From sle-updates at lists.suse.com Wed Sep 1 01:17:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 03:17:37 +0200 (CEST) Subject: SUSE-RU-2021:2897-1: moderate: Recommended update for postfix Message-ID: <20210901011737.88A79F799@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2897-1 Rating: moderate References: #1189684 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postfix fixes the following issues: - Include "submissions" service in master configuration (bsc#1189684) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2897=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-2897=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2897=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.5.9-5.6.1 postfix-debugsource-3.5.9-5.6.1 postfix-mysql-3.5.9-5.6.1 postfix-mysql-debuginfo-3.5.9-5.6.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postfix-bdb-3.5.9-5.6.1 postfix-bdb-debuginfo-3.5.9-5.6.1 postfix-bdb-debugsource-3.5.9-5.6.1 postfix-bdb-lmdb-3.5.9-5.6.1 postfix-bdb-lmdb-debuginfo-3.5.9-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): postfix-3.5.9-5.6.1 postfix-debuginfo-3.5.9-5.6.1 postfix-debugsource-3.5.9-5.6.1 postfix-devel-3.5.9-5.6.1 postfix-ldap-3.5.9-5.6.1 postfix-ldap-debuginfo-3.5.9-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): postfix-doc-3.5.9-5.6.1 References: https://bugzilla.suse.com/1189684 From sle-updates at lists.suse.com Wed Sep 1 10:19:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 12:19:31 +0200 (CEST) Subject: SUSE-RU-2021:2898-1: moderate: Recommended update for grub2 Message-ID: <20210901101931.B86A3FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2898-1 Rating: moderate References: #1186975 #1187565 #1187645 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix error not a btrfs filesystem on s390x (bsc#1187645) - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) - Fix boot failure after kdump due to the content of grub.cfg is not completed with pending modificaton in xfs journal (bsc#1186975) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2898=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-2898=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2898=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): grub2-x86_64-xen-2.04-22.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): grub2-arm64-efi-2.04-22.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.04-22.3.1 grub2-debuginfo-2.04-22.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.04-22.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): grub2-arm64-efi-2.04-22.3.1 grub2-i386-pc-2.04-22.3.1 grub2-powerpc-ieee1275-2.04-22.3.1 grub2-snapper-plugin-2.04-22.3.1 grub2-systemd-sleep-plugin-2.04-22.3.1 grub2-x86_64-efi-2.04-22.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): grub2-s390x-emu-2.04-22.3.1 References: https://bugzilla.suse.com/1186975 https://bugzilla.suse.com/1187565 https://bugzilla.suse.com/1187645 From sle-updates at lists.suse.com Wed Sep 1 10:20:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 12:20:57 +0200 (CEST) Subject: SUSE-RU-2021:2899-1: moderate: Recommended update for systemd-rpm-macros Message-ID: <20210901102057.5C631FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2899-1 Rating: moderate References: #1186282 #1187332 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd-rpm-macros fixes the following issues: - Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332) - Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead. - %sysusers_create_inline: use here-docs instead of echo (bsc#1186282) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2899=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2899=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-rpm-macros-8-7.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-rpm-macros-8-7.18.1 References: https://bugzilla.suse.com/1186282 https://bugzilla.suse.com/1187332 From sle-updates at lists.suse.com Wed Sep 1 13:16:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 15:16:54 +0200 (CEST) Subject: SUSE-RU-2021:2901-1: moderate: Recommended update for insserv-compat Message-ID: <20210901131654.92560F799@maintenance.suse.de> SUSE Recommended Update: Recommended update for insserv-compat ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2901-1 Rating: moderate References: #1187941 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for insserv-compat fixes the following issues: - Require sysvinit-tools. (bsc#1187941) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2901=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2901=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): insserv-compat-0.1-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): insserv-compat-0.1-4.6.1 References: https://bugzilla.suse.com/1187941 From sle-updates at lists.suse.com Wed Sep 1 13:20:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 15:20:23 +0200 (CEST) Subject: SUSE-RU-2021:2900-1: moderate: Recommended update for libarchive Message-ID: <20210901132023.3F551F799@maintenance.suse.de> SUSE Recommended Update: Recommended update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2900-1 Rating: moderate References: #1188891 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libarchive fixes the following issues: Update to version 3.3.3. * Avoid super-linear slowdown on malformed mtree files * Many fixes for building with Visual Studio * NO_OVERWRITE doesn't change existing directory attributes * New support for Zstandard read and write filters - all security and stability fixes merged. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2900=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2900=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.3.3-26.10.4 libarchive-devel-3.3.3-26.10.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.3.3-26.10.4 libarchive13-3.3.3-26.10.4 libarchive13-debuginfo-3.3.3-26.10.4 References: https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Wed Sep 1 13:21:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 15:21:33 +0200 (CEST) Subject: SUSE-RU-2021:2902-1: moderate: Recommended update for habootstrap-formula Message-ID: <20210901132133.E5D1EF799@maintenance.suse.de> SUSE Recommended Update: Recommended update for habootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2902-1 Rating: moderate References: #1181731 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for habootstrap-formula fixes the following issue: - Fix SUSE Manager integration. (bsc#1181731) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-2902=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-2902=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): habootstrap-formula-0.4.2+git.1623406073.ac4a6b1-1.22.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): habootstrap-formula-0.4.2+git.1623406073.ac4a6b1-1.22.1 References: https://bugzilla.suse.com/1181731 From sle-updates at lists.suse.com Wed Sep 1 16:16:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 18:16:46 +0200 (CEST) Subject: SUSE-RU-2021:2905-1: important: Recommended update for corosync Message-ID: <20210901161646.88D07F799@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2905-1 Rating: important References: #1189680 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for corosync fixes the following issue: - Add 'cancel_hold_on_retransmit' config option on corosync totem (bsc#1189680) - This option allows Corosync to hold the token by representative when there are too many retransmit messages. This allows the network to process increased load without overloading it. The used mechanism is same as described for the hold directive. Some deployments may prefer to never hold token when there is retransmit messages. If so, the option should be set to yes. The default value is no. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2905=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): corosync-2.4.5-12.3.1 corosync-debuginfo-2.4.5-12.3.1 corosync-debugsource-2.4.5-12.3.1 corosync-qdevice-2.4.5-12.3.1 corosync-qdevice-debuginfo-2.4.5-12.3.1 corosync-qnetd-2.4.5-12.3.1 corosync-qnetd-debuginfo-2.4.5-12.3.1 corosync-testagents-2.4.5-12.3.1 corosync-testagents-debuginfo-2.4.5-12.3.1 libcfg6-2.4.5-12.3.1 libcfg6-debuginfo-2.4.5-12.3.1 libcmap4-2.4.5-12.3.1 libcmap4-debuginfo-2.4.5-12.3.1 libcorosync-devel-2.4.5-12.3.1 libcorosync_common4-2.4.5-12.3.1 libcorosync_common4-debuginfo-2.4.5-12.3.1 libcpg4-2.4.5-12.3.1 libcpg4-debuginfo-2.4.5-12.3.1 libquorum5-2.4.5-12.3.1 libquorum5-debuginfo-2.4.5-12.3.1 libsam4-2.4.5-12.3.1 libsam4-debuginfo-2.4.5-12.3.1 libtotem_pg5-2.4.5-12.3.1 libtotem_pg5-debuginfo-2.4.5-12.3.1 libvotequorum8-2.4.5-12.3.1 libvotequorum8-debuginfo-2.4.5-12.3.1 References: https://bugzilla.suse.com/1189680 From sle-updates at lists.suse.com Wed Sep 1 16:17:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 18:17:54 +0200 (CEST) Subject: SUSE-RU-2021:2903-1: moderate: Recommended update for cracklib Message-ID: <20210901161754.05BB1F799@maintenance.suse.de> SUSE Recommended Update: Recommended update for cracklib ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2903-1 Rating: moderate References: #1188698 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cracklib fixes the following issue: - Provide 'cracklib-dict-small' to SUSE Linux Enterprise Server 12-SP5 (bsc#1188698) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2903=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2903=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cracklib-debuginfo-2.9.0-8.2.1 cracklib-debugsource-2.9.0-8.2.1 cracklib-devel-2.9.0-8.2.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cracklib-2.9.0-8.2.1 cracklib-debuginfo-2.9.0-8.2.1 cracklib-debugsource-2.9.0-8.2.1 cracklib-dict-small-2.9.0-8.2.1 libcrack2-2.9.0-8.2.1 libcrack2-debuginfo-2.9.0-8.2.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcrack2-32bit-2.9.0-8.2.1 libcrack2-debuginfo-32bit-2.9.0-8.2.1 References: https://bugzilla.suse.com/1188698 From sle-updates at lists.suse.com Wed Sep 1 16:19:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 18:19:03 +0200 (CEST) Subject: SUSE-RU-2021:2904-1: important: Recommended update for corosync Message-ID: <20210901161903.26533F799@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2904-1 Rating: important References: #1189680 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for corosync fixes the following issue: - Add 'cancel_hold_on_retransmit' config option on corosync totem (bsc#1189680) - This option allows Corosync to hold the token by representative when there are too many retransmit messages. This allows the network to process increased load without overloading it. The used mechanism is same as described for the hold directive. Some deployments may prefer to never hold token when there is retransmit messages. If so, the option should be set to yes. The default value is no. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-2904=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): corosync-2.4.5-9.16.1 corosync-debuginfo-2.4.5-9.16.1 corosync-debugsource-2.4.5-9.16.1 corosync-qdevice-2.4.5-9.16.1 corosync-qdevice-debuginfo-2.4.5-9.16.1 corosync-qnetd-2.4.5-9.16.1 corosync-qnetd-debuginfo-2.4.5-9.16.1 corosync-testagents-2.4.5-9.16.1 corosync-testagents-debuginfo-2.4.5-9.16.1 libcfg6-2.4.5-9.16.1 libcfg6-debuginfo-2.4.5-9.16.1 libcmap4-2.4.5-9.16.1 libcmap4-debuginfo-2.4.5-9.16.1 libcorosync-devel-2.4.5-9.16.1 libcorosync_common4-2.4.5-9.16.1 libcorosync_common4-debuginfo-2.4.5-9.16.1 libcpg4-2.4.5-9.16.1 libcpg4-debuginfo-2.4.5-9.16.1 libquorum5-2.4.5-9.16.1 libquorum5-debuginfo-2.4.5-9.16.1 libsam4-2.4.5-9.16.1 libsam4-debuginfo-2.4.5-9.16.1 libtotem_pg5-2.4.5-9.16.1 libtotem_pg5-debuginfo-2.4.5-9.16.1 libvotequorum8-2.4.5-9.16.1 libvotequorum8-debuginfo-2.4.5-9.16.1 References: https://bugzilla.suse.com/1189680 From sle-updates at lists.suse.com Wed Sep 1 19:16:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 21:16:58 +0200 (CEST) Subject: SUSE-RU-2021:2908-1: moderate: Recommended update for rust Message-ID: <20210901191658.44E3AF799@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2908-1 Rating: moderate References: #1181643 #1188891 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rust fixes the following issues: - Rust was updated to allow building Firefox 91 (bsc#1188891) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2908=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2908=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2908=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2908=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2908=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2908=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2908=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2908=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2908=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2908=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): cargo-1.53.0-19.1 cargo-debuginfo-1.53.0-19.1 rust-1.53.0-19.1 rust-debuginfo-1.53.0-19.1 - SUSE Manager Server 4.0 (noarch): rust-src-1.53.0-19.1 - SUSE Manager Server 4.0 (x86_64): rls-1.53.0-19.1 rls-debuginfo-1.53.0-19.1 rust-analysis-1.53.0-19.1 - SUSE Manager Retail Branch Server 4.0 (noarch): rust-src-1.53.0-19.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): cargo-1.53.0-19.1 cargo-debuginfo-1.53.0-19.1 rls-1.53.0-19.1 rls-debuginfo-1.53.0-19.1 rust-1.53.0-19.1 rust-analysis-1.53.0-19.1 rust-debuginfo-1.53.0-19.1 - SUSE Manager Proxy 4.0 (noarch): rust-src-1.53.0-19.1 - SUSE Manager Proxy 4.0 (x86_64): cargo-1.53.0-19.1 cargo-debuginfo-1.53.0-19.1 rls-1.53.0-19.1 rls-debuginfo-1.53.0-19.1 rust-1.53.0-19.1 rust-analysis-1.53.0-19.1 rust-debuginfo-1.53.0-19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cargo-1.53.0-19.1 cargo-debuginfo-1.53.0-19.1 rust-1.53.0-19.1 rust-debuginfo-1.53.0-19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): rust-src-1.53.0-19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): rls-1.53.0-19.1 rls-debuginfo-1.53.0-19.1 rust-analysis-1.53.0-19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cargo-1.53.0-19.1 cargo-debuginfo-1.53.0-19.1 rust-1.53.0-19.1 rust-debuginfo-1.53.0-19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 x86_64): rls-1.53.0-19.1 rls-debuginfo-1.53.0-19.1 rust-analysis-1.53.0-19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): rust-src-1.53.0-19.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): rust-src-1.53.0-19.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cargo-1.53.0-19.1 cargo-debuginfo-1.53.0-19.1 rls-1.53.0-19.1 rls-debuginfo-1.53.0-19.1 rust-1.53.0-19.1 rust-analysis-1.53.0-19.1 rust-debuginfo-1.53.0-19.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): cargo-1.53.0-19.1 cargo-debuginfo-1.53.0-19.1 rust-1.53.0-19.1 rust-debuginfo-1.53.0-19.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): rls-1.53.0-19.1 rls-debuginfo-1.53.0-19.1 rust-analysis-1.53.0-19.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): rust-src-1.53.0-19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cargo-1.53.0-19.1 cargo-debuginfo-1.53.0-19.1 rls-1.53.0-19.1 rls-debuginfo-1.53.0-19.1 rust-1.53.0-19.1 rust-analysis-1.53.0-19.1 rust-debuginfo-1.53.0-19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): rust-src-1.53.0-19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cargo-1.53.0-19.1 cargo-debuginfo-1.53.0-19.1 rls-1.53.0-19.1 rls-debuginfo-1.53.0-19.1 rust-1.53.0-19.1 rust-analysis-1.53.0-19.1 rust-debuginfo-1.53.0-19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): rust-src-1.53.0-19.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cargo-1.53.0-19.1 cargo-debuginfo-1.53.0-19.1 rls-1.53.0-19.1 rls-debuginfo-1.53.0-19.1 rust-1.53.0-19.1 rust-analysis-1.53.0-19.1 rust-debuginfo-1.53.0-19.1 - SUSE Enterprise Storage 6 (noarch): rust-src-1.53.0-19.1 - SUSE CaaS Platform 4.0 (x86_64): cargo-1.53.0-19.1 cargo-debuginfo-1.53.0-19.1 rls-1.53.0-19.1 rls-debuginfo-1.53.0-19.1 rust-1.53.0-19.1 rust-analysis-1.53.0-19.1 rust-debuginfo-1.53.0-19.1 - SUSE CaaS Platform 4.0 (noarch): rust-src-1.53.0-19.1 References: https://bugzilla.suse.com/1181643 https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Wed Sep 1 19:18:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Sep 2021 21:18:17 +0200 (CEST) Subject: SUSE-RU-2021:2907-1: moderate: Recommended update for resource-agents Message-ID: <20210901191817.A3F02F799@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2907-1 Rating: moderate References: #1189535 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed an issue when SAP Instance fails to detect SAP unit files for 'systemd'. (bsc#1189535) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2907=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ldirectord-4.8.0+git30.d0077df0-8.11.1 resource-agents-4.8.0+git30.d0077df0-8.11.1 resource-agents-debuginfo-4.8.0+git30.d0077df0-8.11.1 resource-agents-debugsource-4.8.0+git30.d0077df0-8.11.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): monitoring-plugins-metadata-4.8.0+git30.d0077df0-8.11.1 References: https://bugzilla.suse.com/1189535 From sle-updates at lists.suse.com Thu Sep 2 01:17:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 03:17:28 +0200 (CEST) Subject: SUSE-RU-2021:2909-1: moderate: Recommended update for ndctl Message-ID: <20210902011728.4C8D0F799@maintenance.suse.de> SUSE Recommended Update: Recommended update for ndctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2909-1 Rating: moderate References: #1188502 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ndctl fixes the following issues: - Enable aarch64 build. (bsc#1188502) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2909=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2909=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le x86_64): ndctl-71.1-3.3.1 ndctl-debuginfo-71.1-3.3.1 ndctl-debugsource-71.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le x86_64): libndctl-devel-71.1-3.3.1 libndctl6-71.1-3.3.1 libndctl6-debuginfo-71.1-3.3.1 ndctl-debuginfo-71.1-3.3.1 ndctl-debugsource-71.1-3.3.1 References: https://bugzilla.suse.com/1188502 From sle-updates at lists.suse.com Thu Sep 2 06:09:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 08:09:50 +0200 (CEST) Subject: SUSE-IU-2021:619-1: Security update of suse-sles-15-sp3-chost-byos-v20210827-gen2 Message-ID: <20210902060950.98957F799@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20210827-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:619-1 Image Tags : suse-sles-15-sp3-chost-byos-v20210827-gen2:20210827 Image Release : Severity : critical Type : security References : 1057452 1065729 1085224 1094840 1102408 1102408 1113295 1138715 1138746 1152472 1152489 1153274 1154353 1155518 1156395 1166028 1170511 1171962 1172505 1176389 1176447 1176940 1177120 1179243 1179416 1180092 1180814 1181805 1182421 1182422 1183543 1183545 1183871 1184114 1184350 1184631 1184804 1184994 1185308 1185377 1185615 1185646 1185791 1185972 1185991 1185993 1186194 1186206 1186347 1186397 1186482 1186483 1186687 1187115 1187215 1187470 1187476 1187495 1187585 1187774 1188036 1188063 1188080 1188101 1188121 1188126 1188176 1188267 1188268 1188269 1188287 1188323 1188348 1188348 1188366 1188405 1188445 1188504 1188571 1188620 1188683 1188703 1188720 1188746 1188747 1188748 1188752 1188770 1188771 1188772 1188773 1188774 1188777 1188838 1188876 1188881 1188885 1188893 1188973 1189206 1189465 1189465 1189520 1189521 CVE-2020-12049 CVE-2020-13529 CVE-2020-26137 CVE-2021-20266 CVE-2021-20271 CVE-2021-21781 CVE-2021-22543 CVE-2021-33910 CVE-2021-3421 CVE-2021-35039 CVE-2021-3609 CVE-2021-3612 CVE-2021-36222 CVE-2021-3659 CVE-2021-3672 CVE-2021-3711 CVE-2021-3712 CVE-2021-37576 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20210827-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2606-1 Released: Wed Aug 4 13:16:09 2021 Summary: Recommended update for libcbor Type: recommended Severity: moderate References: 1102408 This update for libcbor fixes the following issues: - Implement a fix to avoid building shared library twice. (bsc#1102408) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2625-1 Released: Thu Aug 5 12:10:27 2021 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1185991,1185993,1186347,1186397,1186687,1188348 This update for supportutils fixes the following issues: ethtool was updated to version 3.1.17: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) - Adding ethtool options g l m to network.txt (jsc#SLE-18240) - lsof options to improve performance (bsc#1186687) - Exclude rhn.conf from etc.txt (bsc#1186347) - analyzevmcore supports local directories (bsc#1186397) - getappcore checks for valid compression binary (bsc#1185991) - getappcore does not trigger errors with help message (bsc#1185993) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2627-1 Released: Thu Aug 5 12:10:46 2021 Summary: Recommended maintenance update for systemd-default-settings Type: recommended Severity: moderate References: 1188348 This update for systemd-default-settings fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2687-1 Released: Sat Aug 14 10:16:41 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973,CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a potential local privilege escalation in the CAN BCM networking protocol (bsc#1187215). - CVE-2021-3612: Fixed an out-of-bounds memory write flaw in the joystick devices subsystem. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed mishandling of signature verification. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bsc#1188080). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: DPTF: Fix reading of attributes (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: PM / fan: Put fan device IDs into separate header file (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ACPICA: Fix memory leak caused by _CID repair function (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: firewire-motu: fix detection for S/PDIF source on optical interface in v2 protocol (git-fixes). - ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine (git-fixes). - ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook x360 830 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: pcm - fix mmap capability check for the snd-dummy driver (git-fixes). - ALSA: pcm: Call substream ack() method upon compat mmap commit (git-fixes). - ALSA: pcm: Fix mmap capability check (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add missing proc text entry for BESPOKEN type (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: Fix OOB access at proc output (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - ALSA: usx2y: Avoid camelCase (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake (git-fixes). - ASoC: Intel: sof_sdw: add mutual exclusion between PCH DMIC and RT715 (git-fixes). - ASoC: SOF: loader: Use snd_sof_dsp_block_read() instead sof_block_read() (git-fixes). - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: fsl_spdif: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: fsl_spdif: Fix unexpected interrupt after suspend (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: intel/boards: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: max98373-sdw: add missing memory allocation check (git-fixes). - ASoC: max98373-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rk3328: fix missing clk_disable_unprepare() on error in rk3328_platform_probe() (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ASoC: rt1308-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: rt5682-sdw: set regcache_cache_only false before reading RT5682_DEVICE_ID (git-fixes). - ASoC: rt5682-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5682: Disable irq on shutdown (git-fixes). - ASoC: rt5682: Fix a problem with error handling in the io init function of the soundwire (git-fixes). - ASoC: rt5682: fix getting the wrong device id when the suspend_stress_test (git-fixes). - ASoC: rt700-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt711-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt715-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: soc-pcm: fix the return value in dpcm_apply_symmetry() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - ASoC: wm_adsp: Correct wm_coeff_tlv_get handling (git-fixes). - Bluetooth: Fix alt settings for incoming SCO with transparent coding format (git-fixes). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails (git-fixes). - Bluetooth: L2CAP: Fix invalid access on ECRED Connection response (git-fixes). - Bluetooth: Remove spurious error message (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btintel: Add infrastructure to read controller information (bsc#1188893). - Bluetooth: btintel: Check firmware version before download (bsc#1188893). - Bluetooth: btintel: Collect tlv based active firmware build info in FW mode (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version parsing (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Fix endianness issue for TLV version information (bsc#1188893). - Bluetooth: btintel: Fix offset calculation boot address parameter (bsc#1188893). - Bluetooth: btintel: Functions to send firmware header / payload (bsc#1188893). - Bluetooth: btintel: Move operational checks after version check (bsc#1188893). - Bluetooth: btintel: Refactor firmware download function (bsc#1188893). - Bluetooth: btintel: Reorganized bootloader mode tlv checks in intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Replace zero-length array with flexible-array member (bsc#1188893). - Bluetooth: btintel: Skip reading firmware file version while in bootloader mode (bsc#1188893). - Bluetooth: btqca: Do not modify firmware contents in-place (git-fixes). - Bluetooth: btusb: Add *setup* function for new generation Intel controllers (bsc#1188893). - Bluetooth: btusb: Add support USB ALT 3 for WBS (git-fixes). - Bluetooth: btusb: Add support for GarfieldPeak controller (bsc#1188893). - Bluetooth: btusb: Consolidate code for waiting firmware download (bsc#1188893). - Bluetooth: btusb: Define a function to construct firmware filename (bsc#1188893). - Bluetooth: btusb: Enable MSFT extension for Intel controllers (bsc#1188893). - Bluetooth: btusb: Fix failing to init controllers with operation firmware (bsc#1188893). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: Helper function to download firmware to Intel adapters (bsc#1188893). - Bluetooth: btusb: Map Typhoon peak controller to BTUSB_INTEL_NEWGEN (bsc#1188893). - Bluetooth: btusb: Update boot parameter specific to SKU (bsc#1188893). