-5.7.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      libnetcdf-gnu-hpc-4.6.1-5.7.1
      libnetcdf-gnu-mpich-hpc-4.6.1-5.7.1
      libnetcdf-gnu-mvapich2-hpc-4.6.1-5.7.1
      libnetcdf-gnu-openmpi2-hpc-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-hpc-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-hpc-debuginfo-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-mpich-hpc-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-mpich-hpc-debuginfo-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-mvapich2-hpc-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-mvapich2-hpc-debuginfo-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-openmpi2-hpc-4.6.1-5.7.1
      libnetcdf_4_6_1-gnu-openmpi2-hpc-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-hpc-4.6.1-5.7.1
      netcdf_4_6_1-gnu-hpc-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-hpc-devel-4.6.1-5.7.1
      netcdf_4_6_1-gnu-hpc-devel-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-hpc-devel-static-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-debugsource-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-devel-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-devel-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mpich-hpc-devel-static-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-debugsource-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-static-4.6.1-5.7.1
      netcdf_4_6_1-gnu-openmpi2-hpc-4.6.1-5.7.1
      netcdf_4_6_1-gnu-openmpi2-hpc-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-4.6.1-5.7.1
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-debuginfo-4.6.1-5.7.1
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-static-4.6.1-5.7.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      netcdf-gnu-hpc-4.6.1-5.7.1
      netcdf-gnu-hpc-devel-4.6.1-5.7.1
      netcdf-gnu-mpich-hpc-4.6.1-5.7.1
      netcdf-gnu-mpich-hpc-devel-4.6.1-5.7.1
      netcdf-gnu-mvapich2-hpc-4.6.1-5.7.1
      netcdf-gnu-mvapich2-hpc-devel-4.6.1-5.7.1
      netcdf-gnu-openmpi2-hpc-4.6.1-5.7.1
      netcdf-gnu-openmpi2-hpc-devel-4.6.1-5.7.1


References:

   https://www.suse.com/security/cve/CVE-2019-20005.html
   https://www.suse.com/security/cve/CVE-2019-20006.html
   https://www.suse.com/security/cve/CVE-2019-20007.html
   https://www.suse.com/security/cve/CVE-2019-20198.html
   https://www.suse.com/security/cve/CVE-2019-20199.html
   https://www.suse.com/security/cve/CVE-2019-20200.html
   https://www.suse.com/security/cve/CVE-2019-20201.html
   https://www.suse.com/security/cve/CVE-2019-20202.html
   https://www.suse.com/security/cve/CVE-2021-26220.html
   https://www.suse.com/security/cve/CVE-2021-26221.html
   https://www.suse.com/security/cve/CVE-2021-26222.html
   https://www.suse.com/security/cve/CVE-2021-30485.html
   https://www.suse.com/security/cve/CVE-2021-31229.html
   https://www.suse.com/security/cve/CVE-2021-31347.html
   https://www.suse.com/security/cve/CVE-2021-31348.html
   https://www.suse.com/security/cve/CVE-2021-31598.html
   https://bugzilla.suse.com/1191856


From sle-updates at lists.suse.com  Thu Nov 25 17:33:48 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Thu, 25 Nov 2021 18:33:48 +0100 (CET)
Subject: SUSE-SU-2021:3807-1: important: Security update for the Linux Kernel
Message-ID: <20211125173348.DCF0DFD0A@maintenance.suse.de>


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3807-1
Rating:             important
References:         #1094840 #1152489 #1169263 #1170269 #1188601 
                    #1190523 #1190795 #1191628 #1191790 #1191851 
                    #1191958 #1191961 #1191980 #1192045 #1192229 
                    #1192267 #1192273 #1192328 #1192549 #1192718 
                    #1192740 #1192745 #1192750 #1192753 #1192781 
                    #1192802 #1192896 #1192906 #1192918 
Cross-References:   CVE-2021-0941 CVE-2021-20322 CVE-2021-31916
                    CVE-2021-34981 CVE-2021-37159 CVE-2021-43389
                   
CVSS scores:
                    CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
                    CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 15-SP2
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has 23 fixes is
   now available.

Description:



   The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - Unprivileged BPF has been disabled by default to reduce attack surface
     as too many security issues have happened in the past (jsc#SLE-22573)

     You can reenable via systemctl setting
   /proc/sys/kernel/unprivileged_bpf_disabled to 0.
   (kernel.unprivileged_bpf_disabled = 0)

   - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible
     out of bounds read due to a use after free. This could lead to local
     escalation of privilege with System execution privileges needed. User
     interaction is not needed for exploitation (bnc#1192045).
   - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in
     list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module
     in the Linux kernel A bound check failure allowed an attacker with
     special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds
     memory leading to a system crash or a leak of internal kernel
     information. The highest threat from this vulnerability is to system
     availability (bnc#1192781).
   - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less
     predictive to avoid information leaks about UDP ports in use.
     (bsc#1191790)
   - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device
     fails  (bsc#1191961).
   - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the
     detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
   - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called
     unregister_netdev without checking for the NETREG_REGISTERED state,
     leading to a use-after-free and a double free (bnc#1188601).

   The following non-security bugs were fixed:

   - ABI: sysfs-kernel-slab: Document some stats (git-fixes).
   - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes).
   - ALSA: ua101: fix division by zero at probe (git-fixes).
   - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes).
   - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table
     (git-fixes).
   - ASoC: cs42l42: Correct some register default values (git-fixes).
   - ASoC: cs42l42: Defer probe if request_threaded_irq() returns
     EPROBE_DEFER (git-fixes).
   - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes).
   - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes).
   - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
   - ASoC: rockchip: Use generic dmaengine code (git-fixes).
   - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes).
   - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes).
   - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
     (bsc#1152489).
   - Eradicate Patch-mainline: No The pre-commit check can reject this
     deprecated tag then.
   - Fix problem with missing installkernel on Tumbleweed.
   - HID: u2fzero: clarify error check and length calculations (git-fixes).
   - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes).
   - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918).
   - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980).
   - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set()
     (bsc#1169263).
   - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
   - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263).
   - PCI/ACPI: Move supported and control calculations to separate functions
     (bsc#1169263).
   - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS
     (bsc#1169263).
   - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
   - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).
   - PCI: aardvark: Do not spam about PIO Response Status (git-fixes).
   - PCI: aardvark: Do not unmask unused interrupts (git-fixes).
   - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes).
   - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes).
   - PCI: aardvark: Fix return value of MSI domain .alloc() method
     (git-fixes).
   - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).
   - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
   - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit
     operation (git-fixes).
   - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523
     ltc#194510).
   - Revert "platform/x86: i2c-multi-instantiate: Do not create platform
     device for INT3515 ACPI nodes" (git-fixes).
   - Revert "r8152: adjust the settings about MAC clock speed down for
     RTL8153" (git-fixes).
   - Revert "scsi: ufs: fix a missing check of devm_reset_control_get"
     (git-fixes).
   - Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes).
   - USB: iowarrior: fix control-message timeouts (git-fixes).
   - USB: serial: keyspan: fix memleak on probe errors (git-fixes).
   - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
   - Update
     patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch
     (bsc#1191628 bsc#1192549). dir_cookie is a pointer to the cookie in
     older kernels, not the cookie itself.
   - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes).
   - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
   - ath10k: fix control-message timeout (git-fixes).
   - ath10k: fix division by zero in send path (git-fixes).
   - ath10k: fix max antenna gain unit (git-fixes).
   - ath6kl: fix control-message timeout (git-fixes).
   - ath6kl: fix division by zero in send path (git-fixes).
   - ath9k: Fix potential interrupt storm on queue reset (git-fixes).
   - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
   - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes).
   - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
     (git-fixes).
   - b43: fix a lower bounds test (git-fixes).
   - b43legacy: fix a lower bounds test (git-fixes).
   - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573)
   - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
   - bpf: Fix potential race in tail call compatibility check (git-fixes).
   - btrfs: block-group: Rework documentation of check_system_chunk function
     (bsc#1192896).
   - btrfs: fix deadlock between chunk allocation and chunk btree
     modifications (bsc#1192896).
   - btrfs: fix memory ordering between normal and ordered work functions
     (git-fixes).
   - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896).
   - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
     (git-fixes).
   - config: disable unprivileged BPF by default (jsc#SLE-22573)
   - crypto: caam - disable pkc for non-E SoCs (git-fixes).
   - crypto: pcrypt - Delay write to padata->info (git-fixes).
   - crypto: qat - detect PFVF collision after ACK (git-fixes).
   - crypto: qat - disregard spurious PFVF interrupts (git-fixes).
   - driver core: add a min_align_mask field to struct device_dma_parameters
     (bsc#1191851).
   - drm/amdgpu: fix warning for overflow check (git-fixes).
   - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
   - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
   - drm/v3d: fix wait for TMU write combiner flush (git-fixes).
   - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
   - exfat: fix erroneous discard when clear cluster bit (git-fixes).
   - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes).
   - exfat: properly set s_time_gran (bsc#1192328).
   - exfat: truncate atimes to 2s granularity (bsc#1192328).
   - firmware/psci: fix application of sizeof to pointer (git-fixes).
   - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
   - fuse: fix page stealing (bsc#1192718).
   - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
   - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and
     avoid a leak (git-fixes).
   - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
   - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of
     lm25066_coeff (git-fixes).
   - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes).
   - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
   - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
   - ibmvnic: check failover_pending in login response (bsc#1190523
     ltc#194510).
   - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
   - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
   - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
   - kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
   - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
   - libertas: Fix possible memory leak in probe and disconnect (git-fixes).
   - libertas_tf: Fix possible memory leak in probe and disconnect
     (git-fixes).
   - media: TDA1997x: handle short reads of hdmi info frame (git-fixes).
   - media: cedrus: Fix SUNXI tile size calculation (git-fixes).
   - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
   - media: cxd2880-spi: Fix a null pointer dereference on error handling
     path (git-fixes).
   - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
     (git-fixes).
   - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
   - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes).
   - media: em28xx: add missing em28xx_close_extension (git-fixes).
   - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
   - media: ite-cir: IR receiver stop working after receive overflow
     (git-fixes).
   - media: mtk-vpu: Fix a resource leak in the error handling path of
     'mtk_vpu_probe()' (git-fixes).
   - media: mxl111sf: change mutex_init() location (git-fixes).
   - media: radio-wl1273: Avoid card name truncation (git-fixes).
   - media: si470x: Avoid card name truncation (git-fixes).
   - media: staging/intel-ipu3: css: Fix wrong size comparison
     imgu_css_fw_init (git-fixes).
   - media: tm6000: Avoid card name truncation (git-fixes).
   - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
   - media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
   - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
     (git-fixes).
   - memstick: avoid out-of-range warning (git-fixes).
   - memstick: jmb38x_ms: use appropriate free function in
     jmb38x_ms_alloc_host() (git-fixes).
   - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
   - mmc: mxs-mmc: disable regulator on error and in the remove function
     (git-fixes).
   - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not
     configured (git-fixes).
   - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes).
   - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes).
   - mwifiex: Send DELBA requests according to spec (git-fixes).
   - mwifiex: fix division by zero in fw download path (git-fixes).
   - net: dsa: felix: re-enable TX flow control in ocelot_port_flush()
     (git-fixes).
   - net: mscc: ocelot: fix hardware timestamp dequeue logic.
   - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb
     (git-fixes).
   - nvme-pci: set min_align_mask (bsc#1191851).
   - ocfs2: do not zero pages beyond i_size (bsc#1190795).
   - ocfs2: fix data corruption on truncate (bsc#1190795).
   - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes).
   - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
   - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
     (git-fixes).
   - power: supply: max17042_battery: Prevent int underflow in
     set_soc_threshold (git-fixes).
   - power: supply: max17042_battery: use VFSOC for capacity when no rsns
     (git-fixes).
   - printk/console: Allow to disable console output by using console="" or
     console=null (bsc#1192753).
   - printk: handle blank console arguments passed in (bsc#1192753).
   - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
   - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2
     (git-fixes).
   - r8152: Disable PLA MCU clock speed down (git-fixes).
   - r8152: add a helper function about setting EEE (git-fixes).
   - r8152: disable U2P3 for RTL8153B (git-fixes).
   - r8152: divide the tx and rx bottom functions (git-fixes).
   - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes).
   - r8152: fix runtime resume for linking change (git-fixes).
   - r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes).
   - r8152: replace array with linking list for rx information (git-fixes).
   - r8152: reset flow control patch when linking on for RTL8153B (git-fixes).
   - r8152: saving the settings of EEE (git-fixes).
   - r8152: separate the rx buffer size (git-fixes).
   - r8152: use alloc_pages for rx buffer (git-fixes).
   - regulator: dt-bindings: samsung,s5m8767: correct
     s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
   - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is
     disabled (git-fixes).
   - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
     (git-fixes).
   - rsi: Fix module dev_oper_mode parameter description (git-fixes).
   - rsi: fix control-message timeout (git-fixes).
   - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes).
   - rtl8187: fix control-message timeouts (git-fixes).
   - s390/qeth: Fix deadlock in remove_discipline (git-fixes).
   - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
   - s390/qeth: fix deadlock during failing recovery (git-fixes).
   - scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
   - scsi: FlashPoint: Rename si_flags field (git-fixes).
   - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
     (git-fixes).
   - scsi: core: Fix spelling in a source code comment (git-fixes).
   - scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
   - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
     (git-fixes).
   - scsi: dc395: Fix error case unwinding (git-fixes).
   - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes).
   - scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
   - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
   - scsi: mpt3sas: Fix error return value in _scsih_expander_add()
     (git-fixes).
   - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes).
   - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes).
   - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes).
   - scsi: qla2xxx: Fix a memory leak in an error path of
     qla2x00_process_els() (git-fixes).
   - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).
   - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
   - scsi: snic: Fix an error message (git-fixes).
   - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL
     (git-fixes).
   - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).
   - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
   - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes).
   - series.conf: cleanup
   - series.conf: cleanup
   - series.conf: whitespace and comment cleanup No effect on expanded tree.
   - staging: r8712u: fix control-message timeout (git-fixes).
   - staging: rtl8192u: fix control-message timeouts (git-fixes).
   - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt()
     (git-fixes).
   - swiotlb-xen: avoid double free (git-fixes).
   - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
   - swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
   - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
   - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single
     (bsc#1191851).
   - swiotlb: factor out a nr_slots helper (bsc#1191851).
   - swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
   - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
   - swiotlb: respect min_align_mask (bsc#1191851).
   - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes).
   - tracing/histogram: Do not copy the fixed-size char array field over the
     field size (git-fixes).
   - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker
     together (bsc#1192745).
   - tracing: use %ps format string to print symbols (git-fixes).
   - usb: gadget: hid: fix error code in do_config() (git-fixes).
   - usb: max-3421: Use driver data instead of maintaining a list of bound
     devices (git-fixes).
   - usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
   - usbnet: fix error return code in usbnet_probe() (git-fixes).
   - usbnet: sanity check for maxpacket (git-fixes).
   - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes).
   - virtio-gpu: fix possible memory allocation failure (git-fixes).
   - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's
     complement (git-fixes).
   - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
   - wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
   - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes).
   - x86/ioapic: Force affinity setup before startup (bsc#1152489).
   - x86/msi: Force affinity setup before startup (bsc#1152489).
   - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
     (bsc#1152489).
   - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes).
   - xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
   - xen/privcmd: fix error handling in mmap-resource processing (git-fixes).
   - xen/x86: fix PV trap handling on secondary processors (git-fixes).
   - xen: Fix implicit type conversion (git-fixes).
   - xfs: do not allow log writes if the data device is readonly
     (bsc#1192229).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-3807=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):