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Bluetooth: btusb: print firmware file name on error loading firmware (bsc#1188893). - Bluetooth: hci_intel: drop strange le16_to_cpu() against u8 values (bsc#1188893). - Bluetooth: hci_intel: enable on new platform (bsc#1188893). - Bluetooth: hci_intel: switch to list_for_each_entry() (bsc#1188893). - Bluetooth: hci_qca: fix potential GPF (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - Bluetooth: mgmt: Fix the command returns garbage parameter value (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: SVM: document KVM_MEM_ENCRYPT_OP, let userspace detect if SEV is available (bsc#1188703). - KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - RDMA/hns: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx4: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx5: Remove unused parameter udata (jsc#SLE-15176). - RDMA/rtrs-clt: Check if the queue_depth has changed during a reconnection (jsc#SLE-15176). - RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats (jsc#SLE-15176). - RDMA/rtrs-clt: Fix memory leak of not-freed sess->stats and stats->pcpu_stats (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak of unfreed rtrs_srv_stats object (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak when having multiple sessions (jsc#SLE-15176). - RDMA/rtrs-srv: Replace atomic_t with percpu_ref for ids_inflight (jsc#SLE-15176). - RDMA/rtrs-srv: Set minimal max_send_wr and max_recv_wr (jsc#SLE-15176). - RDMA/rtrs: Do not reset hb_missed_max after re-connection (jsc#SLE-15176). - RDMA/srp: Fix a recently introduced memory leak (jsc#SLE-15176). - Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes). - Revert 'ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro' (git-fixes). - Revert 'Bluetooth: btintel: Fix endianness issue for TLV version information' (bsc#1188893). - Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes). - Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes). - Revert 'drm/i915: Propagate errors on awaiting already signaled fences' (git-fixes). - Revert 'drm: add a locked version of drm_is_current_master' (git-fixes). - Revert 'ibmvnic: remove duplicate napi_schedule call in open function' (bsc#1065729). - Revert 'iwlwifi: remove wide_cmd_header field' (bsc#1187495). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bonding: Add struct bond_ipesc to manage SA (bsc#1176447). - bonding: disallow setting nested bonding + ipsec offload (bsc#1176447). - bonding: fix build issue (git-fixes). - bonding: fix incorrect return value of bond_ipsec_offload_ok() (bsc#1176447). - bonding: fix null dereference in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_del_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() (bsc#1176447). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - brcmfmac: Fix a double-free in brcmf_sdio_bus_reset (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: imx8mq: remove SYS PLL 1/2 clock gates (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: si5341: Update initialization magic (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - coresight: Propagate symlink failure (git-fixes). - coresight: core: Fix use of uninitialized pointer (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes). - docs: virt/kvm: close inline string literal (bsc#1188703). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect() (git-fixes). - drm/amd/display: Avoid HDCP over-read and corruption (git-fixes). - drm/amd/display: Fix DCN 3.01 DSCCLK validation (git-fixes). - drm/amd/display: Fix build warnings (git-fixes). - drm/amd/display: Fix off-by-one error in DML (git-fixes). - drm/amd/display: Release MST resources on switch from MST to SST (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix HDCP reset sequence on reinitialize (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2) (git-fixes). - drm/amdgpu: remove unsafe optimization to drop preamble ib (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - drm/amdgpu: wait for moving fence after pinning (git-fixes). - drm/amdkfd: Fix circular lock in nocpsch path (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/amdkfd: fix circular locking on get_wave_state (git-fixes). - drm/amdkfd: use allowed domain for vmbo validation (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge/sii8620: fix dependency on extcon (git-fixes). - drm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable() (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/bridge: nwl-dsi: Force a full modeset when crtc_state->active is changed to be true (git-fixes). - drm/dp_mst: Do not set proposed vcpi directly (git-fixes). - drm/gma500: Add the missed drm_gem_object_put() in psb_user_framebuffer_create() (git-fixes). - drm/i915/display: Do not zero past infoframes.vsc (git-fixes). - drm/i915/gvt: Clear d3_entered on elsp cmd submission (git-fixes). - drm/i915/selftests: use vma_lookup() in __igt_mmap() (git-fixes). - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/msm/dpu: Fix sm8250_mdp register length (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/msm: Small msm_gem_purge() fix (bsc#1152489) - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/nouveau: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/nouveau: fix dma_address check for CPU/GPU sync (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/panel: nt35510: Do not fail if DSI read fails (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown() for Loongson64 (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 result (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/rockchip: lvds: Fix an error handling path (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/scheduler: Fix hang when sched_entity released (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: Fix clock source for VEC PixelValve on BCM2711 (git-fixes). - drm/vc4: crtc: Skip the TXP (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/vc4: hdmi: Fix PM reference leak in vc4_hdmi_encoder_pre_crtc_co() (git-fixes). - drm/vc4: hdmi: Fix error path of hpd-gpios (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) - drm/vc4: hdmi: Prevent clock unbalance (git-fixes). - drm/vc4: txp: Properly set the possible_crtcs mask (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/vmwgfx: Fix cpu updates of coherent multisample surfaces (git-fixes). - drm/vmwgfx: Mark a surface gpu-dirty after the SVGA3dCmdDXGenMips command (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) - drm: bridge: add missing word in Analogix help text (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm: rockchip: add missing registers for RK3066 (git-fixes). - drm: rockchip: add missing registers for RK3188 (git-fixes). - drm: rockchip: set alpha_en to 0 if it is not used (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - efi/tpm: Differentiate missing and invalid final event log table (bsc#1188036). - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i2c: designware: Adjust bus_freq_hz when refuse high speed mode set (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - i40e: Fix missing rtnl locking when setting up pf switch (jsc#SLE-13701). - i40e: fix PTP on 5Gb links (jsc#SLE-13701). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - integrity: use arch_ima_get_secureboot instead of checking EFI_SECURE_BOOT when loading MokListRT (bsc#1188366). - intel_th: Wait until port is in reset before programming it (git-fixes). - iwl-trans: move dev_cmd_offs, page_offs to a common trans header (bsc#1187495). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() (git-fixes). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() (git-fixes). - iwlwifi: acpi: evaluate dsm to disable 5.8GHz channels (bsc#1187495). - iwlwifi: acpi: in non acpi compilations remove iwl_sar_geo_init (bsc#1187495). - iwlwifi: acpi: prepare SAR profile selection code for multiple sizes (bsc#1187495). - iwlwifi: acpi: remove dummy definition of iwl_sar_set_profile() (bsc#1187495). - iwlwifi: acpi: rename geo structs to contain versioning (bsc#1187495). - iwlwifi: acpi: support ppag table command v2 (bsc#1187495). - iwlwifi: add a common struct for all iwl_tx_power_cmd versions (bsc#1187495). - iwlwifi: add trans op to set PNVM (bsc#1187495). - iwlwifi: align RX status flags with firmware (bsc#1187495). - iwlwifi: api: fix u32 -> __le32 (bsc#1187495). - iwlwifi: bump FW API to 57 for AX devices (bsc#1187495). - iwlwifi: bump FW API to 59 for AX devices (bsc#1187495). - iwlwifi: calib: Demote seemingly unintentional kerneldoc header (bsc#1187495). - iwlwifi: dbg: Do not touch the tlv data (bsc#1187495). - iwlwifi: dbg: add debug host notification (DHN) time point (bsc#1187495). - iwlwifi: dbg: add dumping special device memory (bsc#1187495). - iwlwifi: dbg: remove IWL_FW_INI_TIME_POINT_WDG_TIMEOUT (bsc#1187495). - iwlwifi: do not export acpi functions unnecessarily (bsc#1187495). - iwlwifi: dvm: Demote a couple of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: devices: Fix function documentation formatting issues (bsc#1187495). - iwlwifi: dvm: lib: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: rxon: Demote non-conformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: scan: Demote a few nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: sta: Demote a bunch of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: tx: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: enable twt by default (bsc#1187495). - iwlwifi: fix 11ax disabled bit in the regulatory capability flags (bsc#1187495). - iwlwifi: fix sar geo table initialization (bsc#1187495). - iwlwifi: fw: add default value for iwl_fw_lookup_cmd_ver (bsc#1187495). - iwlwifi: fw: move assert descriptor parser to common code (bsc#1187495). - iwlwifi: increase PNVM load timeout (bsc#1187495). - iwlwifi: iwl-drv: Provide descriptions debugfs dentries (bsc#1187495). - iwlwifi: iwl-trans: move tfd to trans layer (bsc#1187495). - iwlwifi: move PNVM implementation to common code (bsc#1187495). - iwlwifi: move all bus-independent TX functions to common code (bsc#1187495). - iwlwifi: move bc_pool to a common trans header (bsc#1187495). - iwlwifi: move bc_table_dword to a common trans header (bsc#1187495). - iwlwifi: msix: limit max RX queues for 9000 family (bsc#1187495). - iwlwifi: mvm: Add FTM initiator RTT smoothing logic (bsc#1187495). - iwlwifi: mvm: Do not install CMAC/GMAC key in AP mode (bsc#1187495). - iwlwifi: mvm: add PROTECTED_TWT firmware API (bsc#1187495). - iwlwifi: mvm: add a get lmac id function (bsc#1187495). - iwlwifi: mvm: add an option to add PASN station (bsc#1187495). - iwlwifi: mvm: add d3 prints (bsc#1187495). - iwlwifi: mvm: add support for new WOWLAN_TSC_RSC_PARAM version (bsc#1187495). - iwlwifi: mvm: add support for new version of WOWLAN_TKIP_SETTING_API_S (bsc#1187495). - iwlwifi: mvm: add support for range request command ver 11 (bsc#1187495). - iwlwifi: mvm: add support for responder dynamic config command version 3 (bsc#1187495). - iwlwifi: mvm: assign SAR table revision to the command later (bsc#1187495). - iwlwifi: mvm: avoid possible NULL pointer dereference (bsc#1187495). - iwlwifi: mvm: clear all scan UIDs (bsc#1187495). - iwlwifi: mvm: d3: parse wowlan status version 11 (bsc#1187495). - iwlwifi: mvm: d3: support GCMP ciphers (bsc#1187495). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: mvm: do not check if CSA event is running before removing (bsc#1187495). - iwlwifi: mvm: do not send a CSA command the firmware does not know (bsc#1187495). - iwlwifi: mvm: fix error print when session protection ends (git-fixes). - iwlwifi: mvm: fix suspicious rcu usage warnings (bsc#1187495). - iwlwifi: mvm: fix the type we use in the PPAG table validity checks (bsc#1187495). - iwlwifi: mvm: get number of stations from TLV (bsc#1187495). - iwlwifi: mvm: ignore the scan duration parameter (bsc#1187495). - iwlwifi: mvm: initiator: add option for adding a PASN responder (bsc#1187495). - iwlwifi: mvm: location: set the HLTK when PASN station is added (bsc#1187495). - iwlwifi: mvm: ops: Remove unused static struct 'iwl_mvm_debug_names' (bsc#1187495). - iwlwifi: mvm: prepare roc_done_wk to work sync (bsc#1187495). - iwlwifi: mvm: process ba-notifications also when sta rcu is invalid (bsc#1187495). - iwlwifi: mvm: re-enable TX after channel switch (bsc#1187495). - iwlwifi: mvm: read and parse SKU ID if available (bsc#1187495). - iwlwifi: mvm: remove memset of kek_kck command (bsc#1187495). - iwlwifi: mvm: remove redundant log in iwl_mvm_tvqm_enable_txq() (bsc#1187495). - iwlwifi: mvm: remove redundant support_umac_log field (bsc#1187495). - iwlwifi: mvm: responder: allow to set only the HLTK for an associated station (bsc#1187495). - iwlwifi: mvm: ring the doorbell and wait for PNVM load completion (bsc#1187495). - iwlwifi: mvm: rs-fw: handle VHT extended NSS capability (bsc#1187495). - iwlwifi: mvm: send stored PPAG command instead of local (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT feature if supported by firmware (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT in MAC data policy (bsc#1187495). - iwlwifi: mvm: set enabled in the PPAG command properly (bsc#1187495). - iwlwifi: mvm: stop claiming NL80211_EXT_FEATURE_SET_SCAN_DWELL (bsc#1187495). - iwlwifi: mvm: store PPAG enabled/disabled flag properly (bsc#1187495). - iwlwifi: mvm: support ADD_STA_CMD_API_S ver 12 (bsc#1187495). - iwlwifi: mvm: support more GTK rekeying algorithms (bsc#1187495). - iwlwifi: mvm: support new KEK KCK api (bsc#1187495). - iwlwifi: mvm: tx: Demote misuse of kernel-doc headers (bsc#1187495). - iwlwifi: mvm: use CHECKSUM_COMPLETE (bsc#1187495). - iwlwifi: mvm: utils: Fix some doc-rot (bsc#1187495). - iwlwifi: pcie: avoid potential PNVM leaks (bsc#1187495). - iwlwifi: pcie: do not disable interrupts for reg_lock (bsc#1187495). - iwlwifi: pcie: fix context info freeing (git-fixes). - iwlwifi: pcie: fix the xtal latency value for a few qu devices (bsc#1187495). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - iwlwifi: pcie: implement set_pnvm op (bsc#1187495). - iwlwifi: pcie: make iwl_pcie_txq_update_byte_cnt_tbl bus independent (bsc#1187495). - iwlwifi: pcie: properly set LTR workarounds on 22000 devices (bsc#1187495). - iwlwifi: phy-ctxt: add new API VER 3 for phy context cmd (bsc#1187495). - iwlwifi: pnvm: do not skip everything when not reloading (bsc#1187495). - iwlwifi: pnvm: do not try to load after failures (bsc#1187495). - iwlwifi: pnvm: increment the pointer before checking the TLV (bsc#1187495). - iwlwifi: pnvm: set the PNVM again if it was already loaded (bsc#1187495). - iwlwifi: provide gso_type to GSO packets (bsc#1187495). - iwlwifi: queue: bail out on invalid freeing (bsc#1187495). - iwlwifi: read and parse PNVM file (bsc#1187495). - iwlwifi: regulatory: regulatory capabilities api change (bsc#1187495). - iwlwifi: remove iwl_validate_sar_geo_profile() export (bsc#1187495). - iwlwifi: remove wide_cmd_header field (bsc#1187495). - iwlwifi: rs: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: rs: align to new TLC config command API (bsc#1187495). - iwlwifi: rs: set RTS protection for all non legacy rates (bsc#1187495). - iwlwifi: sta: defer ADDBA transmit in case reclaimed SN != next SN (bsc#1187495). - iwlwifi: stats: add new api fields for statistics cmd/ntfy (bsc#1187495). - iwlwifi: support REDUCE_TX_POWER_CMD version 6 (bsc#1187495). - iwlwifi: support version 3 of GEO_TX_POWER_LIMIT (bsc#1187495). - iwlwifi: support version 5 of the alive notification (bsc#1187495). - iwlwifi: thermal: support new temperature measurement API (bsc#1187495). - iwlwifi: update prph scratch structure to include PNVM data (bsc#1187495). - iwlwifi: use correct group for alive notification (bsc#1187495). - iwlwifi: wowlan: adapt to wowlan status API version 10 (bsc#1187495). - iwlwifi: yoyo: add support for internal buffer allocation in D3 (bsc#1187495). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - kABI compatibility fix for max98373_priv struct (git-fixes). - kABI workaround for btintel symbol changes (bsc#1188893). - kABI workaround for intel_th_driver (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - kabi/severities: ignore kABI of iwlwifi symbols (bsc#1187495) iwlwifi driver consists of several modules and all exported symbols are internal uses. Let's ignore kABI checks of those. - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: class: The -ENOTSUPP should never be seen by user space (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - mac80211: consider per-CPU statistics if present (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - mac80211: reset profile_periodicity/ema_ap (git-fixes). - mac80211_hwsim: add concurrent channels scanning support over virtio (git-fixes). - mac80211_hwsim: drop pending frames on stop (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: I2C: change 'RST' to 'RSET' to fix multiple build errors (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: siano: fix device register error path (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: fix fixed-rate tx status reporting (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: mt7915: fix IEEE80211_HE_PHY_CAP7_MAX_NC for station mode (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mvpp2: suppress warning (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net/sched: act_ct: remove and free nf_table callbacks (jsc#SLE-15172). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: fec_ptp: fix issue caused by refactor the fec_devtype (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: ipw2x00,iwlegacy,iwlwifi: Remove in_interrupt() from debug macros (bsc#1187495). - net: iwlwifi: Remove in_interrupt() from tracing macro (bsc#1187495). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - net: phy: fix save wrong speed and duplex problem if autoneg is on (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: realtek: add delay to fix RXC generation issue (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (bsc#1176447). - nfc: nfcsim: fix use after free during module unload (git-fixes). - nvme-rdma: fix in-casule data send for chained sgls (git-fixes). - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes). - nvme-tcp: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - prctl: PR_{G,S}ET_IO_FLUSHER to support controlling memory reclaim (bsc#1188752). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - replaced with upstream security mitigation cleanup - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - rtw88: 8822c: fix lc calibration timing (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - scsi: ibmvfc: Fix command state accounting and stale response detection (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: 8250_pci: Add support for new HPE serial device (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes). - sfp: Fix error handing in sfp_probe() (git-fixes). - skbuff: Fix build with SKB extensions disabled (jsc#SLE-15172). - skbuff: Release nfct refcount on napi stolen or re-used skbs (jsc#SLE-15172). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - thermal/drivers/int340x/processor_thermal: Fix tcc setting (git-fixes). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - thunderbolt: Bond lanes only when dual_link_port != NULL in alloc_dev_default() (git-fixes). - timers: Fix get_next_timer_interrupt() with no timers pending (git-fixes) - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing/histograms: Fix parsing of 'sym-offset' modifier (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify & fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix 'op-sink-microwatt' default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: update power supply once partner accepts (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - vfio/pci: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: carl9170: fix LEDS build errors & warnings (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: Fix xfrm offload fallback fail case (bsc#1176447). - xfrm: delete xfrm4_output_finish xfrm6_output_finish declarations (bsc#1176447). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). - xhci: solve a double free problem while doing s4 (git-fixes). - xsk: Fix missing validation for skb and unaligned mode (jsc#SLE-13706). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2760-1 Released: Tue Aug 17 17:11:14 2021 Summary: Security update for c-ares Type: security Severity: important References: 1188881,CVE-2021-3672 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2786-1 Released: Fri Aug 20 02:02:23 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1057452,1188287 This update for bash fixes the following issues: - Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2805-1 Released: Mon Aug 23 07:01:37 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1185615,1185646,1187115,1187470,1187774 This update for dracut fixes the following issues: - Correct man pages regarding the 'INITRD_MODULES' as some parts already invalid. (bsc#1187115) - Fixed an issue when running mkinitrd inproper arch is being expanded. (bsc#1185615) - Fix for 'suse-initrd' exclude modules that are built-in to prevent failing modules to be installed. (bsc#1185646) - Fix informing on usage of obsolete -f parameter. (bsc#1187470) - Fix reference to 'insmodpost module' in the documentation. (bsc#1187774) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2809-1 Released: Mon Aug 23 12:12:31 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1166028,1171962,1184994,1185972,1188063,CVE-2020-13529,CVE-2021-33910 This update for systemd fixes the following issues: - Updated to version 246.15 - CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063) - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2817-1 Released: Mon Aug 23 15:05:36 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Type: security Severity: moderate References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] From sle-updates at lists.suse.com Thu Sep 2 06:10:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 08:10:19 +0200 (CEST) Subject: SUSE-IU-2021:620-1: Security update of suse-sles-15-sp3-chost-byos-v20210827-hvm-ssd-x86_64 Message-ID: <20210902061019.BB1EEF799@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20210827-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:620-1 Image Tags : suse-sles-15-sp3-chost-byos-v20210827-hvm-ssd-x86_64:20210827 Image Release : Severity : critical Type : security References : 1057452 1065729 1085224 1094840 1102408 1102408 1113295 1138715 1138746 1152472 1152489 1153274 1154353 1155518 1156395 1166028 1170511 1171962 1172505 1176389 1176447 1176940 1177120 1179243 1179416 1180092 1180814 1181805 1182421 1182422 1183543 1183545 1183871 1184114 1184350 1184631 1184804 1184994 1185308 1185377 1185615 1185646 1185791 1185972 1185991 1185993 1186194 1186206 1186347 1186397 1186482 1186483 1186687 1187115 1187215 1187470 1187476 1187495 1187585 1187774 1188036 1188063 1188080 1188101 1188121 1188126 1188176 1188267 1188268 1188269 1188287 1188323 1188348 1188348 1188366 1188405 1188445 1188504 1188571 1188620 1188683 1188703 1188720 1188746 1188747 1188748 1188752 1188770 1188771 1188772 1188773 1188774 1188777 1188838 1188876 1188881 1188885 1188893 1188973 1189206 1189465 1189465 1189520 1189521 CVE-2020-12049 CVE-2020-13529 CVE-2020-26137 CVE-2021-20266 CVE-2021-20271 CVE-2021-21781 CVE-2021-22543 CVE-2021-33910 CVE-2021-3421 CVE-2021-35039 CVE-2021-3609 CVE-2021-3612 CVE-2021-36222 CVE-2021-3659 CVE-2021-3672 CVE-2021-3711 CVE-2021-3712 CVE-2021-37576 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20210827-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2606-1 Released: Wed Aug 4 13:16:09 2021 Summary: Recommended update for libcbor Type: recommended Severity: moderate References: 1102408 This update for libcbor fixes the following issues: - Implement a fix to avoid building shared library twice. (bsc#1102408) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2625-1 Released: Thu Aug 5 12:10:27 2021 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1185991,1185993,1186347,1186397,1186687,1188348 This update for supportutils fixes the following issues: ethtool was updated to version 3.1.17: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) - Adding ethtool options g l m to network.txt (jsc#SLE-18240) - lsof options to improve performance (bsc#1186687) - Exclude rhn.conf from etc.txt (bsc#1186347) - analyzevmcore supports local directories (bsc#1186397) - getappcore checks for valid compression binary (bsc#1185991) - getappcore does not trigger errors with help message (bsc#1185993) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2627-1 Released: Thu Aug 5 12:10:46 2021 Summary: Recommended maintenance update for systemd-default-settings Type: recommended Severity: moderate References: 1188348 This update for systemd-default-settings fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2687-1 Released: Sat Aug 14 10:16:41 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973,CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a potential local privilege escalation in the CAN BCM networking protocol (bsc#1187215). - CVE-2021-3612: Fixed an out-of-bounds memory write flaw in the joystick devices subsystem. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed mishandling of signature verification. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bsc#1188080). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: DPTF: Fix reading of attributes (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: PM / fan: Put fan device IDs into separate header file (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ACPICA: Fix memory leak caused by _CID repair function (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: firewire-motu: fix detection for S/PDIF source on optical interface in v2 protocol (git-fixes). - ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine (git-fixes). - ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook x360 830 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: pcm - fix mmap capability check for the snd-dummy driver (git-fixes). - ALSA: pcm: Call substream ack() method upon compat mmap commit (git-fixes). - ALSA: pcm: Fix mmap capability check (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add missing proc text entry for BESPOKEN type (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: Fix OOB access at proc output (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - ALSA: usx2y: Avoid camelCase (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake (git-fixes). - ASoC: Intel: sof_sdw: add mutual exclusion between PCH DMIC and RT715 (git-fixes). - ASoC: SOF: loader: Use snd_sof_dsp_block_read() instead sof_block_read() (git-fixes). - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: fsl_spdif: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: fsl_spdif: Fix unexpected interrupt after suspend (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: intel/boards: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: max98373-sdw: add missing memory allocation check (git-fixes). - ASoC: max98373-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rk3328: fix missing clk_disable_unprepare() on error in rk3328_platform_probe() (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ASoC: rt1308-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: rt5682-sdw: set regcache_cache_only false before reading RT5682_DEVICE_ID (git-fixes). - ASoC: rt5682-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5682: Disable irq on shutdown (git-fixes). - ASoC: rt5682: Fix a problem with error handling in the io init function of the soundwire (git-fixes). - ASoC: rt5682: fix getting the wrong device id when the suspend_stress_test (git-fixes). - ASoC: rt700-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt711-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt715-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: soc-pcm: fix the return value in dpcm_apply_symmetry() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - ASoC: wm_adsp: Correct wm_coeff_tlv_get handling (git-fixes). - Bluetooth: Fix alt settings for incoming SCO with transparent coding format (git-fixes). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails (git-fixes). - Bluetooth: L2CAP: Fix invalid access on ECRED Connection response (git-fixes). - Bluetooth: Remove spurious error message (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btintel: Add infrastructure to read controller information (bsc#1188893). - Bluetooth: btintel: Check firmware version before download (bsc#1188893). - Bluetooth: btintel: Collect tlv based active firmware build info in FW mode (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version parsing (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Fix endianness issue for TLV version information (bsc#1188893). - Bluetooth: btintel: Fix offset calculation boot address parameter (bsc#1188893). - Bluetooth: btintel: Functions to send firmware header / payload (bsc#1188893). - Bluetooth: btintel: Move operational checks after version check (bsc#1188893). - Bluetooth: btintel: Refactor firmware download function (bsc#1188893). - Bluetooth: btintel: Reorganized bootloader mode tlv checks in intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Replace zero-length array with flexible-array member (bsc#1188893). - Bluetooth: btintel: Skip reading firmware file version while in bootloader mode (bsc#1188893). - Bluetooth: btqca: Do not modify firmware contents in-place (git-fixes). - Bluetooth: btusb: Add *setup* function for new generation Intel controllers (bsc#1188893). - Bluetooth: btusb: Add support USB ALT 3 for WBS (git-fixes). - Bluetooth: btusb: Add support for GarfieldPeak controller (bsc#1188893). - Bluetooth: btusb: Consolidate code for waiting firmware download (bsc#1188893). - Bluetooth: btusb: Define a function to construct firmware filename (bsc#1188893). - Bluetooth: btusb: Enable MSFT extension for Intel controllers (bsc#1188893). - Bluetooth: btusb: Fix failing to init controllers with operation firmware (bsc#1188893). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: Helper function to download firmware to Intel adapters (bsc#1188893). - Bluetooth: btusb: Map Typhoon peak controller to BTUSB_INTEL_NEWGEN (bsc#1188893). - Bluetooth: btusb: Update boot parameter specific to SKU (bsc#1188893). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Bluetooth: btusb: print firmware file name on error loading firmware (bsc#1188893). - Bluetooth: hci_intel: drop strange le16_to_cpu() against u8 values (bsc#1188893). - Bluetooth: hci_intel: enable on new platform (bsc#1188893). - Bluetooth: hci_intel: switch to list_for_each_entry() (bsc#1188893). - Bluetooth: hci_qca: fix potential GPF (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - Bluetooth: mgmt: Fix the command returns garbage parameter value (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: SVM: document KVM_MEM_ENCRYPT_OP, let userspace detect if SEV is available (bsc#1188703). - KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - RDMA/hns: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx4: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx5: Remove unused parameter udata (jsc#SLE-15176). - RDMA/rtrs-clt: Check if the queue_depth has changed during a reconnection (jsc#SLE-15176). - RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats (jsc#SLE-15176). - RDMA/rtrs-clt: Fix memory leak of not-freed sess->stats and stats->pcpu_stats (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak of unfreed rtrs_srv_stats object (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak when having multiple sessions (jsc#SLE-15176). - RDMA/rtrs-srv: Replace atomic_t with percpu_ref for ids_inflight (jsc#SLE-15176). - RDMA/rtrs-srv: Set minimal max_send_wr and max_recv_wr (jsc#SLE-15176). - RDMA/rtrs: Do not reset hb_missed_max after re-connection (jsc#SLE-15176). - RDMA/srp: Fix a recently introduced memory leak (jsc#SLE-15176). - Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes). - Revert 'ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro' (git-fixes). - Revert 'Bluetooth: btintel: Fix endianness issue for TLV version information' (bsc#1188893). - Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes). - Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes). - Revert 'drm/i915: Propagate errors on awaiting already signaled fences' (git-fixes). - Revert 'drm: add a locked version of drm_is_current_master' (git-fixes). - Revert 'ibmvnic: remove duplicate napi_schedule call in open function' (bsc#1065729). - Revert 'iwlwifi: remove wide_cmd_header field' (bsc#1187495). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bonding: Add struct bond_ipesc to manage SA (bsc#1176447). - bonding: disallow setting nested bonding + ipsec offload (bsc#1176447). - bonding: fix build issue (git-fixes). - bonding: fix incorrect return value of bond_ipsec_offload_ok() (bsc#1176447). - bonding: fix null dereference in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_del_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() (bsc#1176447). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - brcmfmac: Fix a double-free in brcmf_sdio_bus_reset (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: imx8mq: remove SYS PLL 1/2 clock gates (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: si5341: Update initialization magic (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - coresight: Propagate symlink failure (git-fixes). - coresight: core: Fix use of uninitialized pointer (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes). - docs: virt/kvm: close inline string literal (bsc#1188703). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect() (git-fixes). - drm/amd/display: Avoid HDCP over-read and corruption (git-fixes). - drm/amd/display: Fix DCN 3.01 DSCCLK validation (git-fixes). - drm/amd/display: Fix build warnings (git-fixes). - drm/amd/display: Fix off-by-one error in DML (git-fixes). - drm/amd/display: Release MST resources on switch from MST to SST (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix HDCP reset sequence on reinitialize (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2) (git-fixes). - drm/amdgpu: remove unsafe optimization to drop preamble ib (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - drm/amdgpu: wait for moving fence after pinning (git-fixes). - drm/amdkfd: Fix circular lock in nocpsch path (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/amdkfd: fix circular locking on get_wave_state (git-fixes). - drm/amdkfd: use allowed domain for vmbo validation (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge/sii8620: fix dependency on extcon (git-fixes). - drm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable() (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/bridge: nwl-dsi: Force a full modeset when crtc_state->active is changed to be true (git-fixes). - drm/dp_mst: Do not set proposed vcpi directly (git-fixes). - drm/gma500: Add the missed drm_gem_object_put() in psb_user_framebuffer_create() (git-fixes). - drm/i915/display: Do not zero past infoframes.vsc (git-fixes). - drm/i915/gvt: Clear d3_entered on elsp cmd submission (git-fixes). - drm/i915/selftests: use vma_lookup() in __igt_mmap() (git-fixes). - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/msm/dpu: Fix sm8250_mdp register length (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/msm: Small msm_gem_purge() fix (bsc#1152489) - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/nouveau: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/nouveau: fix dma_address check for CPU/GPU sync (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/panel: nt35510: Do not fail if DSI read fails (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown() for Loongson64 (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 result (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/rockchip: lvds: Fix an error handling path (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/scheduler: Fix hang when sched_entity released (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: Fix clock source for VEC PixelValve on BCM2711 (git-fixes). - drm/vc4: crtc: Skip the TXP (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/vc4: hdmi: Fix PM reference leak in vc4_hdmi_encoder_pre_crtc_co() (git-fixes). - drm/vc4: hdmi: Fix error path of hpd-gpios (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) - drm/vc4: hdmi: Prevent clock unbalance (git-fixes). - drm/vc4: txp: Properly set the possible_crtcs mask (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/vmwgfx: Fix cpu updates of coherent multisample surfaces (git-fixes). - drm/vmwgfx: Mark a surface gpu-dirty after the SVGA3dCmdDXGenMips command (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) - drm: bridge: add missing word in Analogix help text (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm: rockchip: add missing registers for RK3066 (git-fixes). - drm: rockchip: add missing registers for RK3188 (git-fixes). - drm: rockchip: set alpha_en to 0 if it is not used (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - efi/tpm: Differentiate missing and invalid final event log table (bsc#1188036). - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i2c: designware: Adjust bus_freq_hz when refuse high speed mode set (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - i40e: Fix missing rtnl locking when setting up pf switch (jsc#SLE-13701). - i40e: fix PTP on 5Gb links (jsc#SLE-13701). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - integrity: use arch_ima_get_secureboot instead of checking EFI_SECURE_BOOT when loading MokListRT (bsc#1188366). - intel_th: Wait until port is in reset before programming it (git-fixes). - iwl-trans: move dev_cmd_offs, page_offs to a common trans header (bsc#1187495). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() (git-fixes). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() (git-fixes). - iwlwifi: acpi: evaluate dsm to disable 5.8GHz channels (bsc#1187495). - iwlwifi: acpi: in non acpi compilations remove iwl_sar_geo_init (bsc#1187495). - iwlwifi: acpi: prepare SAR profile selection code for multiple sizes (bsc#1187495). - iwlwifi: acpi: remove dummy definition of iwl_sar_set_profile() (bsc#1187495). - iwlwifi: acpi: rename geo structs to contain versioning (bsc#1187495). - iwlwifi: acpi: support ppag table command v2 (bsc#1187495). - iwlwifi: add a common struct for all iwl_tx_power_cmd versions (bsc#1187495). - iwlwifi: add trans op to set PNVM (bsc#1187495). - iwlwifi: align RX status flags with firmware (bsc#1187495). - iwlwifi: api: fix u32 -> __le32 (bsc#1187495). - iwlwifi: bump FW API to 57 for AX devices (bsc#1187495). - iwlwifi: bump FW API to 59 for AX devices (bsc#1187495). - iwlwifi: calib: Demote seemingly unintentional kerneldoc header (bsc#1187495). - iwlwifi: dbg: Do not touch the tlv data (bsc#1187495). - iwlwifi: dbg: add debug host notification (DHN) time point (bsc#1187495). - iwlwifi: dbg: add dumping special device memory (bsc#1187495). - iwlwifi: dbg: remove IWL_FW_INI_TIME_POINT_WDG_TIMEOUT (bsc#1187495). - iwlwifi: do not export acpi functions unnecessarily (bsc#1187495). - iwlwifi: dvm: Demote a couple of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: devices: Fix function documentation formatting issues (bsc#1187495). - iwlwifi: dvm: lib: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: rxon: Demote non-conformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: scan: Demote a few nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: sta: Demote a bunch of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: tx: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: enable twt by default (bsc#1187495). - iwlwifi: fix 11ax disabled bit in the regulatory capability flags (bsc#1187495). - iwlwifi: fix sar geo table initialization (bsc#1187495). - iwlwifi: fw: add default value for iwl_fw_lookup_cmd_ver (bsc#1187495). - iwlwifi: fw: move assert descriptor parser to common code (bsc#1187495). - iwlwifi: increase PNVM load timeout (bsc#1187495). - iwlwifi: iwl-drv: Provide descriptions debugfs dentries (bsc#1187495). - iwlwifi: iwl-trans: move tfd to trans layer (bsc#1187495). - iwlwifi: move PNVM implementation to common code (bsc#1187495). - iwlwifi: move all bus-independent TX functions to common code (bsc#1187495). - iwlwifi: move bc_pool to a common trans header (bsc#1187495). - iwlwifi: move bc_table_dword to a common trans header (bsc#1187495). - iwlwifi: msix: limit max RX queues for 9000 family (bsc#1187495). - iwlwifi: mvm: Add FTM initiator RTT smoothing logic (bsc#1187495). - iwlwifi: mvm: Do not install CMAC/GMAC key in AP mode (bsc#1187495). - iwlwifi: mvm: add PROTECTED_TWT firmware API (bsc#1187495). - iwlwifi: mvm: add a get lmac id function (bsc#1187495). - iwlwifi: mvm: add an option to add PASN station (bsc#1187495). - iwlwifi: mvm: add d3 prints (bsc#1187495). - iwlwifi: mvm: add support for new WOWLAN_TSC_RSC_PARAM version (bsc#1187495). - iwlwifi: mvm: add support for new version of WOWLAN_TKIP_SETTING_API_S (bsc#1187495). - iwlwifi: mvm: add support for range request command ver 11 (bsc#1187495). - iwlwifi: mvm: add support for responder dynamic config command version 3 (bsc#1187495). - iwlwifi: mvm: assign SAR table revision to the command later (bsc#1187495). - iwlwifi: mvm: avoid possible NULL pointer dereference (bsc#1187495). - iwlwifi: mvm: clear all scan UIDs (bsc#1187495). - iwlwifi: mvm: d3: parse wowlan status version 11 (bsc#1187495). - iwlwifi: mvm: d3: support GCMP ciphers (bsc#1187495). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: mvm: do not check if CSA event is running before removing (bsc#1187495). - iwlwifi: mvm: do not send a CSA command the firmware does not know (bsc#1187495). - iwlwifi: mvm: fix error print when session protection ends (git-fixes). - iwlwifi: mvm: fix suspicious rcu usage warnings (bsc#1187495). - iwlwifi: mvm: fix the type we use in the PPAG table validity checks (bsc#1187495). - iwlwifi: mvm: get number of stations from TLV (bsc#1187495). - iwlwifi: mvm: ignore the scan duration parameter (bsc#1187495). - iwlwifi: mvm: initiator: add option for adding a PASN responder (bsc#1187495). - iwlwifi: mvm: location: set the HLTK when PASN station is added (bsc#1187495). - iwlwifi: mvm: ops: Remove unused static struct 'iwl_mvm_debug_names' (bsc#1187495). - iwlwifi: mvm: prepare roc_done_wk to work sync (bsc#1187495). - iwlwifi: mvm: process ba-notifications also when sta rcu is invalid (bsc#1187495). - iwlwifi: mvm: re-enable TX after channel switch (bsc#1187495). - iwlwifi: mvm: read and parse SKU ID if available (bsc#1187495). - iwlwifi: mvm: remove memset of kek_kck command (bsc#1187495). - iwlwifi: mvm: remove redundant log in iwl_mvm_tvqm_enable_txq() (bsc#1187495). - iwlwifi: mvm: remove redundant support_umac_log field (bsc#1187495). - iwlwifi: mvm: responder: allow to set only the HLTK for an associated station (bsc#1187495). - iwlwifi: mvm: ring the doorbell and wait for PNVM load completion (bsc#1187495). - iwlwifi: mvm: rs-fw: handle VHT extended NSS capability (bsc#1187495). - iwlwifi: mvm: send stored PPAG command instead of local (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT feature if supported by firmware (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT in MAC data policy (bsc#1187495). - iwlwifi: mvm: set enabled in the PPAG command properly (bsc#1187495). - iwlwifi: mvm: stop claiming NL80211_EXT_FEATURE_SET_SCAN_DWELL (bsc#1187495). - iwlwifi: mvm: store PPAG enabled/disabled flag properly (bsc#1187495). - iwlwifi: mvm: support ADD_STA_CMD_API_S ver 12 (bsc#1187495). - iwlwifi: mvm: support more GTK rekeying algorithms (bsc#1187495). - iwlwifi: mvm: support new KEK KCK api (bsc#1187495). - iwlwifi: mvm: tx: Demote misuse of kernel-doc headers (bsc#1187495). - iwlwifi: mvm: use CHECKSUM_COMPLETE (bsc#1187495). - iwlwifi: mvm: utils: Fix some doc-rot (bsc#1187495). - iwlwifi: pcie: avoid potential PNVM leaks (bsc#1187495). - iwlwifi: pcie: do not disable interrupts for reg_lock (bsc#1187495). - iwlwifi: pcie: fix context info freeing (git-fixes). - iwlwifi: pcie: fix the xtal latency value for a few qu devices (bsc#1187495). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - iwlwifi: pcie: implement set_pnvm op (bsc#1187495). - iwlwifi: pcie: make iwl_pcie_txq_update_byte_cnt_tbl bus independent (bsc#1187495). - iwlwifi: pcie: properly set LTR workarounds on 22000 devices (bsc#1187495). - iwlwifi: phy-ctxt: add new API VER 3 for phy context cmd (bsc#1187495). - iwlwifi: pnvm: do not skip everything when not reloading (bsc#1187495). - iwlwifi: pnvm: do not try to load after failures (bsc#1187495). - iwlwifi: pnvm: increment the pointer before checking the TLV (bsc#1187495). - iwlwifi: pnvm: set the PNVM again if it was already loaded (bsc#1187495). - iwlwifi: provide gso_type to GSO packets (bsc#1187495). - iwlwifi: queue: bail out on invalid freeing (bsc#1187495). - iwlwifi: read and parse PNVM file (bsc#1187495). - iwlwifi: regulatory: regulatory capabilities api change (bsc#1187495). - iwlwifi: remove iwl_validate_sar_geo_profile() export (bsc#1187495). - iwlwifi: remove wide_cmd_header field (bsc#1187495). - iwlwifi: rs: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: rs: align to new TLC config command API (bsc#1187495). - iwlwifi: rs: set RTS protection for all non legacy rates (bsc#1187495). - iwlwifi: sta: defer ADDBA transmit in case reclaimed SN != next SN (bsc#1187495). - iwlwifi: stats: add new api fields for statistics cmd/ntfy (bsc#1187495). - iwlwifi: support REDUCE_TX_POWER_CMD version 6 (bsc#1187495). - iwlwifi: support version 3 of GEO_TX_POWER_LIMIT (bsc#1187495). - iwlwifi: support version 5 of the alive notification (bsc#1187495). - iwlwifi: thermal: support new temperature measurement API (bsc#1187495). - iwlwifi: update prph scratch structure to include PNVM data (bsc#1187495). - iwlwifi: use correct group for alive notification (bsc#1187495). - iwlwifi: wowlan: adapt to wowlan status API version 10 (bsc#1187495). - iwlwifi: yoyo: add support for internal buffer allocation in D3 (bsc#1187495). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - kABI compatibility fix for max98373_priv struct (git-fixes). - kABI workaround for btintel symbol changes (bsc#1188893). - kABI workaround for intel_th_driver (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - kabi/severities: ignore kABI of iwlwifi symbols (bsc#1187495) iwlwifi driver consists of several modules and all exported symbols are internal uses. Let's ignore kABI checks of those. - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: class: The -ENOTSUPP should never be seen by user space (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - mac80211: consider per-CPU statistics if present (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - mac80211: reset profile_periodicity/ema_ap (git-fixes). - mac80211_hwsim: add concurrent channels scanning support over virtio (git-fixes). - mac80211_hwsim: drop pending frames on stop (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: I2C: change 'RST' to 'RSET' to fix multiple build errors (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: siano: fix device register error path (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: fix fixed-rate tx status reporting (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: mt7915: fix IEEE80211_HE_PHY_CAP7_MAX_NC for station mode (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mvpp2: suppress warning (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net/sched: act_ct: remove and free nf_table callbacks (jsc#SLE-15172). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: fec_ptp: fix issue caused by refactor the fec_devtype (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: ipw2x00,iwlegacy,iwlwifi: Remove in_interrupt() from debug macros (bsc#1187495). - net: iwlwifi: Remove in_interrupt() from tracing macro (bsc#1187495). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - net: phy: fix save wrong speed and duplex problem if autoneg is on (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: realtek: add delay to fix RXC generation issue (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (bsc#1176447). - nfc: nfcsim: fix use after free during module unload (git-fixes). - nvme-rdma: fix in-casule data send for chained sgls (git-fixes). - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes). - nvme-tcp: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - prctl: PR_{G,S}ET_IO_FLUSHER to support controlling memory reclaim (bsc#1188752). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - replaced with upstream security mitigation cleanup - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - rtw88: 8822c: fix lc calibration timing (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - scsi: ibmvfc: Fix command state accounting and stale response detection (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: 8250_pci: Add support for new HPE serial device (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes). - sfp: Fix error handing in sfp_probe() (git-fixes). - skbuff: Fix build with SKB extensions disabled (jsc#SLE-15172). - skbuff: Release nfct refcount on napi stolen or re-used skbs (jsc#SLE-15172). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - thermal/drivers/int340x/processor_thermal: Fix tcc setting (git-fixes). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - thunderbolt: Bond lanes only when dual_link_port != NULL in alloc_dev_default() (git-fixes). - timers: Fix get_next_timer_interrupt() with no timers pending (git-fixes) - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing/histograms: Fix parsing of 'sym-offset' modifier (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify & fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix 'op-sink-microwatt' default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: update power supply once partner accepts (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - vfio/pci: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: carl9170: fix LEDS build errors & warnings (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: Fix xfrm offload fallback fail case (bsc#1176447). - xfrm: delete xfrm4_output_finish xfrm6_output_finish declarations (bsc#1176447). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). - xhci: solve a double free problem while doing s4 (git-fixes). - xsk: Fix missing validation for skb and unaligned mode (jsc#SLE-13706). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2760-1 Released: Tue Aug 17 17:11:14 2021 Summary: Security update for c-ares Type: security Severity: important References: 1188881,CVE-2021-3672 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2786-1 Released: Fri Aug 20 02:02:23 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1057452,1188287 This update for bash fixes the following issues: - Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2805-1 Released: Mon Aug 23 07:01:37 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1185615,1185646,1187115,1187470,1187774 This update for dracut fixes the following issues: - Correct man pages regarding the 'INITRD_MODULES' as some parts already invalid. (bsc#1187115) - Fixed an issue when running mkinitrd inproper arch is being expanded. (bsc#1185615) - Fix for 'suse-initrd' exclude modules that are built-in to prevent failing modules to be installed. (bsc#1185646) - Fix informing on usage of obsolete -f parameter. (bsc#1187470) - Fix reference to 'insmodpost module' in the documentation. (bsc#1187774) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2809-1 Released: Mon Aug 23 12:12:31 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1166028,1171962,1184994,1185972,1188063,CVE-2020-13529,CVE-2021-33910 This update for systemd fixes the following issues: - Updated to version 246.15 - CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063) - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2817-1 Released: Mon Aug 23 15:05:36 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Type: security Severity: moderate References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] From sle-updates at lists.suse.com Thu Sep 2 06:11:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 08:11:04 +0200 (CEST) Subject: SUSE-IU-2021:621-1: Security update of sles-15-sp3-chost-byos-v20210827 Message-ID: <20210902061104.B9A1EF799@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20210827 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:621-1 Image Tags : sles-15-sp3-chost-byos-v20210827:20210827 Image Release : Severity : critical Type : security References : 1057452 1065729 1085224 1094840 1102408 1113295 1152472 1152489 1153274 1154353 1155518 1156395 1166028 1170511 1171962 1172505 1176447 1176940 1179243 1179416 1180092 1180814 1181805 1183543 1183545 1183871 1184114 1184350 1184631 1184804 1184994 1185308 1185377 1185615 1185646 1185791 1185972 1185991 1185993 1186194 1186206 1186347 1186397 1186482 1186483 1186687 1187115 1187215 1187470 1187476 1187495 1187585 1187774 1188036 1188063 1188080 1188101 1188121 1188126 1188176 1188267 1188268 1188269 1188287 1188323 1188348 1188348 1188366 1188405 1188445 1188504 1188571 1188620 1188683 1188703 1188720 1188746 1188747 1188748 1188752 1188770 1188771 1188772 1188773 1188774 1188777 1188838 1188868 1188876 1188881 1188885 1188893 1188904 1188973 1189206 1189465 1189465 1189520 1189521 CVE-2020-12049 CVE-2020-13529 CVE-2021-20266 CVE-2021-20271 CVE-2021-21781 CVE-2021-22543 CVE-2021-33910 CVE-2021-3421 CVE-2021-35039 CVE-2021-3609 CVE-2021-3612 CVE-2021-36222 CVE-2021-3659 CVE-2021-3672 CVE-2021-3711 CVE-2021-3712 CVE-2021-37576 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20210827 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2606-1 Released: Wed Aug 4 13:16:09 2021 Summary: Recommended update for libcbor Type: recommended Severity: moderate References: 1102408 This update for libcbor fixes the following issues: - Implement a fix to avoid building shared library twice. (bsc#1102408) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2625-1 Released: Thu Aug 5 12:10:27 2021 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1185991,1185993,1186347,1186397,1186687,1188348 This update for supportutils fixes the following issues: ethtool was updated to version 3.1.17: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) - Adding ethtool options g l m to network.txt (jsc#SLE-18240) - lsof options to improve performance (bsc#1186687) - Exclude rhn.conf from etc.txt (bsc#1186347) - analyzevmcore supports local directories (bsc#1186397) - getappcore checks for valid compression binary (bsc#1185991) - getappcore does not trigger errors with help message (bsc#1185993) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2627-1 Released: Thu Aug 5 12:10:46 2021 Summary: Recommended maintenance update for systemd-default-settings Type: recommended Severity: moderate References: 1188348 This update for systemd-default-settings fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2681-1 Released: Thu Aug 12 14:59:06 2021 Summary: Recommended update for growpart-rootgrow Type: recommended Severity: important References: 1188868,1188904 This update for growpart-rootgrow fixes the following issues: - Fix root partition ID lookup. Only consider trailing digits to be part of the paritition ID. (bsc#1188868) (bsc#1188904) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2687-1 Released: Sat Aug 14 10:16:41 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085224,1094840,1113295,1152472,1152489,1153274,1154353,1155518,1156395,1170511,1176447,1176940,1179243,1180092,1180814,1183871,1184114,1184350,1184631,1184804,1185308,1185377,1185791,1186194,1186206,1186482,1186483,1187215,1187476,1187495,1187585,1188036,1188080,1188101,1188121,1188126,1188176,1188267,1188268,1188269,1188323,1188366,1188405,1188445,1188504,1188620,1188683,1188703,1188720,1188746,1188747,1188748,1188752,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188893,1188973,CVE-2021-21781,CVE-2021-22543,CVE-2021-35039,CVE-2021-3609,CVE-2021-3612,CVE-2021-3659,CVE-2021-37576 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a potential local privilege escalation in the CAN BCM networking protocol (bsc#1187215). - CVE-2021-3612: Fixed an out-of-bounds memory write flaw in the joystick devices subsystem. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed mishandling of signature verification. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bsc#1188080). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: DPTF: Fix reading of attributes (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: PM / fan: Put fan device IDs into separate header file (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ACPICA: Fix memory leak caused by _CID repair function (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: firewire-motu: fix detection for S/PDIF source on optical interface in v2 protocol (git-fixes). - ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine (git-fixes). - ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook x360 830 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: pcm - fix mmap capability check for the snd-dummy driver (git-fixes). - ALSA: pcm: Call substream ack() method upon compat mmap commit (git-fixes). - ALSA: pcm: Fix mmap capability check (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add missing proc text entry for BESPOKEN type (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: Fix OOB access at proc output (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - ALSA: usx2y: Avoid camelCase (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake (git-fixes). - ASoC: Intel: sof_sdw: add mutual exclusion between PCH DMIC and RT715 (git-fixes). - ASoC: SOF: loader: Use snd_sof_dsp_block_read() instead sof_block_read() (git-fixes). - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: fsl_spdif: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: fsl_spdif: Fix unexpected interrupt after suspend (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: intel/boards: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: max98373-sdw: add missing memory allocation check (git-fixes). - ASoC: max98373-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rk3328: fix missing clk_disable_unprepare() on error in rk3328_platform_probe() (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ASoC: rt1308-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: rt5682-sdw: set regcache_cache_only false before reading RT5682_DEVICE_ID (git-fixes). - ASoC: rt5682-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5682: Disable irq on shutdown (git-fixes). - ASoC: rt5682: Fix a problem with error handling in the io init function of the soundwire (git-fixes). - ASoC: rt5682: fix getting the wrong device id when the suspend_stress_test (git-fixes). - ASoC: rt700-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt711-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt715-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: soc-pcm: fix the return value in dpcm_apply_symmetry() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - ASoC: wm_adsp: Correct wm_coeff_tlv_get handling (git-fixes). - Bluetooth: Fix alt settings for incoming SCO with transparent coding format (git-fixes). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails (git-fixes). - Bluetooth: L2CAP: Fix invalid access on ECRED Connection response (git-fixes). - Bluetooth: Remove spurious error message (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btintel: Add infrastructure to read controller information (bsc#1188893). - Bluetooth: btintel: Check firmware version before download (bsc#1188893). - Bluetooth: btintel: Collect tlv based active firmware build info in FW mode (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version parsing (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Fix endianness issue for TLV version information (bsc#1188893). - Bluetooth: btintel: Fix offset calculation boot address parameter (bsc#1188893). - Bluetooth: btintel: Functions to send firmware header / payload (bsc#1188893). - Bluetooth: btintel: Move operational checks after version check (bsc#1188893). - Bluetooth: btintel: Refactor firmware download function (bsc#1188893). - Bluetooth: btintel: Reorganized bootloader mode tlv checks in intel_version_tlv parsing (bsc#1188893). - Bluetooth: btintel: Replace zero-length array with flexible-array member (bsc#1188893). - Bluetooth: btintel: Skip reading firmware file version while in bootloader mode (bsc#1188893). - Bluetooth: btqca: Do not modify firmware contents in-place (git-fixes). - Bluetooth: btusb: Add *setup* function for new generation Intel controllers (bsc#1188893). - Bluetooth: btusb: Add support USB ALT 3 for WBS (git-fixes). - Bluetooth: btusb: Add support for GarfieldPeak controller (bsc#1188893). - Bluetooth: btusb: Consolidate code for waiting firmware download (bsc#1188893). - Bluetooth: btusb: Define a function to construct firmware filename (bsc#1188893). - Bluetooth: btusb: Enable MSFT extension for Intel controllers (bsc#1188893). - Bluetooth: btusb: Fix failing to init controllers with operation firmware (bsc#1188893). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: Helper function to download firmware to Intel adapters (bsc#1188893). - Bluetooth: btusb: Map Typhoon peak controller to BTUSB_INTEL_NEWGEN (bsc#1188893). - Bluetooth: btusb: Update boot parameter specific to SKU (bsc#1188893). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Bluetooth: btusb: print firmware file name on error loading firmware (bsc#1188893). - Bluetooth: hci_intel: drop strange le16_to_cpu() against u8 values (bsc#1188893). - Bluetooth: hci_intel: enable on new platform (bsc#1188893). - Bluetooth: hci_intel: switch to list_for_each_entry() (bsc#1188893). - Bluetooth: hci_qca: fix potential GPF (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - Bluetooth: mgmt: Fix the command returns garbage parameter value (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: SVM: document KVM_MEM_ENCRYPT_OP, let userspace detect if SEV is available (bsc#1188703). - KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - RDMA/hns: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx4: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx5: Remove unused parameter udata (jsc#SLE-15176). - RDMA/rtrs-clt: Check if the queue_depth has changed during a reconnection (jsc#SLE-15176). - RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats (jsc#SLE-15176). - RDMA/rtrs-clt: Fix memory leak of not-freed sess->stats and stats->pcpu_stats (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak of unfreed rtrs_srv_stats object (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak when having multiple sessions (jsc#SLE-15176). - RDMA/rtrs-srv: Replace atomic_t with percpu_ref for ids_inflight (jsc#SLE-15176). - RDMA/rtrs-srv: Set minimal max_send_wr and max_recv_wr (jsc#SLE-15176). - RDMA/rtrs: Do not reset hb_missed_max after re-connection (jsc#SLE-15176). - RDMA/srp: Fix a recently introduced memory leak (jsc#SLE-15176). - Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes). - Revert 'ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro' (git-fixes). - Revert 'Bluetooth: btintel: Fix endianness issue for TLV version information' (bsc#1188893). - Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes). - Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes). - Revert 'drm/i915: Propagate errors on awaiting already signaled fences' (git-fixes). - Revert 'drm: add a locked version of drm_is_current_master' (git-fixes). - Revert 'ibmvnic: remove duplicate napi_schedule call in open function' (bsc#1065729). - Revert 'iwlwifi: remove wide_cmd_header field' (bsc#1187495). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bonding: Add struct bond_ipesc to manage SA (bsc#1176447). - bonding: disallow setting nested bonding + ipsec offload (bsc#1176447). - bonding: fix build issue (git-fixes). - bonding: fix incorrect return value of bond_ipsec_offload_ok() (bsc#1176447). - bonding: fix null dereference in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_del_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() (bsc#1176447). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - brcmfmac: Fix a double-free in brcmf_sdio_bus_reset (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: imx8mq: remove SYS PLL 1/2 clock gates (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: si5341: Update initialization magic (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - coresight: Propagate symlink failure (git-fixes). - coresight: core: Fix use of uninitialized pointer (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes). - docs: virt/kvm: close inline string literal (bsc#1188703). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect() (git-fixes). - drm/amd/display: Avoid HDCP over-read and corruption (git-fixes). - drm/amd/display: Fix DCN 3.01 DSCCLK validation (git-fixes). - drm/amd/display: Fix build warnings (git-fixes). - drm/amd/display: Fix off-by-one error in DML (git-fixes). - drm/amd/display: Release MST resources on switch from MST to SST (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix HDCP reset sequence on reinitialize (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2) (git-fixes). - drm/amdgpu: remove unsafe optimization to drop preamble ib (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - drm/amdgpu: wait for moving fence after pinning (git-fixes). - drm/amdkfd: Fix circular lock in nocpsch path (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/amdkfd: fix circular locking on get_wave_state (git-fixes). - drm/amdkfd: use allowed domain for vmbo validation (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge/sii8620: fix dependency on extcon (git-fixes). - drm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable() (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/bridge: nwl-dsi: Force a full modeset when crtc_state->active is changed to be true (git-fixes). - drm/dp_mst: Do not set proposed vcpi directly (git-fixes). - drm/gma500: Add the missed drm_gem_object_put() in psb_user_framebuffer_create() (git-fixes). - drm/i915/display: Do not zero past infoframes.vsc (git-fixes). - drm/i915/gvt: Clear d3_entered on elsp cmd submission (git-fixes). - drm/i915/selftests: use vma_lookup() in __igt_mmap() (git-fixes). - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/msm/dpu: Fix sm8250_mdp register length (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/msm: Small msm_gem_purge() fix (bsc#1152489) - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/nouveau: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/nouveau: fix dma_address check for CPU/GPU sync (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/panel: nt35510: Do not fail if DSI read fails (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown() for Loongson64 (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 result (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/rockchip: lvds: Fix an error handling path (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/scheduler: Fix hang when sched_entity released (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: Fix clock source for VEC PixelValve on BCM2711 (git-fixes). - drm/vc4: crtc: Skip the TXP (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/vc4: hdmi: Fix PM reference leak in vc4_hdmi_encoder_pre_crtc_co() (git-fixes). - drm/vc4: hdmi: Fix error path of hpd-gpios (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) - drm/vc4: hdmi: Prevent clock unbalance (git-fixes). - drm/vc4: txp: Properly set the possible_crtcs mask (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/vmwgfx: Fix cpu updates of coherent multisample surfaces (git-fixes). - drm/vmwgfx: Mark a surface gpu-dirty after the SVGA3dCmdDXGenMips command (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) - drm: bridge: add missing word in Analogix help text (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm: rockchip: add missing registers for RK3066 (git-fixes). - drm: rockchip: add missing registers for RK3188 (git-fixes). - drm: rockchip: set alpha_en to 0 if it is not used (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - efi/tpm: Differentiate missing and invalid final event log table (bsc#1188036). - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i2c: designware: Adjust bus_freq_hz when refuse high speed mode set (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - i40e: Fix missing rtnl locking when setting up pf switch (jsc#SLE-13701). - i40e: fix PTP on 5Gb links (jsc#SLE-13701). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - integrity: use arch_ima_get_secureboot instead of checking EFI_SECURE_BOOT when loading MokListRT (bsc#1188366). - intel_th: Wait until port is in reset before programming it (git-fixes). - iwl-trans: move dev_cmd_offs, page_offs to a common trans header (bsc#1187495). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() (git-fixes). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() (git-fixes). - iwlwifi: acpi: evaluate dsm to disable 5.8GHz channels (bsc#1187495). - iwlwifi: acpi: in non acpi compilations remove iwl_sar_geo_init (bsc#1187495). - iwlwifi: acpi: prepare SAR profile selection code for multiple sizes (bsc#1187495). - iwlwifi: acpi: remove dummy definition of iwl_sar_set_profile() (bsc#1187495). - iwlwifi: acpi: rename geo structs to contain versioning (bsc#1187495). - iwlwifi: acpi: support ppag table command v2 (bsc#1187495). - iwlwifi: add a common struct for all iwl_tx_power_cmd versions (bsc#1187495). - iwlwifi: add trans op to set PNVM (bsc#1187495). - iwlwifi: align RX status flags with firmware (bsc#1187495). - iwlwifi: api: fix u32 -> __le32 (bsc#1187495). - iwlwifi: bump FW API to 57 for AX devices (bsc#1187495). - iwlwifi: bump FW API to 59 for AX devices (bsc#1187495). - iwlwifi: calib: Demote seemingly unintentional kerneldoc header (bsc#1187495). - iwlwifi: dbg: Do not touch the tlv data (bsc#1187495). - iwlwifi: dbg: add debug host notification (DHN) time point (bsc#1187495). - iwlwifi: dbg: add dumping special device memory (bsc#1187495). - iwlwifi: dbg: remove IWL_FW_INI_TIME_POINT_WDG_TIMEOUT (bsc#1187495). - iwlwifi: do not export acpi functions unnecessarily (bsc#1187495). - iwlwifi: dvm: Demote a couple of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: devices: Fix function documentation formatting issues (bsc#1187495). - iwlwifi: dvm: lib: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: rxon: Demote non-conformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: scan: Demote a few nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: sta: Demote a bunch of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: tx: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: enable twt by default (bsc#1187495). - iwlwifi: fix 11ax disabled bit in the regulatory capability flags (bsc#1187495). - iwlwifi: fix sar geo table initialization (bsc#1187495). - iwlwifi: fw: add default value for iwl_fw_lookup_cmd_ver (bsc#1187495). - iwlwifi: fw: move assert descriptor parser to common code (bsc#1187495). - iwlwifi: increase PNVM load timeout (bsc#1187495). - iwlwifi: iwl-drv: Provide descriptions debugfs dentries (bsc#1187495). - iwlwifi: iwl-trans: move tfd to trans layer (bsc#1187495). - iwlwifi: move PNVM implementation to common code (bsc#1187495). - iwlwifi: move all bus-independent TX functions to common code (bsc#1187495). - iwlwifi: move bc_pool to a common trans header (bsc#1187495). - iwlwifi: move bc_table_dword to a common trans header (bsc#1187495). - iwlwifi: msix: limit max RX queues for 9000 family (bsc#1187495). - iwlwifi: mvm: Add FTM initiator RTT smoothing logic (bsc#1187495). - iwlwifi: mvm: Do not install CMAC/GMAC key in AP mode (bsc#1187495). - iwlwifi: mvm: add PROTECTED_TWT firmware API (bsc#1187495). - iwlwifi: mvm: add a get lmac id function (bsc#1187495). - iwlwifi: mvm: add an option to add PASN station (bsc#1187495). - iwlwifi: mvm: add d3 prints (bsc#1187495). - iwlwifi: mvm: add support for new WOWLAN_TSC_RSC_PARAM version (bsc#1187495). - iwlwifi: mvm: add support for new version of WOWLAN_TKIP_SETTING_API_S (bsc#1187495). - iwlwifi: mvm: add support for range request command ver 11 (bsc#1187495). - iwlwifi: mvm: add support for responder dynamic config command version 3 (bsc#1187495). - iwlwifi: mvm: assign SAR table revision to the command later (bsc#1187495). - iwlwifi: mvm: avoid possible NULL pointer dereference (bsc#1187495). - iwlwifi: mvm: clear all scan UIDs (bsc#1187495). - iwlwifi: mvm: d3: parse wowlan status version 11 (bsc#1187495). - iwlwifi: mvm: d3: support GCMP ciphers (bsc#1187495). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: mvm: do not check if CSA event is running before removing (bsc#1187495). - iwlwifi: mvm: do not send a CSA command the firmware does not know (bsc#1187495). - iwlwifi: mvm: fix error print when session protection ends (git-fixes). - iwlwifi: mvm: fix suspicious rcu usage warnings (bsc#1187495). - iwlwifi: mvm: fix the type we use in the PPAG table validity checks (bsc#1187495). - iwlwifi: mvm: get number of stations from TLV (bsc#1187495). - iwlwifi: mvm: ignore the scan duration parameter (bsc#1187495). - iwlwifi: mvm: initiator: add option for adding a PASN responder (bsc#1187495). - iwlwifi: mvm: location: set the HLTK when PASN station is added (bsc#1187495). - iwlwifi: mvm: ops: Remove unused static struct 'iwl_mvm_debug_names' (bsc#1187495). - iwlwifi: mvm: prepare roc_done_wk to work sync (bsc#1187495). - iwlwifi: mvm: process ba-notifications also when sta rcu is invalid (bsc#1187495). - iwlwifi: mvm: re-enable TX after channel switch (bsc#1187495). - iwlwifi: mvm: read and parse SKU ID if available (bsc#1187495). - iwlwifi: mvm: remove memset of kek_kck command (bsc#1187495). - iwlwifi: mvm: remove redundant log in iwl_mvm_tvqm_enable_txq() (bsc#1187495). - iwlwifi: mvm: remove redundant support_umac_log field (bsc#1187495). - iwlwifi: mvm: responder: allow to set only the HLTK for an associated station (bsc#1187495). - iwlwifi: mvm: ring the doorbell and wait for PNVM load completion (bsc#1187495). - iwlwifi: mvm: rs-fw: handle VHT extended NSS capability (bsc#1187495). - iwlwifi: mvm: send stored PPAG command instead of local (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT feature if supported by firmware (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT in MAC data policy (bsc#1187495). - iwlwifi: mvm: set enabled in the PPAG command properly (bsc#1187495). - iwlwifi: mvm: stop claiming NL80211_EXT_FEATURE_SET_SCAN_DWELL (bsc#1187495). - iwlwifi: mvm: store PPAG enabled/disabled flag properly (bsc#1187495). - iwlwifi: mvm: support ADD_STA_CMD_API_S ver 12 (bsc#1187495). - iwlwifi: mvm: support more GTK rekeying algorithms (bsc#1187495). - iwlwifi: mvm: support new KEK KCK api (bsc#1187495). - iwlwifi: mvm: tx: Demote misuse of kernel-doc headers (bsc#1187495). - iwlwifi: mvm: use CHECKSUM_COMPLETE (bsc#1187495). - iwlwifi: mvm: utils: Fix some doc-rot (bsc#1187495). - iwlwifi: pcie: avoid potential PNVM leaks (bsc#1187495). - iwlwifi: pcie: do not disable interrupts for reg_lock (bsc#1187495). - iwlwifi: pcie: fix context info freeing (git-fixes). - iwlwifi: pcie: fix the xtal latency value for a few qu devices (bsc#1187495). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - iwlwifi: pcie: implement set_pnvm op (bsc#1187495). - iwlwifi: pcie: make iwl_pcie_txq_update_byte_cnt_tbl bus independent (bsc#1187495). - iwlwifi: pcie: properly set LTR workarounds on 22000 devices (bsc#1187495). - iwlwifi: phy-ctxt: add new API VER 3 for phy context cmd (bsc#1187495). - iwlwifi: pnvm: do not skip everything when not reloading (bsc#1187495). - iwlwifi: pnvm: do not try to load after failures (bsc#1187495). - iwlwifi: pnvm: increment the pointer before checking the TLV (bsc#1187495). - iwlwifi: pnvm: set the PNVM again if it was already loaded (bsc#1187495). - iwlwifi: provide gso_type to GSO packets (bsc#1187495). - iwlwifi: queue: bail out on invalid freeing (bsc#1187495). - iwlwifi: read and parse PNVM file (bsc#1187495). - iwlwifi: regulatory: regulatory capabilities api change (bsc#1187495). - iwlwifi: remove iwl_validate_sar_geo_profile() export (bsc#1187495). - iwlwifi: remove wide_cmd_header field (bsc#1187495). - iwlwifi: rs: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: rs: align to new TLC config command API (bsc#1187495). - iwlwifi: rs: set RTS protection for all non legacy rates (bsc#1187495). - iwlwifi: sta: defer ADDBA transmit in case reclaimed SN != next SN (bsc#1187495). - iwlwifi: stats: add new api fields for statistics cmd/ntfy (bsc#1187495). - iwlwifi: support REDUCE_TX_POWER_CMD version 6 (bsc#1187495). - iwlwifi: support version 3 of GEO_TX_POWER_LIMIT (bsc#1187495). - iwlwifi: support version 5 of the alive notification (bsc#1187495). - iwlwifi: thermal: support new temperature measurement API (bsc#1187495). - iwlwifi: update prph scratch structure to include PNVM data (bsc#1187495). - iwlwifi: use correct group for alive notification (bsc#1187495). - iwlwifi: wowlan: adapt to wowlan status API version 10 (bsc#1187495). - iwlwifi: yoyo: add support for internal buffer allocation in D3 (bsc#1187495). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - kABI compatibility fix for max98373_priv struct (git-fixes). - kABI workaround for btintel symbol changes (bsc#1188893). - kABI workaround for intel_th_driver (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - kabi/severities: ignore kABI of iwlwifi symbols (bsc#1187495) iwlwifi driver consists of several modules and all exported symbols are internal uses. Let's ignore kABI checks of those. - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: class: The -ENOTSUPP should never be seen by user space (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - mac80211: consider per-CPU statistics if present (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - mac80211: reset profile_periodicity/ema_ap (git-fixes). - mac80211_hwsim: add concurrent channels scanning support over virtio (git-fixes). - mac80211_hwsim: drop pending frames on stop (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: I2C: change 'RST' to 'RSET' to fix multiple build errors (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: siano: fix device register error path (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: fix fixed-rate tx status reporting (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: mt7915: fix IEEE80211_HE_PHY_CAP7_MAX_NC for station mode (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mvpp2: suppress warning (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net/sched: act_ct: remove and free nf_table callbacks (jsc#SLE-15172). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: fec_ptp: fix issue caused by refactor the fec_devtype (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: ipw2x00,iwlegacy,iwlwifi: Remove in_interrupt() from debug macros (bsc#1187495). - net: iwlwifi: Remove in_interrupt() from tracing macro (bsc#1187495). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - net: phy: fix save wrong speed and duplex problem if autoneg is on (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: phy: realtek: add delay to fix RXC generation issue (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (bsc#1176447). - nfc: nfcsim: fix use after free during module unload (git-fixes). - nvme-rdma: fix in-casule data send for chained sgls (git-fixes). - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes). - nvme-tcp: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - prctl: PR_{G,S}ET_IO_FLUSHER to support controlling memory reclaim (bsc#1188752). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - replaced with upstream security mitigation cleanup - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - rtw88: 8822c: fix lc calibration timing (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - scsi: ibmvfc: Fix command state accounting and stale response detection (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: 8250_pci: Add support for new HPE serial device (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes). - sfp: Fix error handing in sfp_probe() (git-fixes). - skbuff: Fix build with SKB extensions disabled (jsc#SLE-15172). - skbuff: Release nfct refcount on napi stolen or re-used skbs (jsc#SLE-15172). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - thermal/drivers/int340x/processor_thermal: Fix tcc setting (git-fixes). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - thunderbolt: Bond lanes only when dual_link_port != NULL in alloc_dev_default() (git-fixes). - timers: Fix get_next_timer_interrupt() with no timers pending (git-fixes) - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing/histograms: Fix parsing of 'sym-offset' modifier (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify & fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix 'op-sink-microwatt' default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: update power supply once partner accepts (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - vfio/pci: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: carl9170: fix LEDS build errors & warnings (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: Fix xfrm offload fallback fail case (bsc#1176447). - xfrm: delete xfrm4_output_finish xfrm6_output_finish declarations (bsc#1176447). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). - xhci: solve a double free problem while doing s4 (git-fixes). - xsk: Fix missing validation for skb and unaligned mode (jsc#SLE-13706). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2760-1 Released: Tue Aug 17 17:11:14 2021 Summary: Security update for c-ares Type: security Severity: important References: 1188881,CVE-2021-3672 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2786-1 Released: Fri Aug 20 02:02:23 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1057452,1188287 This update for bash fixes the following issues: - Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2805-1 Released: Mon Aug 23 07:01:37 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1185615,1185646,1187115,1187470,1187774 This update for dracut fixes the following issues: - Correct man pages regarding the 'INITRD_MODULES' as some parts already invalid. (bsc#1187115) - Fixed an issue when running mkinitrd inproper arch is being expanded. (bsc#1185615) - Fix for 'suse-initrd' exclude modules that are built-in to prevent failing modules to be installed. (bsc#1185646) - Fix informing on usage of obsolete -f parameter. (bsc#1187470) - Fix reference to 'insmodpost module' in the documentation. (bsc#1187774) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2809-1 Released: Mon Aug 23 12:12:31 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1166028,1171962,1184994,1185972,1188063,CVE-2020-13529,CVE-2021-33910 This update for systemd fixes the following issues: - Updated to version 246.15 - CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063) - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] From sle-updates at lists.suse.com Thu Sep 2 10:17:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 12:17:49 +0200 (CEST) Subject: SUSE-RU-2021:2910-1: moderate: Recommended update for resource-agents Message-ID: <20210902101749.6D5E9F799@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2910-1 Rating: moderate References: #1189535 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed an issue when SAP Instance fails to detect SAP unit files for 'systemd'. (bsc#1189535) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-2910=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ldirectord-4.4.0+git57.70549516-3.36.1 resource-agents-4.4.0+git57.70549516-3.36.1 resource-agents-debuginfo-4.4.0+git57.70549516-3.36.1 resource-agents-debugsource-4.4.0+git57.70549516-3.36.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): monitoring-plugins-metadata-4.4.0+git57.70549516-3.36.1 References: https://bugzilla.suse.com/1189535 From sle-updates at lists.suse.com Thu Sep 2 13:17:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:17:08 +0200 (CEST) Subject: SUSE-SU-2021:2912-1: moderate: Security update for apache2-mod_auth_mellon Message-ID: <20210902131708.7847EF799@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_auth_mellon ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2912-1 Rating: moderate References: #1188926 Cross-References: CVE-2021-3639 CVSS scores: CVE-2021-3639 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_auth_mellon fixes the following issues: - CVE-2021-3639: Fixed Open Redirect vulnerability in logout URLs (bsc#1188926). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2912=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.16.0-8.6.1 References: https://www.suse.com/security/cve/CVE-2021-3639.html https://bugzilla.suse.com/1188926 From sle-updates at lists.suse.com Thu Sep 2 13:21:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:21:30 +0200 (CEST) Subject: SUSE-RU-2021:2911-1: important: Recommended update for corosync Message-ID: <20210902132130.38BFDF799@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2911-1 Rating: important References: #1189680 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for corosync fixes the following issue: - Add 'cancel_hold_on_retransmit' config option on corosync totem (bsc#1189680) - This option allows Corosync to hold the token by representative when there are too many retransmit messages. This allows the network to process increased load without overloading it. The used mechanism is same as described for the hold directive. Some deployments may prefer to never hold token when there is retransmit messages. If so, the option should be set to yes. The default value is no. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-2911=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): corosync-2.4.5-5.13.1 corosync-debuginfo-2.4.5-5.13.1 corosync-debugsource-2.4.5-5.13.1 corosync-qdevice-2.4.5-5.13.1 corosync-qdevice-debuginfo-2.4.5-5.13.1 corosync-qnetd-2.4.5-5.13.1 corosync-qnetd-debuginfo-2.4.5-5.13.1 corosync-testagents-2.4.5-5.13.1 corosync-testagents-debuginfo-2.4.5-5.13.1 libcfg6-2.4.5-5.13.1 libcfg6-debuginfo-2.4.5-5.13.1 libcmap4-2.4.5-5.13.1 libcmap4-debuginfo-2.4.5-5.13.1 libcorosync-devel-2.4.5-5.13.1 libcorosync_common4-2.4.5-5.13.1 libcorosync_common4-debuginfo-2.4.5-5.13.1 libcpg4-2.4.5-5.13.1 libcpg4-debuginfo-2.4.5-5.13.1 libquorum5-2.4.5-5.13.1 libquorum5-debuginfo-2.4.5-5.13.1 libsam4-2.4.5-5.13.1 libsam4-debuginfo-2.4.5-5.13.1 libtotem_pg5-2.4.5-5.13.1 libtotem_pg5-debuginfo-2.4.5-5.13.1 libvotequorum8-2.4.5-5.13.1 libvotequorum8-debuginfo-2.4.5-5.13.1 References: https://bugzilla.suse.com/1189680 From sle-updates at lists.suse.com Thu Sep 2 13:22:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:22:46 +0200 (CEST) Subject: SUSE-SU-2021:2917-1: important: Security update for libesmtp Message-ID: <20210902132246.F1E35F799@maintenance.suse.de> SUSE Security Update: Security update for libesmtp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2917-1 Rating: important References: #1160462 #1189097 Cross-References: CVE-2019-19977 CVSS scores: CVE-2019-19977 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-19977 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libesmtp fixes the following issues: - CVE-2019-19977: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2917=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2917=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2917=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2917=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2917=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2917=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2917=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2917=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2917=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2917=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2917=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2917=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2917=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 - SUSE OpenStack Cloud 9 (x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 - SUSE OpenStack Cloud 8 (x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 libesmtp-devel-1.0.6-17.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 - HPE Helion Openstack 8 (x86_64): libesmtp-1.0.6-17.3.1 libesmtp-debuginfo-1.0.6-17.3.1 libesmtp-debugsource-1.0.6-17.3.1 References: https://www.suse.com/security/cve/CVE-2019-19977.html https://bugzilla.suse.com/1160462 https://bugzilla.suse.com/1189097 From sle-updates at lists.suse.com Thu Sep 2 13:24:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:24:09 +0200 (CEST) Subject: SUSE-SU-2021:2923-1: important: Security update for xen Message-ID: <20210902132409.9E579F799@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2923-1 Rating: important References: #1027519 #1176189 #1179246 #1183243 #1183877 #1185682 #1186428 #1186429 #1186433 #1186434 #1187406 #1188050 #1189373 #1189376 #1189378 #1189380 #1189381 #1189882 Cross-References: CVE-2021-0089 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVSS scores: CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-28694 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28695 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28696 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28698 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28699 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28700 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 7 fixes is now available. Description: This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed "Panic on CPU 0: IO-APIC + timer doesn't work!" (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Some long deprecated commands were finally removed in qemu6. Adjust libxl to use supported commands (bsc#1183243). - Update logrotate.conf, move global options into per-file sections to prevent globbering of global state (bsc#1187406). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2923=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2923=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.2_04-3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.2_04-3.9.1 xen-debugsource-4.14.2_04-3.9.1 xen-devel-4.14.2_04-3.9.1 xen-tools-4.14.2_04-3.9.1 xen-tools-debuginfo-4.14.2_04-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.2_04-3.9.1 xen-libs-4.14.2_04-3.9.1 xen-libs-debuginfo-4.14.2_04-3.9.1 xen-tools-domU-4.14.2_04-3.9.1 xen-tools-domU-debuginfo-4.14.2_04-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-0089.html https://www.suse.com/security/cve/CVE-2021-28690.html https://www.suse.com/security/cve/CVE-2021-28692.html https://www.suse.com/security/cve/CVE-2021-28693.html https://www.suse.com/security/cve/CVE-2021-28694.html https://www.suse.com/security/cve/CVE-2021-28695.html https://www.suse.com/security/cve/CVE-2021-28696.html https://www.suse.com/security/cve/CVE-2021-28697.html https://www.suse.com/security/cve/CVE-2021-28698.html https://www.suse.com/security/cve/CVE-2021-28699.html https://www.suse.com/security/cve/CVE-2021-28700.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1176189 https://bugzilla.suse.com/1179246 https://bugzilla.suse.com/1183243 https://bugzilla.suse.com/1183877 https://bugzilla.suse.com/1185682 https://bugzilla.suse.com/1186428 https://bugzilla.suse.com/1186429 https://bugzilla.suse.com/1186433 https://bugzilla.suse.com/1186434 https://bugzilla.suse.com/1187406 https://bugzilla.suse.com/1188050 https://bugzilla.suse.com/1189373 https://bugzilla.suse.com/1189376 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189380 https://bugzilla.suse.com/1189381 https://bugzilla.suse.com/1189882 From sle-updates at lists.suse.com Thu Sep 2 13:27:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:27:30 +0200 (CEST) Subject: SUSE-SU-2021:2915-1: moderate: Security update for gstreamer-plugins-good Message-ID: <20210902132730.A08A2F799@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2915-1 Rating: moderate References: #1184735 #1184739 Cross-References: CVE-2021-3497 CVE-2021-3498 CVSS scores: CVE-2021-3497 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3497 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3498 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3498 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following issues: - CVE-2021-3498: Matroskademux: initialize track context out parameter to NULL before parsing (bsc#1184735). - CVE-2021-3497: Matroskademux: Fix extraction of multichannel WavPack (bsc#1184739). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2915=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2915=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.16.3-3.6.1 gstreamer-plugins-good-debuginfo-1.16.3-3.6.1 gstreamer-plugins-good-debugsource-1.16.3-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): gstreamer-plugins-good-lang-1.16.3-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.16.3-3.6.1 gstreamer-plugins-good-debuginfo-1.16.3-3.6.1 gstreamer-plugins-good-debugsource-1.16.3-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): gstreamer-plugins-good-lang-1.16.3-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-3497.html https://www.suse.com/security/cve/CVE-2021-3498.html https://bugzilla.suse.com/1184735 https://bugzilla.suse.com/1184739 From sle-updates at lists.suse.com Thu Sep 2 13:28:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:28:46 +0200 (CEST) Subject: SUSE-SU-2021:2916-1: moderate: Security update for gstreamer-plugins-good Message-ID: <20210902132846.2ABF9F799@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2916-1 Rating: moderate References: #1184739 Cross-References: CVE-2021-3497 CVSS scores: CVE-2021-3497 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3497 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-plugins-good fixes the following issues: - CVE-2021-3497: Matroskademux: Fix extraction of multichannel WavPack (bsc#1184739). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2916=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.8.3-16.3.1 gstreamer-plugins-good-debuginfo-1.8.3-16.3.1 gstreamer-plugins-good-debugsource-1.8.3-16.3.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): gstreamer-plugins-good-lang-1.8.3-16.3.1 References: https://www.suse.com/security/cve/CVE-2021-3497.html https://bugzilla.suse.com/1184739 From sle-updates at lists.suse.com Thu Sep 2 13:29:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:29:52 +0200 (CEST) Subject: SUSE-SU-2021:2914-1: important: Security update for rubygem-puma Message-ID: <20210902132952.14F29F799@maintenance.suse.de> SUSE Security Update: Security update for rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2914-1 Rating: important References: #1188527 Cross-References: CVE-2021-29509 CVSS scores: CVE-2021-29509 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29509 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-puma fixes the following issues: - CVE-2021-29509: Incomplete fix for CVE-2019-16770 allows Denial of Service (bsc#1188527) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2914=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-puma-2.16.0-4.12.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-4.12.1 rubygem-puma-debugsource-2.16.0-4.12.1 References: https://www.suse.com/security/cve/CVE-2021-29509.html https://bugzilla.suse.com/1188527 From sle-updates at lists.suse.com Thu Sep 2 13:31:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:31:06 +0200 (CEST) Subject: SUSE-SU-2021:2920-1: important: Security update for xerces-c Message-ID: <20210902133106.524E4F799@maintenance.suse.de> SUSE Security Update: Security update for xerces-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2920-1 Rating: important References: #1159552 Cross-References: CVE-2018-1311 CVSS scores: CVE-2018-1311 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1311 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs (bsc#1159552). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2920=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2920=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2920=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2920=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2920=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2920=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2920=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2920=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2920=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2920=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2920=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2920=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2920=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Manager Proxy 4.0 (x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 - SUSE CaaS Platform 4.0 (x86_64): libxerces-c-3_1-3.1.4-3.6.1 libxerces-c-3_1-debuginfo-3.1.4-3.6.1 libxerces-c-devel-3.1.4-3.6.1 xerces-c-debuginfo-3.1.4-3.6.1 xerces-c-debugsource-3.1.4-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-1311.html https://bugzilla.suse.com/1159552 From sle-updates at lists.suse.com Thu Sep 2 13:32:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:32:27 +0200 (CEST) Subject: SUSE-SU-2021:2913-1: important: Security update for openexr Message-ID: <20210902133227.CC3A1F799@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2913-1 Rating: important References: #1188457 #1188458 #1188459 #1188460 #1188461 #1188462 Cross-References: CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 CVSS scores: CVE-2021-20298 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20299 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20300 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20302 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20303 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2021-20304 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3476 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3476 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for openexr fixes the following issues: - CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor - CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator - CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress - CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot - CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer - CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2913=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2913=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2913=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2913=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-2913=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2913=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2913=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2913=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2913=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2913=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2913=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2913=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2913=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2913=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - SUSE OpenStack Cloud 9 (x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - SUSE OpenStack Cloud 8 (x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libIlmImf-Imf_2_1-21-32bit-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 openexr-devel-2.1.0-6.37.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 - HPE Helion Openstack 8 (x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.37.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.37.1 openexr-2.1.0-6.37.1 openexr-debuginfo-2.1.0-6.37.1 openexr-debugsource-2.1.0-6.37.1 References: https://www.suse.com/security/cve/CVE-2021-20298.html https://www.suse.com/security/cve/CVE-2021-20299.html https://www.suse.com/security/cve/CVE-2021-20300.html https://www.suse.com/security/cve/CVE-2021-20302.html https://www.suse.com/security/cve/CVE-2021-20303.html https://www.suse.com/security/cve/CVE-2021-20304.html https://www.suse.com/security/cve/CVE-2021-3476.html https://bugzilla.suse.com/1188457 https://bugzilla.suse.com/1188458 https://bugzilla.suse.com/1188459 https://bugzilla.suse.com/1188460 https://bugzilla.suse.com/1188461 https://bugzilla.suse.com/1188462 From sle-updates at lists.suse.com Thu Sep 2 13:34:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:34:23 +0200 (CEST) Subject: SUSE-SU-2021:2919-1: important: Security update for ffmpeg Message-ID: <20210902133423.6FAE4F799@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2919-1 Rating: important References: #1129714 #1186849 #1186859 #1186861 #1186863 #1189142 #1189348 #1189350 Cross-References: CVE-2019-9721 CVE-2020-21688 CVE-2020-21697 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049 CVE-2020-22054 CVE-2021-38114 CVSS scores: CVE-2019-9721 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-9721 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-21688 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-21697 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22046 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22046 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-22048 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22048 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-22049 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22049 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-22054 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22054 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38114 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for ffmpeg fixes the following issues: - CVE-2019-9721: Fix denial of service in the subtitle decoder in handle_open_brace from libavcodec/htmlsubtitles.c (bsc#1129714). - CVE-2020-22046: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c (bsc#1186849). - CVE-2020-22048: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c (bsc#1186859). - CVE-2020-22049: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c (bsc#1186861). - CVE-2020-22054: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c (bsc#1186863). - CVE-2020-21688: Fixed a heap-use-after-free in the av_freep function in libavutil/mem.c (bsc#1189348). - CVE-2020-21697: Fixed a heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c (bsc#1189350). - CVE-2021-38114: Fixed a not checked return value of the init_vlc function (bsc#1189142). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-2919=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-2919=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2919=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-2919=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2919=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2919=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): ffmpeg-debuginfo-3.4.2-11.8.2 ffmpeg-debugsource-3.4.2-11.8.2 libavcodec-devel-3.4.2-11.8.2 libavformat-devel-3.4.2-11.8.2 libavresample-devel-3.4.2-11.8.2 libavresample3-3.4.2-11.8.2 libavresample3-debuginfo-3.4.2-11.8.2 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): ffmpeg-debuginfo-3.4.2-11.8.2 ffmpeg-debugsource-3.4.2-11.8.2 libavcodec-devel-3.4.2-11.8.2 libavformat-devel-3.4.2-11.8.2 libavresample-devel-3.4.2-11.8.2 libavresample3-3.4.2-11.8.2 libavresample3-debuginfo-3.4.2-11.8.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-11.8.2 ffmpeg-debuginfo-3.4.2-11.8.2 ffmpeg-debugsource-3.4.2-11.8.2 libavdevice57-3.4.2-11.8.2 libavdevice57-debuginfo-3.4.2-11.8.2 libavfilter6-3.4.2-11.8.2 libavfilter6-debuginfo-3.4.2-11.8.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-11.8.2 ffmpeg-debuginfo-3.4.2-11.8.2 ffmpeg-debugsource-3.4.2-11.8.2 libavdevice57-3.4.2-11.8.2 libavdevice57-debuginfo-3.4.2-11.8.2 libavfilter6-3.4.2-11.8.2 libavfilter6-debuginfo-3.4.2-11.8.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-11.8.2 ffmpeg-debugsource-3.4.2-11.8.2 libavcodec57-3.4.2-11.8.2 libavcodec57-debuginfo-3.4.2-11.8.2 libavformat57-3.4.2-11.8.2 libavformat57-debuginfo-3.4.2-11.8.2 libavresample-devel-3.4.2-11.8.2 libavresample3-3.4.2-11.8.2 libavresample3-debuginfo-3.4.2-11.8.2 libavutil-devel-3.4.2-11.8.2 libavutil55-3.4.2-11.8.2 libavutil55-debuginfo-3.4.2-11.8.2 libpostproc-devel-3.4.2-11.8.2 libpostproc54-3.4.2-11.8.2 libpostproc54-debuginfo-3.4.2-11.8.2 libswresample-devel-3.4.2-11.8.2 libswresample2-3.4.2-11.8.2 libswresample2-debuginfo-3.4.2-11.8.2 libswscale-devel-3.4.2-11.8.2 libswscale4-3.4.2-11.8.2 libswscale4-debuginfo-3.4.2-11.8.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64_ilp32): libavresample3-64bit-3.4.2-11.8.2 libavresample3-64bit-debuginfo-3.4.2-11.8.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 i586 ppc64le s390x x86_64): libavresample-devel-3.4.2-11.8.2 libavresample3-3.4.2-11.8.2 libavresample3-debuginfo-3.4.2-11.8.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-11.8.2 ffmpeg-debugsource-3.4.2-11.8.2 libavcodec57-3.4.2-11.8.2 libavcodec57-debuginfo-3.4.2-11.8.2 libavformat57-3.4.2-11.8.2 libavformat57-debuginfo-3.4.2-11.8.2 libavutil-devel-3.4.2-11.8.2 libavutil55-3.4.2-11.8.2 libavutil55-debuginfo-3.4.2-11.8.2 libpostproc-devel-3.4.2-11.8.2 libpostproc54-3.4.2-11.8.2 libpostproc54-debuginfo-3.4.2-11.8.2 libswresample-devel-3.4.2-11.8.2 libswresample2-3.4.2-11.8.2 libswresample2-debuginfo-3.4.2-11.8.2 libswscale-devel-3.4.2-11.8.2 libswscale4-3.4.2-11.8.2 libswscale4-debuginfo-3.4.2-11.8.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): libavresample3-32bit-3.4.2-11.8.2 libavresample3-32bit-debuginfo-3.4.2-11.8.2 References: https://www.suse.com/security/cve/CVE-2019-9721.html https://www.suse.com/security/cve/CVE-2020-21688.html https://www.suse.com/security/cve/CVE-2020-21697.html https://www.suse.com/security/cve/CVE-2020-22046.html https://www.suse.com/security/cve/CVE-2020-22048.html https://www.suse.com/security/cve/CVE-2020-22049.html https://www.suse.com/security/cve/CVE-2020-22054.html https://www.suse.com/security/cve/CVE-2021-38114.html https://bugzilla.suse.com/1129714 https://bugzilla.suse.com/1186849 https://bugzilla.suse.com/1186859 https://bugzilla.suse.com/1186861 https://bugzilla.suse.com/1186863 https://bugzilla.suse.com/1189142 https://bugzilla.suse.com/1189348 https://bugzilla.suse.com/1189350 From sle-updates at lists.suse.com Thu Sep 2 13:36:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:36:30 +0200 (CEST) Subject: SUSE-SU-2021:2918-1: important: Security update for apache2 Message-ID: <20210902133630.A369FF799@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2918-1 Rating: important References: #1189387 Cross-References: CVE-2021-33193 CVSS scores: CVE-2021-33193 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2 fixes the following issues: - CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and mod_proxy (bsc#1189387). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2918=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2918=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.77.2 apache2-debugsource-2.4.23-29.77.2 apache2-devel-2.4.23-29.77.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.77.2 apache2-debuginfo-2.4.23-29.77.2 apache2-debugsource-2.4.23-29.77.2 apache2-example-pages-2.4.23-29.77.2 apache2-prefork-2.4.23-29.77.2 apache2-prefork-debuginfo-2.4.23-29.77.2 apache2-utils-2.4.23-29.77.2 apache2-utils-debuginfo-2.4.23-29.77.2 apache2-worker-2.4.23-29.77.2 apache2-worker-debuginfo-2.4.23-29.77.