      kernel-devel-azure-5.3.18-18.75.1
      kernel-source-azure-5.3.18-18.75.1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64):

      kernel-azure-5.3.18-18.75.1
      kernel-azure-debuginfo-5.3.18-18.75.1
      kernel-azure-debugsource-5.3.18-18.75.1
      kernel-azure-devel-5.3.18-18.75.1
      kernel-azure-devel-debuginfo-5.3.18-18.75.1
      kernel-syms-azure-5.3.18-18.75.1


References:

   https://www.suse.com/security/cve/CVE-2021-0941.html
   https://www.suse.com/security/cve/CVE-2021-20322.html
   https://www.suse.com/security/cve/CVE-2021-31916.html
   https://www.suse.com/security/cve/CVE-2021-34981.html
   https://www.suse.com/security/cve/CVE-2021-37159.html
   https://www.suse.com/security/cve/CVE-2021-43389.html
   https://bugzilla.suse.com/1094840
   https://bugzilla.suse.com/1152489
   https://bugzilla.suse.com/1169263
   https://bugzilla.suse.com/1170269
   https://bugzilla.suse.com/1188601
   https://bugzilla.suse.com/1190523
   https://bugzilla.suse.com/1190795
   https://bugzilla.suse.com/1191628
   https://bugzilla.suse.com/1191790
   https://bugzilla.suse.com/1191851
   https://bugzilla.suse.com/1191958
   https://bugzilla.suse.com/1191961
   https://bugzilla.suse.com/1191980
   https://bugzilla.suse.com/1192045
   https://bugzilla.suse.com/1192229
   https://bugzilla.suse.com/1192267
   https://bugzilla.suse.com/1192273
   https://bugzilla.suse.com/1192328
   https://bugzilla.suse.com/1192549
   https://bugzilla.suse.com/1192718
   https://bugzilla.suse.com/1192740
   https://bugzilla.suse.com/1192745
   https://bugzilla.suse.com/1192750
   https://bugzilla.suse.com/1192753
   https://bugzilla.suse.com/1192781
   https://bugzilla.suse.com/1192802
   https://bugzilla.suse.com/1192896
   https://bugzilla.suse.com/1192906
   https://bugzilla.suse.com/1192918


From sle-updates at lists.suse.com  Fri Nov 26 05:17:49 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 26 Nov 2021 06:17:49 +0100 (CET)
Subject: SUSE-RU-2021:3808-1: moderate: Recommended update for systemd
Message-ID: <20211126051749.9D62EFD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for systemd
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3808-1
Rating:             moderate
References:         #1186071 #1190440 #1190984 #1192161 SLE-17798 
                    SLE-21032 SLE-21694 
Affected Products:
                    SUSE MicroOS 5.1
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that has four recommended fixes and contains
   three features can now be installed.

Description:

   This update for systemd fixes the following issues:

   - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798)
   - Fix fd_is_mount_point() when both the parent and directory are network
     file systems (bsc#1190984)
   - Support detection for ARM64 Hyper-V guests (bsc#1186071)
   - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance
     (bsc#1190440)
   - Enable support for Portable Services in openSUSE Leap only
     (jsc#SLE-21694)
   - Fix IO scheduler udev rules to address performance issues
     (jsc#SLE-21032, bsc#1192161)


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE MicroOS 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3808=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3808=1



Package List:

   - SUSE MicroOS 5.1 (aarch64 s390x x86_64):

      libsystemd0-246.16-7.21.1
      libsystemd0-debuginfo-246.16-7.21.1
      libudev1-246.16-7.21.1
      libudev1-debuginfo-246.16-7.21.1
      systemd-246.16-7.21.1
      systemd-container-246.16-7.21.1
      systemd-container-debuginfo-246.16-7.21.1
      systemd-debuginfo-246.16-7.21.1
      systemd-debugsource-246.16-7.21.1
      systemd-journal-remote-246.16-7.21.1
      systemd-journal-remote-debuginfo-246.16-7.21.1
      systemd-sysvinit-246.16-7.21.1
      udev-246.16-7.21.1
      udev-debuginfo-246.16-7.21.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      libsystemd0-246.16-7.21.1
      libsystemd0-debuginfo-246.16-7.21.1
      libudev-devel-246.16-7.21.1
      libudev1-246.16-7.21.1
      libudev1-debuginfo-246.16-7.21.1
      systemd-246.16-7.21.1
      systemd-container-246.16-7.21.1
      systemd-container-debuginfo-246.16-7.21.1
      systemd-coredump-246.16-7.21.1
      systemd-coredump-debuginfo-246.16-7.21.1
      systemd-debuginfo-246.16-7.21.1
      systemd-debugsource-246.16-7.21.1
      systemd-devel-246.16-7.21.1
      systemd-doc-246.16-7.21.1
      systemd-journal-remote-246.16-7.21.1
      systemd-journal-remote-debuginfo-246.16-7.21.1
      systemd-sysvinit-246.16-7.21.1
      udev-246.16-7.21.1
      udev-debuginfo-246.16-7.21.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      systemd-lang-246.16-7.21.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):

      libsystemd0-32bit-246.16-7.21.1
      libsystemd0-32bit-debuginfo-246.16-7.21.1
      libudev1-32bit-246.16-7.21.1
      libudev1-32bit-debuginfo-246.16-7.21.1
      systemd-32bit-246.16-7.21.1
      systemd-32bit-debuginfo-246.16-7.21.1


References:

   https://bugzilla.suse.com/1186071
   https://bugzilla.suse.com/1190440
   https://bugzilla.suse.com/1190984
   https://bugzilla.suse.com/1192161


From sle-updates at lists.suse.com  Fri Nov 26 05:19:39 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 26 Nov 2021 06:19:39 +0100 (CET)
Subject: SUSE-RU-2021:3809-1: moderate: Recommended update for systemd
Message-ID: <20211126051939.E3137FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for systemd
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3809-1
Rating:             moderate
References:         #1189803 #1190325 #1190440 #1190984 #1191252 
                    #1192161 SLE-18102 SLE-18103 SLE-21032 SLE-21862 
                    
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15-SP1
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-SP1-LTSS
                    SUSE Linux Enterprise Server 15-SP1-BCL
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise Installer 15-SP1
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Enterprise Storage 6
                    SUSE CaaS Platform 4.0
______________________________________________________________________________

   An update that has 6 recommended fixes and contains four
   features can now be installed.

Description:

   This update for systemd fixes the following issues:

   - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862,
     jsc#SLE-18102, jsc#SLE-18103)
   - Fix IO scheduler udev rules to address performance issues
     (jsc#SLE-21032, bsc#1192161)
   - shutdown: Reduce log level of unmounts (bsc#1191252)
   - pid1: make use of new "prohibit_ipc" logging flag in PID 1 (bsc#1189803)
   - core: rework how we connect to the bus (bsc#1190325)
   - mount-util: fix fd_is_mount_point() when both the parent and directory
     are network fs (bsc#1190984)
   - virt: detect Amazon EC2 Nitro instance (bsc#1190440)
   - Several fixes for umount
   - busctl: use usec granularity for the timestamp printed by the busctl
     monitor command
   - fix unitialized fields in MountPoint in dm_list_get()
   - shutdown: explicitly set a log target
   - mount-util: add mount_option_mangle()
   - dissect: automatically mark partitions read-only that have a read-only
     file system
   - build-sys: require proper libmount version
   - systemd-shutdown: use log_set_prohibit_ipc(true)
   - rationalize interface for opening/closing logging
   - pid1: when we can't log to journal, remember our fallback log target
   - log: remove LOG_TARGET_SAFE pseudo log target
   - log: add brief comment for log_set_open_when_needed() and
     log_set_always_reopen_console()
   - log: add new "prohibit_ipc" flag to logging system
   - log: make log_set_upgrade_syslog_to_journal() take effect immediately
   - dbus: split up bus_done() into seperate functions
   - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
   - virt: if we detect Xen by DMI, trust that over CPUID


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15-SP1:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3809=1

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3809=1

   - SUSE Linux Enterprise Server 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3809=1

   - SUSE Linux Enterprise Server 15-SP1-BCL:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3809=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3809=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3809=1

   - SUSE Linux Enterprise Installer 15-SP1:

      zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-3809=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3809=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3809=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3809=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3809=1

   - SUSE Enterprise Storage 6:

      zypper in -t patch SUSE-Storage-6-2021-3809=1

   - SUSE CaaS Platform 4.0:

      To install this update, use the SUSE CaaS Platform 'skuba' tool. It
      will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):

      libsystemd0-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):

      libsystemd0-32bit-234-24.99.1
      libsystemd0-32bit-debuginfo-234-24.99.1
      libudev1-32bit-234-24.99.1
      libudev1-32bit-debuginfo-234-24.99.1
      systemd-32bit-234-24.99.1
      systemd-32bit-debuginfo-234-24.99.1

   - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      libsystemd0-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE Linux Enterprise Server for SAP 15 (x86_64):

      libsystemd0-32bit-234-24.99.1
      libsystemd0-32bit-debuginfo-234-24.99.1
      libudev1-32bit-234-24.99.1
      libudev1-32bit-debuginfo-234-24.99.1
      systemd-32bit-234-24.99.1
      systemd-32bit-debuginfo-234-24.99.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):

      libsystemd0-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):

      libsystemd0-32bit-234-24.99.1
      libsystemd0-32bit-debuginfo-234-24.99.1
      libudev1-32bit-234-24.99.1
      libudev1-32bit-debuginfo-234-24.99.1
      systemd-32bit-234-24.99.1
      systemd-32bit-debuginfo-234-24.99.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):

      libsystemd0-234-24.99.1
      libsystemd0-32bit-234-24.99.1
      libsystemd0-32bit-debuginfo-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-32bit-234-24.99.1
      libudev1-32bit-debuginfo-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-32bit-234-24.99.1
      systemd-32bit-debuginfo-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1

   - SUSE Linux Enterprise Server 15-SP1-BCL (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      libsystemd0-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      libsystemd0-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64):

      libsystemd0-32bit-234-24.99.1
      libsystemd0-32bit-debuginfo-234-24.99.1
      libudev1-32bit-234-24.99.1
      libudev1-32bit-debuginfo-234-24.99.1
      systemd-32bit-234-24.99.1
      systemd-32bit-debuginfo-234-24.99.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64):

      libudev1-234-24.99.1
      systemd-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      libsystemd0-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):

      libsystemd0-32bit-234-24.99.1
      libsystemd0-32bit-debuginfo-234-24.99.1
      libudev1-32bit-234-24.99.1
      libudev1-32bit-debuginfo-234-24.99.1
      systemd-32bit-234-24.99.1
      systemd-32bit-debuginfo-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      libsystemd0-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):

      libsystemd0-32bit-234-24.99.1
      libsystemd0-32bit-debuginfo-234-24.99.1
      libudev1-32bit-234-24.99.1
      libudev1-32bit-debuginfo-234-24.99.1
      systemd-32bit-234-24.99.1
      systemd-32bit-debuginfo-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      libsystemd0-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):