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache2-doc-2.4.23-29.77.2 References: https://www.suse.com/security/cve/CVE-2021-33193.html https://bugzilla.suse.com/1189387 From sle-updates at lists.suse.com Thu Sep 2 13:37:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:37:42 +0200 (CEST) Subject: SUSE-SU-2021:2922-1: important: Security update for xen Message-ID: <20210902133742.766B7F799@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2922-1 Rating: important References: #1027519 #1137251 #1176189 #1179148 #1179246 #1180491 #1181989 #1183877 #1185682 #1186428 #1186429 #1186433 #1186434 #1188050 #1189373 #1189376 #1189378 #1189380 #1189381 #1189882 Cross-References: CVE-2021-0089 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVSS scores: CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-28694 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28695 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28696 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28698 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28699 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28700 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 9 fixes is now available. Description: This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed "Panic on CPU 0: IO-APIC + timer doesn't work!" (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2922=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2922=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2922=1 Package List: - SUSE MicroOS 5.0 (x86_64): xen-debugsource-4.13.3_02-3.34.1 xen-libs-4.13.3_02-3.34.1 xen-libs-debuginfo-4.13.3_02-3.34.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.3_02-3.34.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): xen-4.13.3_02-3.34.1 xen-debugsource-4.13.3_02-3.34.1 xen-devel-4.13.3_02-3.34.1 xen-tools-4.13.3_02-3.34.1 xen-tools-debuginfo-4.13.3_02-3.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): xen-debugsource-4.13.3_02-3.34.1 xen-libs-4.13.3_02-3.34.1 xen-libs-debuginfo-4.13.3_02-3.34.1 xen-tools-domU-4.13.3_02-3.34.1 xen-tools-domU-debuginfo-4.13.3_02-3.34.1 References: https://www.suse.com/security/cve/CVE-2021-0089.html https://www.suse.com/security/cve/CVE-2021-28690.html https://www.suse.com/security/cve/CVE-2021-28692.html https://www.suse.com/security/cve/CVE-2021-28693.html https://www.suse.com/security/cve/CVE-2021-28694.html https://www.suse.com/security/cve/CVE-2021-28695.html https://www.suse.com/security/cve/CVE-2021-28696.html https://www.suse.com/security/cve/CVE-2021-28697.html https://www.suse.com/security/cve/CVE-2021-28698.html https://www.suse.com/security/cve/CVE-2021-28699.html https://www.suse.com/security/cve/CVE-2021-28700.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1137251 https://bugzilla.suse.com/1176189 https://bugzilla.suse.com/1179148 https://bugzilla.suse.com/1179246 https://bugzilla.suse.com/1180491 https://bugzilla.suse.com/1181989 https://bugzilla.suse.com/1183877 https://bugzilla.suse.com/1185682 https://bugzilla.suse.com/1186428 https://bugzilla.suse.com/1186429 https://bugzilla.suse.com/1186433 https://bugzilla.suse.com/1186434 https://bugzilla.suse.com/1188050 https://bugzilla.suse.com/1189373 https://bugzilla.suse.com/1189376 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189380 https://bugzilla.suse.com/1189381 https://bugzilla.suse.com/1189882 From sle-updates at lists.suse.com Thu Sep 2 13:41:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 15:41:15 +0200 (CEST) Subject: SUSE-SU-2021:2924-1: important: Security update for xen Message-ID: <20210902134115.13C05F799@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2924-1 Rating: important References: #1027519 #1179246 #1180491 #1180846 #1182654 #1183243 #1185682 #1186428 #1186429 #1186433 #1186434 #1187369 #1187376 #1187378 #1188050 #1189373 #1189376 #1189378 #1189380 #1189381 #1189882 Cross-References: CVE-2021-0089 CVE-2021-20255 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVSS scores: CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-28694 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28695 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28696 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28698 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28699 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28700 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 6 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). - CVE-2021-3592: slirp: invalid pointer initialization may lead to information disclosure (bootp)(bsc#1187369). - CVE-2021-3594: slirp: invalid pointer initialization may lead to information disclosure (udp)(bsc#1187378). - CVE-2021-3595: slirp: invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187376). Other issues fixed: - Fixed "Panic on CPU 0: IO-APIC + timer doesn't work!" (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Upstream bug fixes (bsc#1027519) - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - Fixed PVHVM SLES12 SP5 - NMI Watchdog CPU Stuck (bsc#1180846). - Core cannot be opened when using xl dump-core of VM with PTF (bsc#1183243) - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2924=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2924=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_12-3.49.1 xen-devel-4.12.4_12-3.49.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_12-3.49.1 xen-debugsource-4.12.4_12-3.49.1 xen-doc-html-4.12.4_12-3.49.1 xen-libs-32bit-4.12.4_12-3.49.1 xen-libs-4.12.4_12-3.49.1 xen-libs-debuginfo-32bit-4.12.4_12-3.49.1 xen-libs-debuginfo-4.12.4_12-3.49.1 xen-tools-4.12.4_12-3.49.1 xen-tools-debuginfo-4.12.4_12-3.49.1 xen-tools-domU-4.12.4_12-3.49.1 xen-tools-domU-debuginfo-4.12.4_12-3.49.1 References: https://www.suse.com/security/cve/CVE-2021-0089.html https://www.suse.com/security/cve/CVE-2021-20255.html https://www.suse.com/security/cve/CVE-2021-28690.html https://www.suse.com/security/cve/CVE-2021-28692.html https://www.suse.com/security/cve/CVE-2021-28693.html https://www.suse.com/security/cve/CVE-2021-28694.html https://www.suse.com/security/cve/CVE-2021-28695.html https://www.suse.com/security/cve/CVE-2021-28696.html https://www.suse.com/security/cve/CVE-2021-28697.html https://www.suse.com/security/cve/CVE-2021-28698.html https://www.suse.com/security/cve/CVE-2021-28699.html https://www.suse.com/security/cve/CVE-2021-28700.html https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3594.html https://www.suse.com/security/cve/CVE-2021-3595.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1179246 https://bugzilla.suse.com/1180491 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1182654 https://bugzilla.suse.com/1183243 https://bugzilla.suse.com/1185682 https://bugzilla.suse.com/1186428 https://bugzilla.suse.com/1186429 https://bugzilla.suse.com/1186433 https://bugzilla.suse.com/1186434 https://bugzilla.suse.com/1187369 https://bugzilla.suse.com/1187376 https://bugzilla.suse.com/1187378 https://bugzilla.suse.com/1188050 https://bugzilla.suse.com/1189373 https://bugzilla.suse.com/1189376 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189380 https://bugzilla.suse.com/1189381 https://bugzilla.suse.com/1189882 From sle-updates at lists.suse.com Thu Sep 2 16:16:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 18:16:45 +0200 (CEST) Subject: SUSE-SU-2021:2929-1: important: Security update for ffmpeg Message-ID: <20210902161645.7552CFD0A@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2929-1 Rating: important References: #1129714 #1172640 #1186406 #1186583 #1186586 #1186587 #1186596 #1186597 #1186598 #1186600 #1186603 #1186604 #1186605 #1186613 #1186614 #1186615 #1186616 #1186658 #1186660 #1186757 #1186758 #1186762 #1186763 #1186849 #1186859 #1186861 #1186863 #1189142 #1189348 #1189350 Cross-References: CVE-2019-17539 CVE-2019-9721 CVE-2020-13904 CVE-2020-20448 CVE-2020-20451 CVE-2020-21041 CVE-2020-21688 CVE-2020-21697 CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22038 CVE-2020-22039 CVE-2020-22043 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049 CVE-2020-22054 CVE-2021-38114 CVSS scores: CVE-2019-17539 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-17539 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-9721 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-9721 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-13904 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-13904 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2020-20448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-20451 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-20451 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-21041 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-21688 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-21697 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22015 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-22015 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22016 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-22016 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-22017 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-22017 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22019 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22019 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22020 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22020 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22021 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22021 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22022 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-22022 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22023 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-22023 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22025 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-22025 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22026 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22026 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22031 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-22031 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22032 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22033 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22033 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22034 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-22034 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22038 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22039 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22043 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22044 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22046 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22046 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-22048 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22048 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-22049 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22049 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-22054 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22054 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38114 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: This update for ffmpeg fixes the following issues: - CVE-2019-9721: Fixed a denial of service in the subtitle decoder in handle_open_brace from libavcodec/htmlsubtitles.c (bsc#1129714). - CVE-2020-22046: Fixed a denial of service vulnerability due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c (bsc#1186849). - CVE-2020-22048: Fixed a denial of service vulnerability due to a memory leak in the ff_frame_pool_get function in framepool.c (bsc#1186859). - CVE-2020-22049: Fixed a denial of service vulnerability caused by a memory leak in the wtvfile_open_sector function in wtvdec.c (bsc#1186861). - CVE-2020-22054: Fixed a denial of service vulnerability due to a memory leak in the av_dict_set function in dict.c (bsc#1186863). - CVE-2020-13904: Fixed use-after-free via a crafted EXTINF duration in an m3u8 file (bsc#1172640). - CVE-2020-21041: Fixed buffer overflow vulnerability via apng_do_inverse_blend in libavcodec/pngenc.c (bsc#1186406). - CVE-2019-17539: Fixed NULL pointer dereference in avcodec_open2 in libavcodec/utils.c (bsc# 1154065). - CVE-2020-22026: Fixed buffer overflow vulnerability in config_input() at libavfilter/af_tremolo.c (bsc#1186583). - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586). - CVE-2020-22020: Fixed buffer overflow vulnerability in build_diff_map() in libavfilter/vf_fieldmatch.c (bsc#1186587). - CVE-2020-22015: Fixed buffer overflow vulnerability in mov_write_video_tag() due to the out of bounds in libavformat/movenc.c (bsc#1186596). - CVE-2020-22016: Fixed a heap-based Buffer Overflow vulnerability at libavcodec/get_bits.h when writing .mov files (bsc#1186598). - CVE-2020-22017: Fixed a heap-based Buffer Overflow vulnerability in ff_fill_rectangle() in libavfilter/drawutils.c (bsc#1186600). - CVE-2020-22022: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_fieldorder.c (bsc#1186603). - CVE-2020-22023: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_bitplanenoise.c (bsc#1186604) - CVE-2020-22025: Fixed a heap-based Buffer Overflow vulnerability in gaussian_blur at libavfilter/vf_edgedetect.c (bsc#1186605). - CVE-2020-22031: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_w3fdif.c in filter16_complex_low() (bsc#1186613). - CVE-2020-22032: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_edgedetect.c in gaussian_blur() (bsc#1186614). - CVE-2020-22034: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_floodfill.c (bsc#1186616). - CVE-2020-20451: Fixed denial of service issue due to resource management errors via fftools/cmdutils.c (bsc#1186658). - CVE-2020-20448: Fixed divide by zero issue via libavcodec/ratecontrol.c (bsc#1186660). - CVE-2020-22038: Fixed denial of service vulnerability due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c (bsc#1186757). - CVE-2020-22039: Fixed denial of service vulnerability due to a memory leak in the inavi_add_ientry function (bsc#1186758). - CVE-2020-22043: Fixed denial of service vulnerability due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c (bsc#1186762). - CVE-2020-22044: Fixed denial of service vulnerability due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c (bsc#1186763). - CVE-2020-22033,CVE-2020-22019: Fixed a heap-based Buffer Overflow Vulnerability at libavfilter/vf_vmafmotion.c in convolution_y_8bit() and in convolution_y_10bit() in libavfilter/vf_vmafmotion.c (bsc#1186615, bsc#1186597). - CVE-2020-21688: Fixed a heap-use-after-free in the av_freep function in libavutil/mem.c (bsc#1189348). - CVE-2020-21697: Fixed a heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c (bsc#1189350). - CVE-2021-38114: Fixed a not checked return value of the init_vlc function (bsc#1189142). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2929=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2929=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2929=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2929=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2929=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2929=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2929=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2929=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2929=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2929=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2929=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2929=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2929=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Manager Server 4.0 (x86_64): libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Manager Proxy 4.0 (x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 - SUSE Enterprise Storage 6 (x86_64): libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 - SUSE CaaS Platform 4.0 (x86_64): ffmpeg-debuginfo-3.4.2-4.34.2 ffmpeg-debugsource-3.4.2-4.34.2 libavcodec-devel-3.4.2-4.34.2 libavcodec57-3.4.2-4.34.2 libavcodec57-32bit-3.4.2-4.34.2 libavcodec57-32bit-debuginfo-3.4.2-4.34.2 libavcodec57-debuginfo-3.4.2-4.34.2 libavdevice-devel-3.4.2-4.34.2 libavdevice57-3.4.2-4.34.2 libavdevice57-32bit-3.4.2-4.34.2 libavdevice57-32bit-debuginfo-3.4.2-4.34.2 libavdevice57-debuginfo-3.4.2-4.34.2 libavfilter-devel-3.4.2-4.34.2 libavfilter6-3.4.2-4.34.2 libavfilter6-32bit-3.4.2-4.34.2 libavfilter6-32bit-debuginfo-3.4.2-4.34.2 libavfilter6-debuginfo-3.4.2-4.34.2 libavformat-devel-3.4.2-4.34.2 libavformat57-3.4.2-4.34.2 libavformat57-32bit-3.4.2-4.34.2 libavformat57-32bit-debuginfo-3.4.2-4.34.2 libavformat57-debuginfo-3.4.2-4.34.2 libavresample-devel-3.4.2-4.34.2 libavresample3-3.4.2-4.34.2 libavresample3-32bit-3.4.2-4.34.2 libavresample3-32bit-debuginfo-3.4.2-4.34.2 libavresample3-debuginfo-3.4.2-4.34.2 libavutil-devel-3.4.2-4.34.2 libavutil55-3.4.2-4.34.2 libavutil55-32bit-3.4.2-4.34.2 libavutil55-32bit-debuginfo-3.4.2-4.34.2 libavutil55-debuginfo-3.4.2-4.34.2 libpostproc-devel-3.4.2-4.34.2 libpostproc54-3.4.2-4.34.2 libpostproc54-32bit-3.4.2-4.34.2 libpostproc54-32bit-debuginfo-3.4.2-4.34.2 libpostproc54-debuginfo-3.4.2-4.34.2 libswresample-devel-3.4.2-4.34.2 libswresample2-3.4.2-4.34.2 libswresample2-32bit-3.4.2-4.34.2 libswresample2-32bit-debuginfo-3.4.2-4.34.2 libswresample2-debuginfo-3.4.2-4.34.2 libswscale-devel-3.4.2-4.34.2 libswscale4-3.4.2-4.34.2 libswscale4-32bit-3.4.2-4.34.2 libswscale4-32bit-debuginfo-3.4.2-4.34.2 libswscale4-debuginfo-3.4.2-4.34.2 References: https://www.suse.com/security/cve/CVE-2019-17539.html https://www.suse.com/security/cve/CVE-2019-9721.html https://www.suse.com/security/cve/CVE-2020-13904.html https://www.suse.com/security/cve/CVE-2020-20448.html https://www.suse.com/security/cve/CVE-2020-20451.html https://www.suse.com/security/cve/CVE-2020-21041.html https://www.suse.com/security/cve/CVE-2020-21688.html https://www.suse.com/security/cve/CVE-2020-21697.html https://www.suse.com/security/cve/CVE-2020-22015.html https://www.suse.com/security/cve/CVE-2020-22016.html https://www.suse.com/security/cve/CVE-2020-22017.html https://www.suse.com/security/cve/CVE-2020-22019.html https://www.suse.com/security/cve/CVE-2020-22020.html https://www.suse.com/security/cve/CVE-2020-22021.html https://www.suse.com/security/cve/CVE-2020-22022.html https://www.suse.com/security/cve/CVE-2020-22023.html https://www.suse.com/security/cve/CVE-2020-22025.html https://www.suse.com/security/cve/CVE-2020-22026.html https://www.suse.com/security/cve/CVE-2020-22031.html https://www.suse.com/security/cve/CVE-2020-22032.html https://www.suse.com/security/cve/CVE-2020-22033.html https://www.suse.com/security/cve/CVE-2020-22034.html https://www.suse.com/security/cve/CVE-2020-22038.html https://www.suse.com/security/cve/CVE-2020-22039.html https://www.suse.com/security/cve/CVE-2020-22043.html https://www.suse.com/security/cve/CVE-2020-22044.html https://www.suse.com/security/cve/CVE-2020-22046.html https://www.suse.com/security/cve/CVE-2020-22048.html https://www.suse.com/security/cve/CVE-2020-22049.html https://www.suse.com/security/cve/CVE-2020-22054.html https://www.suse.com/security/cve/CVE-2021-38114.html https://bugzilla.suse.com/1129714 https://bugzilla.suse.com/1172640 https://bugzilla.suse.com/1186406 https://bugzilla.suse.com/1186583 https://bugzilla.suse.com/1186586 https://bugzilla.suse.com/1186587 https://bugzilla.suse.com/1186596 https://bugzilla.suse.com/1186597 https://bugzilla.suse.com/1186598 https://bugzilla.suse.com/1186600 https://bugzilla.suse.com/1186603 https://bugzilla.suse.com/1186604 https://bugzilla.suse.com/1186605 https://bugzilla.suse.com/1186613 https://bugzilla.suse.com/1186614 https://bugzilla.suse.com/1186615 https://bugzilla.suse.com/1186616 https://bugzilla.suse.com/1186658 https://bugzilla.suse.com/1186660 https://bugzilla.suse.com/1186757 https://bugzilla.suse.com/1186758 https://bugzilla.suse.com/1186762 https://bugzilla.suse.com/1186763 https://bugzilla.suse.com/1186849 https://bugzilla.suse.com/1186859 https://bugzilla.suse.com/1186861 https://bugzilla.suse.com/1186863 https://bugzilla.suse.com/1189142 https://bugzilla.suse.com/1189348 https://bugzilla.suse.com/1189350 From sle-updates at lists.suse.com Thu Sep 2 16:21:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 18:21:26 +0200 (CEST) Subject: SUSE-SU-2021:2928-1: important: Security update for rubygem-addressable Message-ID: <20210902162126.89CFDFD0A@maintenance.suse.de> SUSE Security Update: Security update for rubygem-addressable ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2928-1 Rating: important References: #1188207 Cross-References: CVE-2021-32740 CVSS scores: CVE-2021-32740 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-addressable fixes the following issues: - CVE-2021-32740: Fixed denial of service via maliciously crafted templates (bsc#1188207). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2928=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-addressable-2.3.6-3.3.3 References: https://www.suse.com/security/cve/CVE-2021-32740.html https://bugzilla.suse.com/1188207 From sle-updates at lists.suse.com Thu Sep 2 16:22:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 18:22:36 +0200 (CEST) Subject: SUSE-SU-2021:2926-1: important: Security update for php72 Message-ID: <20210902162236.D97BEFD0A@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2926-1 Rating: important References: #1189591 Cross-References: CVE-2020-36193 CVSS scores: CVE-2020-36193 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-36193 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php72 fixes the following issues: - CVE-2020-36193: Fixed Archive_Tar directory traversal due to inadequate checking of symbolic links (bsc#1189591). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2926=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-2926=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.69.1 php72-debugsource-7.2.5-1.69.1 php72-devel-7.2.5-1.69.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.69.1 apache2-mod_php72-debuginfo-7.2.5-1.69.1 php72-7.2.5-1.69.1 php72-bcmath-7.2.5-1.69.1 php72-bcmath-debuginfo-7.2.5-1.69.1 php72-bz2-7.2.5-1.69.1 php72-bz2-debuginfo-7.2.5-1.69.1 php72-calendar-7.2.5-1.69.1 php72-calendar-debuginfo-7.2.5-1.69.1 php72-ctype-7.2.5-1.69.1 php72-ctype-debuginfo-7.2.5-1.69.1 php72-curl-7.2.5-1.69.1 php72-curl-debuginfo-7.2.5-1.69.1 php72-dba-7.2.5-1.69.1 php72-dba-debuginfo-7.2.5-1.69.1 php72-debuginfo-7.2.5-1.69.1 php72-debugsource-7.2.5-1.69.1 php72-dom-7.2.5-1.69.1 php72-dom-debuginfo-7.2.5-1.69.1 php72-enchant-7.2.5-1.69.1 php72-enchant-debuginfo-7.2.5-1.69.1 php72-exif-7.2.5-1.69.1 php72-exif-debuginfo-7.2.5-1.69.1 php72-fastcgi-7.2.5-1.69.1 php72-fastcgi-debuginfo-7.2.5-1.69.1 php72-fileinfo-7.2.5-1.69.1 php72-fileinfo-debuginfo-7.2.5-1.69.1 php72-fpm-7.2.5-1.69.1 php72-fpm-debuginfo-7.2.5-1.69.1 php72-ftp-7.2.5-1.69.1 php72-ftp-debuginfo-7.2.5-1.69.1 php72-gd-7.2.5-1.69.1 php72-gd-debuginfo-7.2.5-1.69.1 php72-gettext-7.2.5-1.69.1 php72-gettext-debuginfo-7.2.5-1.69.1 php72-gmp-7.2.5-1.69.1 php72-gmp-debuginfo-7.2.5-1.69.1 php72-iconv-7.2.5-1.69.1 php72-iconv-debuginfo-7.2.5-1.69.1 php72-imap-7.2.5-1.69.1 php72-imap-debuginfo-7.2.5-1.69.1 php72-intl-7.2.5-1.69.1 php72-intl-debuginfo-7.2.5-1.69.1 php72-json-7.2.5-1.69.1 php72-json-debuginfo-7.2.5-1.69.1 php72-ldap-7.2.5-1.69.1 php72-ldap-debuginfo-7.2.5-1.69.1 php72-mbstring-7.2.5-1.69.1 php72-mbstring-debuginfo-7.2.5-1.69.1 php72-mysql-7.2.5-1.69.1 php72-mysql-debuginfo-7.2.5-1.69.1 php72-odbc-7.2.5-1.69.1 php72-odbc-debuginfo-7.2.5-1.69.1 php72-opcache-7.2.5-1.69.1 php72-opcache-debuginfo-7.2.5-1.69.1 php72-openssl-7.2.5-1.69.1 php72-openssl-debuginfo-7.2.5-1.69.1 php72-pcntl-7.2.5-1.69.1 php72-pcntl-debuginfo-7.2.5-1.69.1 php72-pdo-7.2.5-1.69.1 php72-pdo-debuginfo-7.2.5-1.69.1 php72-pgsql-7.2.5-1.69.1 php72-pgsql-debuginfo-7.2.5-1.69.1 php72-phar-7.2.5-1.69.1 php72-phar-debuginfo-7.2.5-1.69.1 php72-posix-7.2.5-1.69.1 php72-posix-debuginfo-7.2.5-1.69.1 php72-pspell-7.2.5-1.69.1 php72-pspell-debuginfo-7.2.5-1.69.1 php72-readline-7.2.5-1.69.1 php72-readline-debuginfo-7.2.5-1.69.1 php72-shmop-7.2.5-1.69.1 php72-shmop-debuginfo-7.2.5-1.69.1 php72-snmp-7.2.5-1.69.1 php72-snmp-debuginfo-7.2.5-1.69.1 php72-soap-7.2.5-1.69.1 php72-soap-debuginfo-7.2.5-1.69.1 php72-sockets-7.2.5-1.69.1 php72-sockets-debuginfo-7.2.5-1.69.1 php72-sodium-7.2.5-1.69.1 php72-sodium-debuginfo-7.2.5-1.69.1 php72-sqlite-7.2.5-1.69.1 php72-sqlite-debuginfo-7.2.5-1.69.1 php72-sysvmsg-7.2.5-1.69.1 php72-sysvmsg-debuginfo-7.2.5-1.69.1 php72-sysvsem-7.2.5-1.69.1 php72-sysvsem-debuginfo-7.2.5-1.69.1 php72-sysvshm-7.2.5-1.69.1 php72-sysvshm-debuginfo-7.2.5-1.69.1 php72-tidy-7.2.5-1.69.1 php72-tidy-debuginfo-7.2.5-1.69.1 php72-tokenizer-7.2.5-1.69.1 php72-tokenizer-debuginfo-7.2.5-1.69.1 php72-wddx-7.2.5-1.69.1 php72-wddx-debuginfo-7.2.5-1.69.1 php72-xmlreader-7.2.5-1.69.1 php72-xmlreader-debuginfo-7.2.5-1.69.1 php72-xmlrpc-7.2.5-1.69.1 php72-xmlrpc-debuginfo-7.2.5-1.69.1 php72-xmlwriter-7.2.5-1.69.1 php72-xmlwriter-debuginfo-7.2.5-1.69.1 php72-xsl-7.2.5-1.69.1 php72-xsl-debuginfo-7.2.5-1.69.1 php72-zip-7.2.5-1.69.1 php72-zip-debuginfo-7.2.5-1.69.1 php72-zlib-7.2.5-1.69.1 php72-zlib-debuginfo-7.2.5-1.69.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.69.1 php72-pear-Archive_Tar-7.2.5-1.69.1 References: https://www.suse.com/security/cve/CVE-2020-36193.html https://bugzilla.suse.com/1189591 From sle-updates at lists.suse.com Thu Sep 2 16:23:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 18:23:44 +0200 (CEST) Subject: SUSE-SU-2021:2927-1: important: Security update for rubygem-addressable Message-ID: <20210902162344.420A2FD0A@maintenance.suse.de> SUSE Security Update: Security update for rubygem-addressable ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2927-1 Rating: important References: #1188207 Cross-References: CVE-2021-32740 CVSS scores: CVE-2021-32740 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-addressable fixes the following issues: - CVE-2021-32740: Fixed denial of service via maliciously crafted templates (bsc#1188207). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2927=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-addressable-2.3.6-4.3.3 References: https://www.suse.com/security/cve/CVE-2021-32740.html https://bugzilla.suse.com/1188207 From sle-updates at lists.suse.com Thu Sep 2 16:24:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 18:24:55 +0200 (CEST) Subject: SUSE-SU-2021:2925-1: important: Security update for xen Message-ID: <20210902162455.C4292FD0A@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2925-1 Rating: important References: #1027519 #1179148 #1179246 #1180491 #1180846 #1181989 #1183243 #1186428 #1186429 #1186433 #1186434 #1188050 #1189373 #1189376 #1189378 #1189380 #1189381 #1189882 Cross-References: CVE-2021-0089 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVSS scores: CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-28694 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28695 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28696 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28698 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28699 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28700 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 7 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed "Panic on CPU 0: IO-APIC + timer doesn't work!" (bsc#1180491) - Upstream bug fixes (bsc#1027519) - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - Fixed PVHVM SLES12 SP5 - NMI Watchdog CPU Stuck (bsc#1180846). - Core cannot be opened when using xl dump-core of VM with PTF (bsc#1183243). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2925=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2925=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2925=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2925=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2925=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2925=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2925=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2925=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2925=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (x86_64): xen-4.12.4_12-3.52.1 xen-debugsource-4.12.4_12-3.52.1 xen-devel-4.12.4_12-3.52.1 xen-libs-4.12.4_12-3.52.1 xen-libs-debuginfo-4.12.4_12-3.52.1 xen-tools-4.12.4_12-3.52.1 xen-tools-debuginfo-4.12.4_12-3.52.1 xen-tools-domU-4.12.4_12-3.52.1 xen-tools-domU-debuginfo-4.12.4_12-3.52.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): xen-4.12.4_12-3.52.1 xen-debugsource-4.12.4_12-3.52.1 xen-devel-4.12.4_12-3.52.1 xen-libs-4.12.4_12-3.52.1 xen-libs-debuginfo-4.12.4_12-3.52.1 xen-tools-4.12.4_12-3.52.1 xen-tools-debuginfo-4.12.4_12-3.52.1 xen-tools-domU-4.12.4_12-3.52.1 xen-tools-domU-debuginfo-4.12.4_12-3.52.1 - SUSE Manager Proxy 4.0 (x86_64): xen-4.12.4_12-3.52.1 xen-debugsource-4.12.4_12-3.52.1 xen-devel-4.12.4_12-3.52.1 xen-libs-4.12.4_12-3.52.1 xen-libs-debuginfo-4.12.4_12-3.52.1 xen-tools-4.12.4_12-3.52.1 xen-tools-debuginfo-4.12.4_12-3.52.1 xen-tools-domU-4.12.4_12-3.52.1 xen-tools-domU-debuginfo-4.12.4_12-3.52.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): xen-4.12.4_12-3.52.1 xen-debugsource-4.12.4_12-3.52.1 xen-devel-4.12.4_12-3.52.1 xen-libs-4.12.4_12-3.52.1 xen-libs-debuginfo-4.12.4_12-3.52.1 xen-tools-4.12.4_12-3.52.1 xen-tools-debuginfo-4.12.4_12-3.52.1 xen-tools-domU-4.12.4_12-3.52.1 xen-tools-domU-debuginfo-4.12.4_12-3.52.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): xen-4.12.4_12-3.52.1 xen-debugsource-4.12.4_12-3.52.1 xen-devel-4.12.4_12-3.52.1 xen-libs-4.12.4_12-3.52.1 xen-libs-debuginfo-4.12.4_12-3.52.1 xen-tools-4.12.4_12-3.52.1 xen-tools-debuginfo-4.12.4_12-3.52.1 xen-tools-domU-4.12.4_12-3.52.1 xen-tools-domU-debuginfo-4.12.4_12-3.52.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xen-4.12.4_12-3.52.1 xen-debugsource-4.12.4_12-3.52.1 xen-devel-4.12.4_12-3.52.1 xen-libs-4.12.4_12-3.52.1 xen-libs-debuginfo-4.12.4_12-3.52.1 xen-tools-4.12.4_12-3.52.1 xen-tools-debuginfo-4.12.4_12-3.52.1 xen-tools-domU-4.12.4_12-3.52.1 xen-tools-domU-debuginfo-4.12.4_12-3.52.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): xen-4.12.4_12-3.52.1 xen-debugsource-4.12.4_12-3.52.1 xen-devel-4.12.4_12-3.52.1 xen-libs-4.12.4_12-3.52.1 xen-libs-debuginfo-4.12.4_12-3.52.1 xen-tools-4.12.4_12-3.52.1 xen-tools-debuginfo-4.12.4_12-3.52.1 xen-tools-domU-4.12.4_12-3.52.1 xen-tools-domU-debuginfo-4.12.4_12-3.52.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): xen-4.12.4_12-3.52.1 xen-debugsource-4.12.4_12-3.52.1 xen-devel-4.12.4_12-3.52.1 xen-libs-4.12.4_12-3.52.1 xen-libs-debuginfo-4.12.4_12-3.52.1 xen-tools-4.12.4_12-3.52.1 xen-tools-debuginfo-4.12.4_12-3.52.1 xen-tools-domU-4.12.4_12-3.52.1 xen-tools-domU-debuginfo-4.12.4_12-3.52.1 - SUSE Enterprise Storage 6 (x86_64): xen-4.12.4_12-3.52.1 xen-debugsource-4.12.4_12-3.52.1 xen-devel-4.12.4_12-3.52.1 xen-libs-4.12.4_12-3.52.1 xen-libs-debuginfo-4.12.4_12-3.52.1 xen-tools-4.12.4_12-3.52.1 xen-tools-debuginfo-4.12.4_12-3.52.1 xen-tools-domU-4.12.4_12-3.52.1 xen-tools-domU-debuginfo-4.12.4_12-3.52.1 - SUSE CaaS Platform 4.0 (x86_64): xen-4.12.4_12-3.52.1 xen-debugsource-4.12.4_12-3.52.1 xen-devel-4.12.4_12-3.52.1 xen-libs-4.12.4_12-3.52.1 xen-libs-debuginfo-4.12.4_12-3.52.1 xen-tools-4.12.4_12-3.52.1 xen-tools-debuginfo-4.12.4_12-3.52.1 xen-tools-domU-4.12.4_12-3.52.1 xen-tools-domU-debuginfo-4.12.4_12-3.52.1 References: https://www.suse.com/security/cve/CVE-2021-0089.html https://www.suse.com/security/cve/CVE-2021-28690.html https://www.suse.com/security/cve/CVE-2021-28692.html https://www.suse.com/security/cve/CVE-2021-28693.html https://www.suse.com/security/cve/CVE-2021-28694.html https://www.suse.com/security/cve/CVE-2021-28695.html https://www.suse.com/security/cve/CVE-2021-28696.html https://www.suse.com/security/cve/CVE-2021-28697.html https://www.suse.com/security/cve/CVE-2021-28698.html https://www.suse.com/security/cve/CVE-2021-28699.html https://www.suse.com/security/cve/CVE-2021-28700.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1179148 https://bugzilla.suse.com/1179246 https://bugzilla.suse.com/1180491 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1181989 https://bugzilla.suse.com/1183243 https://bugzilla.suse.com/1186428 https://bugzilla.suse.com/1186429 https://bugzilla.suse.com/1186433 https://bugzilla.suse.com/1186434 https://bugzilla.suse.com/1188050 https://bugzilla.suse.com/1189373 https://bugzilla.suse.com/1189376 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189380 https://bugzilla.suse.com/1189381 https://bugzilla.suse.com/1189882 From sle-updates at lists.suse.com Thu Sep 2 16:28:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 18:28:24 +0200 (CEST) Subject: SUSE-SU-2021:2930-1: important: Security update for file Message-ID: <20210902162824.1D679FD0A@maintenance.suse.de> SUSE Security Update: Security update for file ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2930-1 Rating: important References: #1154661 Cross-References: CVE-2019-18218 CVSS scores: CVE-2019-18218 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-18218 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for file fixes the following issues: - CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2930=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2930=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2930=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2930=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2930=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2930=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2930=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2930=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2930=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2930=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2930=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2930=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2930=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-32bit-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-32bit-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 - SUSE OpenStack Cloud 9 (x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-32bit-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 - SUSE OpenStack Cloud 8 (x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-32bit-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-devel-5.22-10.21.1 python-magic-5.22-10.21.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libmagic1-32bit-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libmagic1-32bit-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libmagic1-32bit-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libmagic1-32bit-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libmagic1-32bit-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-32bit-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-32bit-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 - HPE Helion Openstack 8 (x86_64): file-5.22-10.21.1 file-debuginfo-5.22-10.21.1 file-debugsource-5.22-10.21.1 file-magic-5.22-10.21.1 libmagic1-32bit-5.22-10.21.1 libmagic1-5.22-10.21.1 libmagic1-debuginfo-32bit-5.22-10.21.1 libmagic1-debuginfo-5.22-10.21.1 References: https://www.suse.com/security/cve/CVE-2019-18218.html https://bugzilla.suse.com/1154661 From sle-updates at lists.suse.com Thu Sep 2 19:17:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Sep 2021 21:17:27 +0200 (CEST) Subject: SUSE-RU-2021:2931-1: important: Recommended update for SLE_RT-release Message-ID: <20210902191727.55B8AF799@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLE_RT-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2931-1 Rating: important References: MSC-201 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This recommended update for SLE_RT-release provides the following fix: - Adding distribution-release provide to the package to make the product installable. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2021-2931=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): SLE_RT-release-15.3-4.7.1 References: From sle-updates at lists.suse.com Thu Sep 2 22:19:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 00:19:05 +0200 (CEST) Subject: SUSE-RU-2021:2936-1: Recommended update for zypper Message-ID: <20210902221905.81AE7FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2936-1 Rating: low References: #1187466 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zypper fixes the following issues: - Fix for man: point out more clearly that patches update affected packages to the latest available version. (bsc#1187466) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2936=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): zypper-1.13.59-21.38.4 zypper-debuginfo-1.13.59-21.38.4 zypper-debugsource-1.13.59-21.38.4 - SUSE Linux Enterprise Server 12-SP5 (noarch): zypper-log-1.13.59-21.38.4 References: https://bugzilla.suse.com/1187466 From sle-updates at lists.suse.com Thu Sep 2 22:20:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 00:20:19 +0200 (CEST) Subject: SUSE-RU-2021:2934-1: important: Recommended update for SAPHanaSR-ScaleOut Message-ID: <20210902222019.38527FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2934-1 Rating: important References: #1144312 #1144442 #1173581 #1182115 #1182545 SLE-17452 SLE-20081 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has 5 recommended fixes and contains two features can now be installed. Description: This update for SAPHanaSR-ScaleOut fixes the following issues: - change version to 0.180.1 - Extent the SAP HANA ressource agents from single replication automation to multi replication automation (jsc#SLE-17452, jsc#SLE-20081) - The resource start and stop timeout is now configurable by increasing the timeout for the action 'start' and/or 'stop' in the cluster. (bsc#1182545) - Improve handling of return codes in 'saphana_stopSystem' and 'saphana_stop' function. (bsc#1182115) - Integrate man pages back to the base package SAPHanaSR-ScaleOut. - Fixed an issue when HANA failover returns and empty site name. (bsc#1173581) - Add SAPHanaSR-call-monitor - Fixed an issue when HANA is configured to have only one master name server, but no additional master name server candidates, there may be the situation, where the master name server died and so the landscape has no active name server anymore. - Manual page updates: SAPHanaSR-ScaleOut.7 (bsc#1144442) SAPHanaSR-showAttr.8 (bsc#1144312) and others Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-2934=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-2934=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-2934=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-2934=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): SAPHanaSR-ScaleOut-0.180.1-3.19.1 SAPHanaSR-ScaleOut-doc-0.180.1-3.19.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): SAPHanaSR-ScaleOut-0.180.1-3.19.1 SAPHanaSR-ScaleOut-doc-0.180.1-3.19.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): SAPHanaSR-ScaleOut-0.180.1-3.19.1 SAPHanaSR-ScaleOut-doc-0.180.1-3.19.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): SAPHanaSR-ScaleOut-0.180.1-3.19.1 SAPHanaSR-ScaleOut-doc-0.180.1-3.19.1 References: https://bugzilla.suse.com/1144312 https://bugzilla.suse.com/1144442 https://bugzilla.suse.com/1173581 https://bugzilla.suse.com/1182115 https://bugzilla.suse.com/1182545 From sle-updates at lists.suse.com Thu Sep 2 22:22:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 00:22:03 +0200 (CEST) Subject: SUSE-RU-2021:2935-1: moderate: Recommended update for yast2-saptune Message-ID: <20210902222203.16DCCFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2935-1 Rating: moderate References: #1188321 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-saptune fixes the following issues: - Exchange the tuned daemon handling with the new saptune service. (bsc#1188321) - Add information, if the service is enabled or disabled. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-2935=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-2935=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-2935=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-2935=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): yast2-saptune-1.4-3.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): yast2-saptune-1.4-3.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): yast2-saptune-1.4-3.6.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): yast2-saptune-1.4-3.6.1 References: https://bugzilla.suse.com/1188321 From sle-updates at lists.suse.com Fri Sep 3 13:18:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 15:18:31 +0200 (CEST) Subject: SUSE-RU-2021:2950-1: moderate: Recommended update for pcre2 Message-ID: <20210903131831.6F721FDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for pcre2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2950-1 Rating: moderate References: #1187937 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2950=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2950=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2950=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libpcre2-8-0-10.31-3.3.1 libpcre2-8-0-debuginfo-10.31-3.3.1 pcre2-debugsource-10.31-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.31-3.3.1 libpcre2-16-0-debuginfo-10.31-3.3.1 libpcre2-32-0-10.31-3.3.1 libpcre2-32-0-debuginfo-10.31-3.3.1 libpcre2-8-0-10.31-3.3.1 libpcre2-8-0-debuginfo-10.31-3.3.1 libpcre2-posix2-10.31-3.3.1 libpcre2-posix2-debuginfo-10.31-3.3.1 pcre2-debugsource-10.31-3.3.1 pcre2-devel-10.31-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.31-3.3.1 libpcre2-16-0-debuginfo-10.31-3.3.1 libpcre2-32-0-10.31-3.3.1 libpcre2-32-0-debuginfo-10.31-3.3.1 libpcre2-8-0-10.31-3.3.1 libpcre2-8-0-debuginfo-10.31-3.3.1 libpcre2-posix2-10.31-3.3.1 libpcre2-posix2-debuginfo-10.31-3.3.1 pcre2-debugsource-10.31-3.3.1 pcre2-devel-10.31-3.3.1 References: https://bugzilla.suse.com/1187937 From sle-updates at lists.suse.com Fri Sep 3 13:22:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 15:22:59 +0200 (CEST) Subject: SUSE-RU-2021:2947-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20210903132259.DA99FFDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2947-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-197_92, 5_3_18-24_53_4, 5_3_18-24_67, 5_3_18-57, 5_3_18-59_10, 5_3_18-59_5. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-2947=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-2947=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-2947=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-2947=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-2948=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-2948=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2021-2948=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2021-2948=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (noarch): lifecycle-data-sle-module-live-patching-15-4.57.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-4.57.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-4.57.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.57.1 - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.91.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.91.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.91.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.91.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Fri Sep 3 13:25:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 15:25:44 +0200 (CEST) Subject: SUSE-SU-2021:2937-1: important: Security update for libesmtp Message-ID: <20210903132544.6B711FDED@maintenance.suse.de> SUSE Security Update: Security update for libesmtp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2937-1 Rating: important References: #1160462 #1189097 Cross-References: CVE-2019-19977 CVSS scores: CVE-2019-19977 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-19977 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2937=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2937=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2937=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2937=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2937=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2937=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2937=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2937=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2937=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2937=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2937=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2937=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2937=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2937=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2937=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2937=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Manager Proxy 4.0 (x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 - SUSE CaaS Platform 4.0 (x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 libesmtp-devel-1.0.6-150.4.1 References: https://www.suse.com/security/cve/CVE-2019-19977.html https://bugzilla.suse.com/1160462 https://bugzilla.suse.com/1189097 From sle-updates at lists.suse.com Fri Sep 3 13:27:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 15:27:08 +0200 (CEST) Subject: SUSE-SU-2021:2941-1: important: Security update for sssd Message-ID: <20210903132708.5D2E6FDED@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2941-1 Rating: important References: #1183735 #1187120 #1189492 Cross-References: CVE-2021-3621 CVSS scores: CVE-2021-3621 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492). - Add LDAPS support for the AD provider (bsc#1183735). - Improve logs to record the reason why internal watchdog terminates a process (bsc#1187120). - Fix watchdog not terminating tasks (bsc#1187120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2941=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-23.11.1 libipa_hbac0-1.16.1-23.11.1 libipa_hbac0-debuginfo-1.16.1-23.11.1 libsss_certmap-devel-1.16.1-23.11.1 libsss_certmap0-1.16.1-23.11.1 libsss_certmap0-debuginfo-1.16.1-23.11.1 libsss_idmap-devel-1.16.1-23.11.1 libsss_idmap0-1.16.1-23.11.1 libsss_idmap0-debuginfo-1.16.1-23.11.1 libsss_nss_idmap-devel-1.16.1-23.11.1 libsss_nss_idmap0-1.16.1-23.11.1 libsss_nss_idmap0-debuginfo-1.16.1-23.11.1 libsss_simpleifp-devel-1.16.1-23.11.1 libsss_simpleifp0-1.16.1-23.11.1 libsss_simpleifp0-debuginfo-1.16.1-23.11.1 python3-sssd-config-1.16.1-23.11.1 python3-sssd-config-debuginfo-1.16.1-23.11.1 sssd-1.16.1-23.11.1 sssd-ad-1.16.1-23.11.1 sssd-ad-debuginfo-1.16.1-23.11.1 sssd-common-1.16.1-23.11.1 sssd-common-debuginfo-1.16.1-23.11.1 sssd-dbus-1.16.1-23.11.1 sssd-dbus-debuginfo-1.16.1-23.11.1 sssd-debugsource-1.16.1-23.11.1 sssd-ipa-1.16.1-23.11.1 sssd-ipa-debuginfo-1.16.1-23.11.1 sssd-krb5-1.16.1-23.11.1 sssd-krb5-common-1.16.1-23.11.1 sssd-krb5-common-debuginfo-1.16.1-23.11.1 sssd-krb5-debuginfo-1.16.1-23.11.1 sssd-ldap-1.16.1-23.11.1 sssd-ldap-debuginfo-1.16.1-23.11.1 sssd-proxy-1.16.1-23.11.1 sssd-proxy-debuginfo-1.16.1-23.11.1 sssd-tools-1.16.1-23.11.1 sssd-tools-debuginfo-1.16.1-23.11.1 sssd-winbind-idmap-1.16.1-23.11.1 sssd-winbind-idmap-debuginfo-1.16.1-23.11.1 References: https://www.suse.com/security/cve/CVE-2021-3621.html https://bugzilla.suse.com/1183735 https://bugzilla.suse.com/1187120 https://bugzilla.suse.com/1189492 From sle-updates at lists.suse.com Fri Sep 3 13:29:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 15:29:40 +0200 (CEST) Subject: SUSE-RU-2021:2946-1: moderate: Recommended update for scap-security-guide Message-ID: <20210903132940.7A4A1FDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2946-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: Updated to 0.1.57 release (jsc#ECO-3319) - Bugfixes and improvements for SUSE Linux Enterprise STIG profiles. - CIS profile for RHEL 7 is updated. - initial CIS profiles for Ubuntu 20.04. - Major improvement of RHEL 9 content. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2946=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): scap-security-guide-0.1.57-3.14.1 scap-security-guide-debian-0.1.57-3.14.1 scap-security-guide-redhat-0.1.57-3.14.1 scap-security-guide-ubuntu-0.1.57-3.14.1 References: From sle-updates at lists.suse.com Fri Sep 3 13:34:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 15:34:40 +0200 (CEST) Subject: SUSE-RU-2021:2938-1: moderate: Recommended update for openldap2 Message-ID: <20210903133440.1BC17FDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2938-1 Rating: moderate References: #1184614 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2938=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-2938=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-2938=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2938=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2938=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2938=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2938=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libldap-2_4-2-2.4.46-9.58.1 libldap-2_4-2-debuginfo-2.4.46-9.58.1 openldap2-debuginfo-2.4.46-9.58.1 openldap2-debugsource-2.4.46-9.58.1 - SUSE MicroOS 5.0 (noarch): libldap-data-2.4.46-9.58.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.58.1 openldap2-back-meta-2.4.46-9.58.1 openldap2-back-meta-debuginfo-2.4.46-9.58.1 openldap2-back-perl-2.4.46-9.58.1 openldap2-back-perl-debuginfo-2.4.46-9.58.1 openldap2-contrib-2.4.46-9.58.1 openldap2-contrib-debuginfo-2.4.46-9.58.1 openldap2-debuginfo-2.4.46-9.58.1 openldap2-debugsource-2.4.46-9.58.1 openldap2-ppolicy-check-password-1.2-9.58.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.58.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.58.1 openldap2-back-meta-2.4.46-9.58.1 openldap2-back-meta-debuginfo-2.4.46-9.58.1 openldap2-back-perl-2.4.46-9.58.1 openldap2-back-perl-debuginfo-2.4.46-9.58.1 openldap2-contrib-2.4.46-9.58.1 openldap2-contrib-debuginfo-2.4.46-9.58.1 openldap2-debuginfo-2.4.46-9.58.1 openldap2-debugsource-2.4.46-9.58.1 openldap2-ppolicy-check-password-1.2-9.58.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.58.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): openldap2-debugsource-2.4.46-9.58.1 openldap2-devel-32bit-2.4.46-9.58.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): openldap2-debugsource-2.4.46-9.58.1 openldap2-devel-32bit-2.4.46-9.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.58.1 libldap-2_4-2-debuginfo-2.4.46-9.58.1 openldap2-client-2.4.46-9.58.1 openldap2-client-debuginfo-2.4.46-9.58.1 openldap2-debuginfo-2.4.46-9.58.1 openldap2-debugsource-2.4.46-9.58.1 openldap2-devel-2.4.46-9.58.1 openldap2-devel-static-2.4.46-9.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libldap-data-2.4.46-9.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libldap-2_4-2-32bit-2.4.46-9.58.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.58.1 libldap-2_4-2-debuginfo-2.4.46-9.58.1 openldap2-client-2.4.46-9.58.1 openldap2-client-debuginfo-2.4.46-9.58.1 openldap2-debugsource-2.4.46-9.58.1 openldap2-devel-2.4.46-9.58.1 openldap2-devel-static-2.4.46-9.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libldap-data-2.4.46-9.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libldap-2_4-2-32bit-2.4.46-9.58.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.58.1 References: https://bugzilla.suse.com/1184614 From sle-updates at lists.suse.com Fri Sep 3 13:35:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 15:35:58 +0200 (CEST) Subject: SUSE-SU-2021:2944-1: important: Security update for xerces-c Message-ID: <20210903133558.16690FDED@maintenance.suse.de> SUSE Security Update: Security update for xerces-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2944-1 Rating: important References: #1159552 Cross-References: CVE-2018-1311 CVSS scores: CVE-2018-1311 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1311 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs (bsc#1159552). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2944=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2944=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libxerces-c-devel-3.1.1-13.6.1 xerces-c-debuginfo-3.1.1-13.6.1 xerces-c-debugsource-3.1.1-13.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libxerces-c-3_1-3.1.1-13.6.1 libxerces-c-3_1-debuginfo-3.1.1-13.6.1 xerces-c-debuginfo-3.1.1-13.6.1 xerces-c-debugsource-3.1.1-13.