      libsystemd0-32bit-234-24.99.1
      libsystemd0-32bit-debuginfo-234-24.99.1
      libudev1-32bit-234-24.99.1
      libudev1-32bit-debuginfo-234-24.99.1
      systemd-32bit-234-24.99.1
      systemd-32bit-debuginfo-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      libsystemd0-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):

      libsystemd0-32bit-234-24.99.1
      libsystemd0-32bit-debuginfo-234-24.99.1
      libudev1-32bit-234-24.99.1
      libudev1-32bit-debuginfo-234-24.99.1
      systemd-32bit-234-24.99.1
      systemd-32bit-debuginfo-234-24.99.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE Enterprise Storage 6 (aarch64 x86_64):

      libsystemd0-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1

   - SUSE Enterprise Storage 6 (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE Enterprise Storage 6 (x86_64):

      libsystemd0-32bit-234-24.99.1
      libsystemd0-32bit-debuginfo-234-24.99.1
      libudev1-32bit-234-24.99.1
      libudev1-32bit-debuginfo-234-24.99.1
      systemd-32bit-234-24.99.1
      systemd-32bit-debuginfo-234-24.99.1

   - SUSE CaaS Platform 4.0 (noarch):

      systemd-bash-completion-234-24.99.1

   - SUSE CaaS Platform 4.0 (x86_64):

      libsystemd0-234-24.99.1
      libsystemd0-32bit-234-24.99.1
      libsystemd0-32bit-debuginfo-234-24.99.1
      libsystemd0-debuginfo-234-24.99.1
      libudev-devel-234-24.99.1
      libudev1-234-24.99.1
      libudev1-32bit-234-24.99.1
      libudev1-32bit-debuginfo-234-24.99.1
      libudev1-debuginfo-234-24.99.1
      systemd-234-24.99.1
      systemd-32bit-234-24.99.1
      systemd-32bit-debuginfo-234-24.99.1
      systemd-container-234-24.99.1
      systemd-container-debuginfo-234-24.99.1
      systemd-coredump-234-24.99.1
      systemd-coredump-debuginfo-234-24.99.1
      systemd-debuginfo-234-24.99.1
      systemd-debugsource-234-24.99.1
      systemd-devel-234-24.99.1
      systemd-sysvinit-234-24.99.1
      udev-234-24.99.1
      udev-debuginfo-234-24.99.1


References:

   https://bugzilla.suse.com/1189803
   https://bugzilla.suse.com/1190325
   https://bugzilla.suse.com/1190440
   https://bugzilla.suse.com/1190984
   https://bugzilla.suse.com/1191252
   https://bugzilla.suse.com/1192161


From sle-updates at lists.suse.com  Fri Nov 26 07:49:21 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 26 Nov 2021 08:49:21 +0100 (CET)
Subject: SUSE-CU-2021:523-1: Recommended update of suse/sle15
Message-ID: <20211126074921.33FA6FD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:523-1
Container Tags        : suse/sle15:15.0 , suse/sle15:15.0.4.22.478
Container Release     : 4.22.478
Severity              : moderate
Type                  : recommended
References            : 1153687 1182372 1183268 1183589 1184326 1184399 1184997 1185325
                        1186447 1186503 1186602 1187153 1187224 1187273 1187425 1187466
                        1187738 1187760 1188156 1188435 1188623 1189031 1190059 1190199
                        1190356 1190465 1190712 1190815 1191286 1191324 1191370 1191609
                        1192337 1192436 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:305-1
Released:    Thu Feb  4 15:00:37 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate
References:  

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the base products. (jsc#ECO-2911)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3780-1
Released:    Tue Nov 23 23:48:27 2021
Summary:     Recommended update for libzypp, zypper, libsolv
Type:        recommended
Severity:    moderate
References:  1153687,1182372,1183268,1183589,1184326,1184399,1184997,1185325,1186447,1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190356,1190465,1190712,1190815,1191286,1191324,1191370,1191609,1192337,1192436
This update for libzypp, zypper and libsolv fixes the following issues:

- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- May set techpreview variables for testing in /etc/zypp/zypp.conf.
- If environment variables are unhandy one may enable the desired techpreview in zypp.conf
- CMake/spec: Add option to force SINGLE_RPMTRANS as default for zypper.
- Make sure singleTrans is zypper-only for now.
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Fix solver jobs for PTFs (bsc#1186503)
- spec: switch to pkgconfig(openssl)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Implement alternative single transaction commit strategy.
- Use ZYPP_MEDIANETWORK=1 to enable the experimental new media backend.
- Implement zchunk download, refactor Downloader backend.
- Fix purge-kernels fails (bsc#1187738)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Fix typo in German translations.
- Support new reports for singletrans rpm commit.
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Install summary: Show new and removed packages closer to the prompt.
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Add comment option for lock command.
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Let a patch's reboot-needed flag overrule included packages. (bsc#1183268)
- Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS' (bsc#1153687)
- Protect against strict/relaxed user umask via sudo (bsc#1183589)
- zypper-log: protect against thread name indicators in a log.
- xml summary: add solvables repository alias. (bsc#1182372)
- Fix service detection with cgroupv2 (bsc#1184997)
- Fix purge-kernels is broken in Leap 15.3 (bsc#1185325)
- Allow trusted repos to add additional signing keys (bsc#1184326)
- Let negative values wait forever for the zypp lock (bsc#1184399)
- Link all executables with -pie (bsc#1186447)
- Ship an empty /etc/zypp/needreboot per default (jsc#PM-2645)
- choice rules: treat orphaned packages as newest (bc#1190465)
- Consolidate reboot-recommendations across tools and stop using /etc/zypp/needreboot (jsc#-SLE-18858)
- Disable logger in the child after fork (bsc#1192436)
- Check log writer before accessing it (bsc#1192337)
- Allow uname-r format in purge kernels keepspec
- zypper should keep cached files if transaction is aborted (bsc#1190356)
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324)
- Fix translations (bsc#1191370)
- RepoManager: Don't probe for plaindir repo if URL schema is plugin (bsc#1191286)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3799-1
Released:    Wed Nov 24 18:07:54 2021
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1187153,1187273,1188623
This update for gcc11 fixes the following issues:

The additional GNU compiler collection GCC 11 is provided:

To select these compilers install the packages:

- gcc11
- gcc-c++11
- and others with 11 prefix.

to select them for building:

- CC='gcc-11'
- CXX='g++-11'

The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.


The following package changes have been done:

- libgcc_s1-11.2.1+git610-1.3.9 updated
- libprotobuf-lite15-3.5.0-5.2.1 added
- libsolv-tools-0.7.20-3.48.1 updated
- libstdc++6-11.2.1+git610-1.3.9 updated
- libzypp-17.28.8-3.78.1 updated
- zypper-1.14.50-3.60.1 updated

From sle-updates at lists.suse.com  Fri Nov 26 07:49:33 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 26 Nov 2021 08:49:33 +0100 (CET)
Subject: SUSE-CU-2021:524-1: Recommended update of suse/sle15
Message-ID: <20211126074933.58E87FD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:524-1
Container Tags        : suse/sle15:15.0 , suse/sle15:15.0.4.22.479
Container Release     : 4.22.479
Severity              : moderate
Type                  : recommended
References            : 1189803 1190325 1190440 1190984 1191252 1192161 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3809-1
Released:    Fri Nov 26 00:31:59 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1189803,1190325,1190440,1190984,1191252,1192161
This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)
- shutdown: Reduce log level of unmounts (bsc#1191252)
- pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803)
- core: rework how we connect to the bus (bsc#1190325)
- mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
- virt: detect Amazon EC2 Nitro instance (bsc#1190440)
- Several fixes for umount
- busctl: use usec granularity for the timestamp printed by the busctl monitor command
- fix unitialized fields in MountPoint in dm_list_get()
- shutdown: explicitly set a log target
- mount-util: add mount_option_mangle()
- dissect: automatically mark partitions read-only that have a read-only file system
- build-sys: require proper libmount version
- systemd-shutdown: use log_set_prohibit_ipc(true)
- rationalize interface for opening/closing logging
- pid1: when we can't log to journal, remember our fallback log target
- log: remove LOG_TARGET_SAFE pseudo log target
- log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console()
- log: add new 'prohibit_ipc' flag to logging system
- log: make log_set_upgrade_syslog_to_journal() take effect immediately
- dbus: split up bus_done() into seperate functions
- machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
- virt: if we detect Xen by DMI, trust that over CPUID


The following package changes have been done:

- libsystemd0-234-24.99.1 updated
- libudev1-234-24.99.1 updated

From sle-updates at lists.suse.com  Fri Nov 26 08:03:10 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 26 Nov 2021 09:03:10 +0100 (CET)
Subject: SUSE-CU-2021:525-1: Recommended update of suse/sle15
Message-ID: <20211126080310.3DB6CFD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:525-1
Container Tags        : suse/sle15:15.2 , suse/sle15:15.2.9.5.50
Container Release     : 9.5.50
Severity              : moderate
Type                  : recommended
References            : 1187153 1187273 1188623 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3799-1
Released:    Wed Nov 24 18:07:54 2021
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1187153,1187273,1188623
This update for gcc11 fixes the following issues:

The additional GNU compiler collection GCC 11 is provided:

To select these compilers install the packages:

- gcc11
- gcc-c++11
- and others with 11 prefix.

to select them for building:

- CC='gcc-11'
- CXX='g++-11'

The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.


The following package changes have been done:

- libgcc_s1-11.2.1+git610-1.3.9 updated
- libstdc++6-11.2.1+git610-1.3.9 updated

From sle-updates at lists.suse.com  Fri Nov 26 08:03:19 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 26 Nov 2021 09:03:19 +0100 (CET)
Subject: SUSE-CU-2021:526-1: Recommended update of suse/sle15
Message-ID: <20211126080319.96A8DFD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:526-1
Container Tags        : suse/sle15:15.2 , suse/sle15:15.2.9.5.51
Container Release     : 9.5.51
Severity              : moderate
Type                  : recommended
References            : 1189803 1190325 1190440 1190984 1191252 1192161 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3809-1
Released:    Fri Nov 26 00:31:59 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1189803,1190325,1190440,1190984,1191252,1192161
This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)
- shutdown: Reduce log level of unmounts (bsc#1191252)
- pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803)
- core: rework how we connect to the bus (bsc#1190325)
- mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
- virt: detect Amazon EC2 Nitro instance (bsc#1190440)
- Several fixes for umount
- busctl: use usec granularity for the timestamp printed by the busctl monitor command
- fix unitialized fields in MountPoint in dm_list_get()
- shutdown: explicitly set a log target
- mount-util: add mount_option_mangle()
- dissect: automatically mark partitions read-only that have a read-only file system
- build-sys: require proper libmount version
- systemd-shutdown: use log_set_prohibit_ipc(true)
- rationalize interface for opening/closing logging
- pid1: when we can't log to journal, remember our fallback log target
- log: remove LOG_TARGET_SAFE pseudo log target
- log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console()
- log: add new 'prohibit_ipc' flag to logging system
- log: make log_set_upgrade_syslog_to_journal() take effect immediately
- dbus: split up bus_done() into seperate functions
- machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
- virt: if we detect Xen by DMI, trust that over CPUID


The following package changes have been done:

- libsystemd0-234-24.99.1 updated
- libudev1-234-24.99.1 updated

From sle-updates at lists.suse.com  Fri Nov 26 08:09:38 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Fri, 26 Nov 2021 09:09:38 +0100 (CET)
Subject: SUSE-CU-2021:527-1: Recommended update of suse/sle15
Message-ID: <20211126080938.759D9FD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:527-1
Container Tags        : suse/sle15:15.3 , suse/sle15:15.3.17.8.36
Container Release     : 17.8.36
Severity              : important
Type                  : recommended
References            : 1186071 1187153 1187273 1188623 1190440 1190984 1192160 1192161
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3786-1
Released:    Wed Nov 24 05:59:13 2021
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    important
References:  1192160
This update for rpm-config-SUSE fixes the following issues:

- Add support for the kernel xz-compressed firmware files (bsc#1192160)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3799-1
Released:    Wed Nov 24 18:07:54 2021
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1187153,1187273,1188623
This update for gcc11 fixes the following issues:

The additional GNU compiler collection GCC 11 is provided:

To select these compilers install the packages:

- gcc11
- gcc-c++11
- and others with 11 prefix.

to select them for building:

- CC='gcc-11'
- CXX='g++-11'

The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3808-1
Released:    Fri Nov 26 00:30:54 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1186071,1190440,1190984,1192161
This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798)
- Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984)
- Support detection for ARM64 Hyper-V guests (bsc#1186071)
- Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440)
- Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)


The following package changes have been done:

- libgcc_s1-11.2.1+git610-1.3.9 updated
- libstdc++6-11.2.1+git610-1.3.9 updated
- libsystemd0-246.16-7.21.1 updated
- libudev1-246.16-7.21.1 updated
- rpm-config-SUSE-1-5.6.1 updated

From sle-updates at lists.suse.com  Sat Nov 27 07:46:08 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Sat, 27 Nov 2021 08:46:08 +0100 (CET)
Subject: SUSE-CU-2021:529-1: Recommended update of suse/sle15
Message-ID: <20211127074608.2281CFD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:529-1
Container Tags        : suse/sle15:15.1 , suse/sle15:15.1.6.2.534
Container Release     : 6.2.534
Severity              : moderate
Type                  : recommended
References            : 1189803 1190325 1190440 1190984 1191252 1192161 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3809-1
Released:    Fri Nov 26 00:31:59 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1189803,1190325,1190440,1190984,1191252,1192161
This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)
- shutdown: Reduce log level of unmounts (bsc#1191252)
- pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803)
- core: rework how we connect to the bus (bsc#1190325)
- mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
- virt: detect Amazon EC2 Nitro instance (bsc#1190440)
- Several fixes for umount
- busctl: use usec granularity for the timestamp printed by the busctl monitor command
- fix unitialized fields in MountPoint in dm_list_get()
- shutdown: explicitly set a log target
- mount-util: add mount_option_mangle()
- dissect: automatically mark partitions read-only that have a read-only file system
- build-sys: require proper libmount version
- systemd-shutdown: use log_set_prohibit_ipc(true)
- rationalize interface for opening/closing logging
- pid1: when we can't log to journal, remember our fallback log target
- log: remove LOG_TARGET_SAFE pseudo log target
- log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console()
- log: add new 'prohibit_ipc' flag to logging system
- log: make log_set_upgrade_syslog_to_journal() take effect immediately
- dbus: split up bus_done() into seperate functions
- machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
- virt: if we detect Xen by DMI, trust that over CPUID


The following package changes have been done:

- libsystemd0-234-24.99.1 updated
- libudev1-234-24.99.1 updated

From sle-updates at lists.suse.com  Sat Nov 27 20:17:33 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Sat, 27 Nov 2021 21:17:33 +0100 (CET)
Subject: SUSE-RU-2021:3811-1: moderate: Recommended update for permissions
Message-ID: <20211127201733.B35F3FD0A@maintenance.suse.de>


   SUSE Recommended Update: Recommended update for permissions
______________________________________________________________________________

Announcement ID:    SUSE-RU-2021:3811-1
Rating:             moderate
References:         #1191194 
Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud 9
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE Linux Enterprise Server 12-SP4-LTSS
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for permissions fixes the following issues:

   - Update to version 20170707:

   * add capability for prometheus-blackbox_exporter (bsc#1191194)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3811=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3811=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3811=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3811=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      permissions-20170707-3.30.1
      permissions-debuginfo-20170707-3.30.1
      permissions-debugsource-20170707-3.30.1

   - SUSE OpenStack Cloud 9 (x86_64):

      permissions-20170707-3.30.1
      permissions-debuginfo-20170707-3.30.1
      permissions-debugsource-20170707-3.30.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      permissions-20170707-3.30.1
      permissions-debuginfo-20170707-3.30.1
      permissions-debugsource-20170707-3.30.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      permissions-20170707-3.30.1
      permissions-debuginfo-20170707-3.30.1
      permissions-debugsource-20170707-3.30.1


References:

   https://bugzilla.suse.com/1191194


From sle-updates at lists.suse.com  Sun Nov 28 07:43:57 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Sun, 28 Nov 2021 08:43:57 +0100 (CET)
Subject: SUSE-CU-2021:530-1: Recommended update of suse/sles12sp4
Message-ID: <20211128074357.B35F2FD0A@maintenance.suse.de>

SUSE Container Update Advisory: suse/sles12sp4
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:530-1
Container Tags        : suse/sles12sp4:26.378 , suse/sles12sp4:latest
Container Release     : 26.378
Severity              : moderate
Type                  : recommended
References            : 1191194 
-----------------------------------------------------------------

The container suse/sles12sp4 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3811-1
Released:    Sat Nov 27 16:01:16 2021
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1191194
This update for permissions fixes the following issues:

- Update to version 20170707:

* add capability for prometheus-blackbox_exporter (bsc#1191194)


The following package changes have been done:

- base-container-licenses-3.0-1.251 updated
- permissions-20170707-3.30.1 updated

From sle-updates at lists.suse.com  Mon Nov 29 14:17:50 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 29 Nov 2021 15:17:50 +0100 (CET)
Subject: SUSE-SU-2021:3813-1: moderate: Security update for xen
Message-ID: <20211129141750.69814FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3813-1
Rating:             moderate
References:         #1192554 #1192557 #1192559 
Cross-References:   CVE-2021-28704 CVE-2021-28705 CVE-2021-28706
                    CVE-2021-28707 CVE-2021-28708 CVE-2021-28709
                   
CVSS scores:
                    CVE-2021-28704 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28707 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28708 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available.

Description:

   This update for xen fixes the following issues:

   - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on
     misaligned GFNs (XSA-388) (bsc#1192557).
   - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful
     P2M updates on x86 (XSA-389) (bsc#1192559).
   - CVE-2021-28706: Fixed guests may exceed their designated memory limit
     (XSA-385) (bsc#1192554).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3813=1



Package List:

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      xen-4.7.6_18-43.82.1
      xen-debugsource-4.7.6_18-43.82.1
      xen-doc-html-4.7.6_18-43.82.1
      xen-libs-32bit-4.7.6_18-43.82.1
      xen-libs-4.7.6_18-43.82.1
      xen-libs-debuginfo-32bit-4.7.6_18-43.82.1
      xen-libs-debuginfo-4.7.6_18-43.82.1
      xen-tools-4.7.6_18-43.82.1
      xen-tools-debuginfo-4.7.6_18-43.82.1
      xen-tools-domU-4.7.6_18-43.82.1
      xen-tools-domU-debuginfo-4.7.6_18-43.82.1


References:

   https://www.suse.com/security/cve/CVE-2021-28704.html
   https://www.suse.com/security/cve/CVE-2021-28705.html
   https://www.suse.com/security/cve/CVE-2021-28706.html
   https://www.suse.com/security/cve/CVE-2021-28707.html
   https://www.suse.com/security/cve/CVE-2021-28708.html
   https://www.suse.com/security/cve/CVE-2021-28709.html
   https://bugzilla.suse.com/1192554
   https://bugzilla.suse.com/1192557
   https://bugzilla.suse.com/1192559


From sle-updates at lists.suse.com  Mon Nov 29 17:17:53 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Mon, 29 Nov 2021 18:17:53 +0100 (CET)
Subject: SUSE-SU-2021:3814-1: important: Security update for python-Pygments
Message-ID: <20211129171753.6630FFD0A@maintenance.suse.de>


   SUSE Security Update: Security update for python-Pygments
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3814-1
Rating:             important
References:         #1184812 
Cross-References:   CVE-2021-27291
CVSS scores:
                    CVE-2021-27291 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-27291 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for python-Pygments fixes the following issues:

   - CVE-2021-27291: Fixed ReDoS via crafted malicious input (bsc#1184812).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-3814=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 12 (noarch):

      python-Pygments-2.4.2-10.7.1
      python3-Pygments-2.4.2-10.7.1


References:

   https://www.suse.com/security/cve/CVE-2021-27291.html
   https://bugzilla.suse.com/1184812


From sle-updates at lists.suse.com  Tue Nov 30 14:17:23 2021
From: sle-updates at lists.suse.com (sle-updates at lists.suse.com)
Date: Tue, 30 Nov 2021 15:17:23 +0100 (CET)
Subject: SUSE-SU-2021:3815-1: important: Security update for netcdf
Message-ID: <20211130141723.94716FD0A@maintenance.suse.de>


   SUSE Security Update: Security update for netcdf
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:3815-1
Rating:             important
References:         #1191856 
Cross-References:   CVE-2019-20005 CVE-2019-20006 CVE-2019-20007
                    CVE-2019-20198 CVE-2019-20199 CVE-2019-20200
                    CVE-2019-20201 CVE-2019-20202 CVE-2021-26220
                    CVE-2021-26221 CVE-2021-26222 CVE-2021-30485
                    CVE-2021-31229 CVE-2021-31347 CVE-2021-31348
                    CVE-2021-31598
CVSS scores:
                    CVE-2019-20005 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20005 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20006 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2019-20006 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20007 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20007 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20198 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20198 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20199 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20199 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20200 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20200 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20201 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20201 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20202 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2019-20202 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-26220 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-26221 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-26222 (SUSE): 6 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H
                    CVE-2021-30485 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-30485 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31229 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31347 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31348 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31348 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-31598 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-31598 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
______________________________________________________________________________

   An update that fixes 16 vulnerabilities is now available.

Description:

   This update for netcdf fixes the following issues:

   - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006,
     CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200,
     CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485,
     CVE-2021-31229, CVE-2021-31347, CVE-2021-31348, CVE-2021-31598
     (bsc#1191856) Note:
      * CVE-2021-26220 https://sourceforge.net/p/ezxml/bugs/23 not relevant
        for netcdf: code isn't used.
      * CVE-2019-20005 https://sourceforge.net/p/ezxml/bugs/14 Issue cannot
        be reproduced and no patch is available upstream.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3815=1

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3815=1



Package List:

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):

      libnetcdf-gnu-hpc-4.6.1-10.7.2
      libnetcdf-gnu-mpich-hpc-4.6.1-10.7.2
      libnetcdf-gnu-mvapich2-hpc-4.6.1-10.7.2
      libnetcdf-gnu-openmpi2-hpc-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-hpc-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-hpc-debuginfo-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-mpich-hpc-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-mpich-hpc-debuginfo-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-mvapich2-hpc-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-mvapich2-hpc-debuginfo-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-openmpi2-hpc-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-openmpi2-hpc-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-hpc-4.6.1-10.7.2
      netcdf_4_6_1-gnu-hpc-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-hpc-devel-4.6.1-10.7.2
      netcdf_4_6_1-gnu-hpc-devel-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-hpc-devel-static-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-debugsource-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-devel-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-devel-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-devel-static-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-debugsource-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-static-4.6.1-10.7.2
      netcdf_4_6_1-gnu-openmpi2-hpc-4.6.1-10.7.2
      netcdf_4_6_1-gnu-openmpi2-hpc-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-4.6.1-10.7.2
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-static-4.6.1-10.7.2

   - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):

      netcdf-gnu-hpc-4.6.1-10.7.2
      netcdf-gnu-hpc-devel-4.6.1-10.7.2
      netcdf-gnu-mpich-hpc-4.6.1-10.7.2
      netcdf-gnu-mpich-hpc-devel-4.6.1-10.7.2
      netcdf-gnu-mvapich2-hpc-4.6.1-10.7.2
      netcdf-gnu-mvapich2-hpc-devel-4.6.1-10.7.2
      netcdf-gnu-openmpi2-hpc-4.6.1-10.7.2
      netcdf-gnu-openmpi2-hpc-devel-4.6.1-10.7.2

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):

      libnetcdf-gnu-hpc-4.6.1-10.7.2
      libnetcdf-gnu-mpich-hpc-4.6.1-10.7.2
      libnetcdf-gnu-mvapich2-hpc-4.6.1-10.7.2
      libnetcdf-gnu-openmpi2-hpc-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-hpc-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-hpc-debuginfo-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-mpich-hpc-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-mpich-hpc-debuginfo-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-mvapich2-hpc-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-mvapich2-hpc-debuginfo-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-openmpi2-hpc-4.6.1-10.7.2
      libnetcdf_4_6_1-gnu-openmpi2-hpc-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-hpc-4.6.1-10.7.2
      netcdf_4_6_1-gnu-hpc-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-hpc-devel-4.6.1-10.7.2
      netcdf_4_6_1-gnu-hpc-devel-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-hpc-devel-static-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-debugsource-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-devel-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-devel-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mpich-hpc-devel-static-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-debugsource-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-mvapich2-hpc-devel-static-4.6.1-10.7.2
      netcdf_4_6_1-gnu-openmpi2-hpc-4.6.1-10.7.2
      netcdf_4_6_1-gnu-openmpi2-hpc-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-4.6.1-10.7.2
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-debuginfo-4.6.1-10.7.2
      netcdf_4_6_1-gnu-openmpi2-hpc-devel-static-4.6.1-10.7.2

   - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):

      netcdf-gnu-hpc-4.6.1-10.7.2
      netcdf-gnu-hpc-devel-4.6.1-10.7.2
      netcdf-gnu-mpich-hpc-4.6.1-10.7.2
      netcdf-gnu-mpich-hpc-devel-4.6.1-10.7.2
      netcdf-gnu-mvapich2-hpc-4.6.1-10.7.2
      netcdf-gnu-mvapich2-hpc-devel-4.6.1-10.7.2
      netcdf-gnu-openmpi2-hpc-4.6.1-10.7.2
      netcdf-gnu-openmpi2-hpc-devel-4.6.1-10.7.2


References:

   https://www.suse.com/security/cve/CVE-2019-20005.html
   https://www.suse.com/security/cve/CVE-2019-20006.html
   https://www.suse.com/security/cve/CVE-2019-20007.html
   https://www.suse.com/security/cve/CVE-2019-20198.html
   https://www.suse.com/security/cve/CVE-2019-20199.html
   https://www.suse.com/security/cve/CVE-2019-20200.html
   https://www.suse.com/security/cve/CVE-2019-20201.html
   https://www.suse.com/security/cve/CVE-2019-20202.html
   https://www.suse.com/security/cve/CVE-2021-26220.html
   https://www.suse.com/security/cve/CVE-2021-26221.html
   https://www.suse.com/security/cve/CVE-2021-26222.html
   https://www.suse.com/security/cve/CVE-2021-30485.html
   https://www.suse.com/security/cve/CVE-2021-31229.html
   https://www.suse.com/security/cve/CVE-2021-31347.html
   https://www.suse.com/security/cve/CVE-2021-31348.html
   https://www.suse.com/security/cve/CVE-2021-31598.html
   https://bugzilla.suse.com/1191856