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libxerces-c-3_1-32bit-3.1.1-13.6.1 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.6.1 References: https://www.suse.com/security/cve/CVE-2018-1311.html https://bugzilla.suse.com/1159552 From sle-updates at lists.suse.com Fri Sep 3 13:37:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 15:37:09 +0200 (CEST) Subject: SUSE-RU-2021:2945-1: moderate: Recommended update for open-iscsi Message-ID: <20210903133709.1F388FDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2945-1 Rating: moderate References: #1153806 #1185930 #1188579 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for open-iscsi fixes the following issues: - Update 'iscsi.service' so that it tries to logon to any "onboot" and firmware targets, in case a target was offline when booted but back up when the service is started. (bsc#1153806) - Merged with latest from upstream, which contains these fixes: * Add "no wait" option to iscsiadm firmware login * Check for ISCSI_ERR_ISCSID_NOTCONN in iscsistart * Log proper error message when AUTH failure occurs * Support the "qede" CMA-card driver. (bsc#1188579) * iscsistart: fix null pointer deref before exit * Set default 'startup' to 'onboot' for FW nodes. (bsc#1185930) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2945=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.6-32.5.1 iscsiuio-debuginfo-0.7.8.6-32.5.1 libopeniscsiusr0_2_0-2.1.4-32.5.1 libopeniscsiusr0_2_0-debuginfo-2.1.4-32.5.1 open-iscsi-2.1.4-32.5.1 open-iscsi-debuginfo-2.1.4-32.5.1 open-iscsi-debugsource-2.1.4-32.5.1 open-iscsi-devel-2.1.4-32.5.1 References: https://bugzilla.suse.com/1153806 https://bugzilla.suse.com/1185930 https://bugzilla.suse.com/1188579 From sle-updates at lists.suse.com Fri Sep 3 13:39:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 15:39:39 +0200 (CEST) Subject: SUSE-SU-2021:2943-1: important: Security update for xen Message-ID: <20210903133939.4335AFDED@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2943-1 Rating: important References: #1186429 #1186433 #1186434 #1189373 #1189376 #1189378 #1189380 #1189882 Cross-References: CVE-2021-0089 CVE-2021-28690 CVE-2021-28692 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVSS scores: CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-28694 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28695 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28696 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28698 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28699 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429). - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2943=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2943=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2943=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_26-3.61.1 xen-debugsource-4.10.4_26-3.61.1 xen-devel-4.10.4_26-3.61.1 xen-libs-4.10.4_26-3.61.1 xen-libs-debuginfo-4.10.4_26-3.61.1 xen-tools-4.10.4_26-3.61.1 xen-tools-debuginfo-4.10.4_26-3.61.1 xen-tools-domU-4.10.4_26-3.61.1 xen-tools-domU-debuginfo-4.10.4_26-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_26-3.61.1 xen-debugsource-4.10.4_26-3.61.1 xen-devel-4.10.4_26-3.61.1 xen-libs-4.10.4_26-3.61.1 xen-libs-debuginfo-4.10.4_26-3.61.1 xen-tools-4.10.4_26-3.61.1 xen-tools-debuginfo-4.10.4_26-3.61.1 xen-tools-domU-4.10.4_26-3.61.1 xen-tools-domU-debuginfo-4.10.4_26-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_26-3.61.1 xen-debugsource-4.10.4_26-3.61.1 xen-devel-4.10.4_26-3.61.1 xen-libs-4.10.4_26-3.61.1 xen-libs-debuginfo-4.10.4_26-3.61.1 xen-tools-4.10.4_26-3.61.1 xen-tools-debuginfo-4.10.4_26-3.61.1 xen-tools-domU-4.10.4_26-3.61.1 xen-tools-domU-debuginfo-4.10.4_26-3.61.1 References: https://www.suse.com/security/cve/CVE-2021-0089.html https://www.suse.com/security/cve/CVE-2021-28690.html https://www.suse.com/security/cve/CVE-2021-28692.html https://www.suse.com/security/cve/CVE-2021-28694.html https://www.suse.com/security/cve/CVE-2021-28695.html https://www.suse.com/security/cve/CVE-2021-28696.html https://www.suse.com/security/cve/CVE-2021-28697.html https://www.suse.com/security/cve/CVE-2021-28698.html https://www.suse.com/security/cve/CVE-2021-28699.html https://bugzilla.suse.com/1186429 https://bugzilla.suse.com/1186433 https://bugzilla.suse.com/1186434 https://bugzilla.suse.com/1189373 https://bugzilla.suse.com/1189376 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189380 https://bugzilla.suse.com/1189882 From sle-updates at lists.suse.com Fri Sep 3 13:41:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 15:41:44 +0200 (CEST) Subject: SUSE-SU-2021:2939-1: moderate: Security update for mariadb Message-ID: <20210903134144.F0E8EFDFA@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2939-1 Rating: moderate References: #1189320 Cross-References: CVE-2021-2372 CVE-2021-2389 CVSS scores: CVE-2021-2372 (NVD) : 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2372 (SUSE): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2389 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-2389 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mariadb fixes the following issues: Update to 10.5.12 [bsc#1189320]: - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2939=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.5.12-3.6.1 libmariadbd19-10.5.12-3.6.1 libmariadbd19-debuginfo-10.5.12-3.6.1 mariadb-10.5.12-3.6.1 mariadb-client-10.5.12-3.6.1 mariadb-client-debuginfo-10.5.12-3.6.1 mariadb-debuginfo-10.5.12-3.6.1 mariadb-debugsource-10.5.12-3.6.1 mariadb-tools-10.5.12-3.6.1 mariadb-tools-debuginfo-10.5.12-3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): mariadb-errormessages-10.5.12-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-2372.html https://www.suse.com/security/cve/CVE-2021-2389.html https://bugzilla.suse.com/1189320 From sle-updates at lists.suse.com Fri Sep 3 13:42:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 15:42:56 +0200 (CEST) Subject: SUSE-SU-2021:2940-1: important: Security update for python39 Message-ID: <20210903134256.587B9FDFA@maintenance.suse.de> SUSE Security Update: Security update for python39 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2940-1 Rating: important References: #1183858 #1185588 #1185706 Cross-References: CVE-2021-29921 CVSS scores: CVE-2021-29921 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-29921 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for python39 fixes the following issues: - CVE-2021-29921: Fixed improper input validation of octal string IP addresses (bsc#1185706). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing "python" symbol (bsc#1185588), which means python2 currently. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2940=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2940=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python39-core-debugsource-3.9.6-4.3.3 python39-tools-3.9.6-4.3.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.6-4.3.3 libpython3_9-1_0-debuginfo-3.9.6-4.3.3 python39-3.9.6-4.3.4 python39-base-3.9.6-4.3.3 python39-base-debuginfo-3.9.6-4.3.3 python39-core-debugsource-3.9.6-4.3.3 python39-curses-3.9.6-4.3.4 python39-curses-debuginfo-3.9.6-4.3.4 python39-dbm-3.9.6-4.3.4 python39-dbm-debuginfo-3.9.6-4.3.4 python39-debuginfo-3.9.6-4.3.4 python39-debugsource-3.9.6-4.3.4 python39-devel-3.9.6-4.3.3 python39-idle-3.9.6-4.3.4 python39-tk-3.9.6-4.3.4 python39-tk-debuginfo-3.9.6-4.3.4 References: https://www.suse.com/security/cve/CVE-2021-29921.html https://bugzilla.suse.com/1183858 https://bugzilla.suse.com/1185588 https://bugzilla.suse.com/1185706 From sle-updates at lists.suse.com Fri Sep 3 16:18:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 18:18:08 +0200 (CEST) Subject: SUSE-SU-2021:2953-1: moderate: Security update for nodejs10 Message-ID: <20210903161808.E777DFDED@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2953-1 Rating: moderate References: #1188881 #1188917 #1189369 #1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-3672 CVSS scores: CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22931 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-22939 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). - CVE-2021-22939: Fixed incomplete validation of rejectUnauthorized parameter (bsc#1189369). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-2953=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-1.39.2 nodejs10-debuginfo-10.24.1-1.39.2 nodejs10-debugsource-10.24.1-1.39.2 nodejs10-devel-10.24.1-1.39.2 npm10-10.24.1-1.39.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs10-docs-10.24.1-1.39.2 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://www.suse.com/security/cve/CVE-2021-22931.html https://www.suse.com/security/cve/CVE-2021-22939.html https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 https://bugzilla.suse.com/1188917 https://bugzilla.suse.com/1189369 https://bugzilla.suse.com/1189370 From sle-updates at lists.suse.com Fri Sep 3 16:22:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 18:22:24 +0200 (CEST) Subject: SUSE-SU-2021:2952-1: important: Security update for java-11-openjdk Message-ID: <20210903162224.3391DFDED@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2952-1 Rating: important References: #1185476 #1188564 #1188565 #1188566 SLE-5715 Cross-References: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVSS scores: CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2388 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-2388 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves three vulnerabilities, contains one feature and has one errata is now available. Description: This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.12+7 - CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. (bsc#1188566) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2952=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2952=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2952=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2952=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2952=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2952=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2952=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2952=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2952=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-2952=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2952=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2952=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2952=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2952=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2952=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2952=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2952=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Manager Proxy 4.0 (x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-jmods-11.0.12.0-3.59.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): java-11-openjdk-javadoc-11.0.12.0-3.59.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): java-11-openjdk-jmods-11.0.12.0-3.59.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): java-11-openjdk-javadoc-11.0.12.0-3.59.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 - SUSE CaaS Platform 4.0 (x86_64): java-11-openjdk-11.0.12.0-3.59.1 java-11-openjdk-debuginfo-11.0.12.0-3.59.1 java-11-openjdk-debugsource-11.0.12.0-3.59.1 java-11-openjdk-demo-11.0.12.0-3.59.1 java-11-openjdk-devel-11.0.12.0-3.59.1 java-11-openjdk-headless-11.0.12.0-3.59.1 References: https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-2388.html https://bugzilla.suse.com/1185476 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1188566 From sle-updates at lists.suse.com Fri Sep 3 16:24:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 18:24:16 +0200 (CEST) Subject: SUSE-RU-2021:2951-1: moderate: Recommended update for scap-security-guide Message-ID: <20210903162416.D6910FDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2951-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: Updated to 0.1.57 release (jsc#ECO-3319) - Small bugfixes for SUSE Linux Enterprise STIG profiles. - CIS profile for RHEL 7 is updated. - Initial CIS profiles for Ubuntu 20.04. - Major improvement of RHEL 9 content. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2951=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2951=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2951=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2951=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2951=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2951=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2951=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2951=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2951=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2951=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2951=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2951=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2951=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2951=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2951=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Manager Retail Branch Server 4.0 (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Manager Proxy 4.0 (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE Enterprise Storage 6 (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 - SUSE CaaS Platform 4.0 (noarch): scap-security-guide-0.1.57-1.16.1 scap-security-guide-debian-0.1.57-1.16.1 scap-security-guide-redhat-0.1.57-1.16.1 scap-security-guide-ubuntu-0.1.57-1.16.1 References: From sle-updates at lists.suse.com Fri Sep 3 16:27:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 18:27:45 +0200 (CEST) Subject: SUSE-SU-2021:2954-1: important: Security update for apache2 Message-ID: <20210903162745.5E07BFDED@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2954-1 Rating: important References: #1189387 Cross-References: CVE-2021-33193 CVSS scores: CVE-2021-33193 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2 fixes the following issues: - CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and mod_proxy (bsc#1189387). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2954=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2954=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-2954=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2954=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2954=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.43-3.25.1 apache2-debugsource-2.4.43-3.25.1 apache2-devel-2.4.43-3.25.1 apache2-worker-2.4.43-3.25.1 apache2-worker-debuginfo-2.4.43-3.25.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): apache2-doc-2.4.43-3.25.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.43-3.25.1 apache2-debugsource-2.4.43-3.25.1 apache2-devel-2.4.43-3.25.1 apache2-worker-2.4.43-3.25.1 apache2-worker-debuginfo-2.4.43-3.25.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): apache2-doc-2.4.43-3.25.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.43-3.25.1 apache2-debugsource-2.4.43-3.25.1 apache2-event-2.4.43-3.25.1 apache2-event-debuginfo-2.4.43-3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.43-3.25.1 apache2-debuginfo-2.4.43-3.25.1 apache2-debugsource-2.4.43-3.25.1 apache2-prefork-2.4.43-3.25.1 apache2-prefork-debuginfo-2.4.43-3.25.1 apache2-utils-2.4.43-3.25.1 apache2-utils-debuginfo-2.4.43-3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-2.4.43-3.25.1 apache2-debuginfo-2.4.43-3.25.1 apache2-debugsource-2.4.43-3.25.1 apache2-prefork-2.4.43-3.25.1 apache2-prefork-debuginfo-2.4.43-3.25.1 apache2-utils-2.4.43-3.25.1 apache2-utils-debuginfo-2.4.43-3.25.1 References: https://www.suse.com/security/cve/CVE-2021-33193.html https://bugzilla.suse.com/1189387 From sle-updates at lists.suse.com Fri Sep 3 16:29:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Sep 2021 18:29:01 +0200 (CEST) Subject: SUSE-SU-2021:2955-1: important: Security update for xen Message-ID: <20210903162901.5C810FDED@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2955-1 Rating: important References: #1181254 #1182654 #1186429 #1186433 #1186434 #1187369 #1187376 #1187378 #1189373 #1189376 #1189378 #1189380 #1189882 Cross-References: CVE-2021-0089 CVE-2021-20255 CVE-2021-28690 CVE-2021-28692 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-3308 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVSS scores: CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-28694 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28695 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28696 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28698 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28699 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3308 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3308 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654) - CVE-2021-3592: slirp: invalid pointer initialization may lead to information disclosure (bootp)(bsc#1187369). - CVE-2021-3594: slirp: invalid pointer initialization may lead to information disclosure (udp)(bsc#1187378). - CVE-2021-3595: slirp: invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187376). - CVE-2021-3308: Fixed IRQ vector leak on x86 (XSA-360)(bsc#1181254). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2955=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2955=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2955=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2955=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_20-2.60.1 xen-debugsource-4.11.4_20-2.60.1 xen-doc-html-4.11.4_20-2.60.1 xen-libs-32bit-4.11.4_20-2.60.1 xen-libs-4.11.4_20-2.60.1 xen-libs-debuginfo-32bit-4.11.4_20-2.60.1 xen-libs-debuginfo-4.11.4_20-2.60.1 xen-tools-4.11.4_20-2.60.1 xen-tools-debuginfo-4.11.4_20-2.60.1 xen-tools-domU-4.11.4_20-2.60.1 xen-tools-domU-debuginfo-4.11.4_20-2.60.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_20-2.60.1 xen-debugsource-4.11.4_20-2.60.1 xen-doc-html-4.11.4_20-2.60.1 xen-libs-32bit-4.11.4_20-2.60.1 xen-libs-4.11.4_20-2.60.1 xen-libs-debuginfo-32bit-4.11.4_20-2.60.1 xen-libs-debuginfo-4.11.4_20-2.60.1 xen-tools-4.11.4_20-2.60.1 xen-tools-debuginfo-4.11.4_20-2.60.1 xen-tools-domU-4.11.4_20-2.60.1 xen-tools-domU-debuginfo-4.11.4_20-2.60.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_20-2.60.1 xen-debugsource-4.11.4_20-2.60.1 xen-doc-html-4.11.4_20-2.60.1 xen-libs-32bit-4.11.4_20-2.60.1 xen-libs-4.11.4_20-2.60.1 xen-libs-debuginfo-32bit-4.11.4_20-2.60.1 xen-libs-debuginfo-4.11.4_20-2.60.1 xen-tools-4.11.4_20-2.60.1 xen-tools-debuginfo-4.11.4_20-2.60.1 xen-tools-domU-4.11.4_20-2.60.1 xen-tools-domU-debuginfo-4.11.4_20-2.60.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_20-2.60.1 xen-debugsource-4.11.4_20-2.60.1 xen-doc-html-4.11.4_20-2.60.1 xen-libs-32bit-4.11.4_20-2.60.1 xen-libs-4.11.4_20-2.60.1 xen-libs-debuginfo-32bit-4.11.4_20-2.60.1 xen-libs-debuginfo-4.11.4_20-2.60.1 xen-tools-4.11.4_20-2.60.1 xen-tools-debuginfo-4.11.4_20-2.60.1 xen-tools-domU-4.11.4_20-2.60.1 xen-tools-domU-debuginfo-4.11.4_20-2.60.1 References: https://www.suse.com/security/cve/CVE-2021-0089.html https://www.suse.com/security/cve/CVE-2021-20255.html https://www.suse.com/security/cve/CVE-2021-28690.html https://www.suse.com/security/cve/CVE-2021-28692.html https://www.suse.com/security/cve/CVE-2021-28694.html https://www.suse.com/security/cve/CVE-2021-28695.html https://www.suse.com/security/cve/CVE-2021-28696.html https://www.suse.com/security/cve/CVE-2021-28697.html https://www.suse.com/security/cve/CVE-2021-28698.html https://www.suse.com/security/cve/CVE-2021-28699.html https://www.suse.com/security/cve/CVE-2021-3308.html https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3594.html https://www.suse.com/security/cve/CVE-2021-3595.html https://bugzilla.suse.com/1181254 https://bugzilla.suse.com/1182654 https://bugzilla.suse.com/1186429 https://bugzilla.suse.com/1186433 https://bugzilla.suse.com/1186434 https://bugzilla.suse.com/1187369 https://bugzilla.suse.com/1187376 https://bugzilla.suse.com/1187378 https://bugzilla.suse.com/1189373 https://bugzilla.suse.com/1189376 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189380 https://bugzilla.suse.com/1189882 From sle-updates at lists.suse.com Sat Sep 4 06:28:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Sep 2021 08:28:48 +0200 (CEST) Subject: SUSE-CU-2021:294-1: Security update of suse/sles12sp3 Message-ID: <20210904062848.042B0FD9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:294-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.296 , suse/sles12sp3:latest Container Release : 24.296 Severity : important Type : security References : 1154661 1187466 1188698 1188891 1189521 CVE-2019-18218 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2825-1 Released: Tue Aug 24 16:14:11 2021 Summary: Security update for openssl Type: security Severity: important References: 1189521,CVE-2021-3712 This update for openssl fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2859-1 Released: Fri Aug 27 13:57:36 2021 Summary: Recommended update for bzip2 Type: recommended Severity: moderate References: 1188891 This update for bzip2 fixes the following issues: - Disable a optimization that caused crashes with libarchive due to uninitialized memory. (bsc#1188891) - Fixed bashisms in bzgrep and bznew ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2903-1 Released: Wed Sep 1 13:09:42 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1188698 This update for cracklib fixes the following issue: - Provide 'cracklib-dict-small' to SUSE Linux Enterprise Server 12-SP5 (bsc#1188698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2930-1 Released: Thu Sep 2 14:48:43 2021 Summary: Security update for file Type: security Severity: important References: 1154661,CVE-2019-18218 This update for file fixes the following issues: - CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2936-1 Released: Thu Sep 2 21:14:49 2021 Summary: Recommended update for zypper Type: recommended Severity: low References: 1187466 This update for zypper fixes the following issues: - Fix for man: point out more clearly that patches update affected packages to the latest available version. (bsc#1187466) From sle-updates at lists.suse.com Sat Sep 4 06:43:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Sep 2021 08:43:51 +0200 (CEST) Subject: SUSE-CU-2021:295-1: Security update of suse/sles12sp4 Message-ID: <20210904064351.6C234FD9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:295-1 Container Tags : suse/sles12sp4:26.340 , suse/sles12sp4:latest Container Release : 26.340 Severity : important Type : security References : 1154661 1187466 1188698 1188891 1189521 CVE-2019-18218 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2826-1 Released: Tue Aug 24 16:16:02 2021 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1189521,CVE-2021-3712 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2859-1 Released: Fri Aug 27 13:57:36 2021 Summary: Recommended update for bzip2 Type: recommended Severity: moderate References: 1188891 This update for bzip2 fixes the following issues: - Disable a optimization that caused crashes with libarchive due to uninitialized memory. (bsc#1188891) - Fixed bashisms in bzgrep and bznew ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2903-1 Released: Wed Sep 1 13:09:42 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1188698 This update for cracklib fixes the following issue: - Provide 'cracklib-dict-small' to SUSE Linux Enterprise Server 12-SP5 (bsc#1188698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2930-1 Released: Thu Sep 2 14:48:43 2021 Summary: Security update for file Type: security Severity: important References: 1154661,CVE-2019-18218 This update for file fixes the following issues: - CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2936-1 Released: Thu Sep 2 21:14:49 2021 Summary: Recommended update for zypper Type: recommended Severity: low References: 1187466 This update for zypper fixes the following issues: - Fix for man: point out more clearly that patches update affected packages to the latest available version. (bsc#1187466) From sle-updates at lists.suse.com Sat Sep 4 06:55:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Sep 2021 08:55:28 +0200 (CEST) Subject: SUSE-CU-2021:296-1: Security update of suse/sles12sp5 Message-ID: <20210904065528.4DA7DFD9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:296-1 Container Tags : suse/sles12sp5:6.5.225 , suse/sles12sp5:latest Container Release : 6.5.225 Severity : important Type : security References : 1154661 1187466 1188698 1188891 1189521 CVE-2019-18218 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2826-1 Released: Tue Aug 24 16:16:02 2021 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1189521,CVE-2021-3712 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2859-1 Released: Fri Aug 27 13:57:36 2021 Summary: Recommended update for bzip2 Type: recommended Severity: moderate References: 1188891 This update for bzip2 fixes the following issues: - Disable a optimization that caused crashes with libarchive due to uninitialized memory. (bsc#1188891) - Fixed bashisms in bzgrep and bznew ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2903-1 Released: Wed Sep 1 13:09:42 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1188698 This update for cracklib fixes the following issue: - Provide 'cracklib-dict-small' to SUSE Linux Enterprise Server 12-SP5 (bsc#1188698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2930-1 Released: Thu Sep 2 14:48:43 2021 Summary: Security update for file Type: security Severity: important References: 1154661,CVE-2019-18218 This update for file fixes the following issues: - CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2936-1 Released: Thu Sep 2 21:14:49 2021 Summary: Recommended update for zypper Type: recommended Severity: low References: 1187466 This update for zypper fixes the following issues: - Fix for man: point out more clearly that patches update affected packages to the latest available version. (bsc#1187466) From sle-updates at lists.suse.com Sat Sep 4 07:21:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Sep 2021 09:21:10 +0200 (CEST) Subject: SUSE-CU-2021:297-1: Security update of suse/sle15 Message-ID: <20210904072110.1F01AFD9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:297-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.447 Container Release : 4.22.447 Severity : important Type : security References : 1184614 1189521 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2829-1 Released: Tue Aug 24 16:19:47 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) From sle-updates at lists.suse.com Sat Sep 4 07:41:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Sep 2021 09:41:14 +0200 (CEST) Subject: SUSE-CU-2021:298-1: Security update of suse/sle15 Message-ID: <20210904074114.512B6FDFA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:298-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.502 Container Release : 6.2.502 Severity : important Type : security References : 1184614 1189521 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2831-1 Released: Tue Aug 24 16:20:45 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) From sle-updates at lists.suse.com Sat Sep 4 07:54:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Sep 2021 09:54:20 +0200 (CEST) Subject: SUSE-CU-2021:299-1: Security update of suse/sle15 Message-ID: <20210904075420.A0AD1FDED@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:299-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.13 Container Release : 9.5.13 Severity : important Type : security References : 1184614 1189520 1189521 CVE-2021-3711 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) From sle-updates at lists.suse.com Sat Sep 4 07:54:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Sep 2021 09:54:49 +0200 (CEST) Subject: SUSE-CU-2021:301-1: Recommended update of suse/dotnet-sdk Message-ID: <20210904075449.AF445FDED@maintenance.suse.de> SUSE Container Update Advisory: suse/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:301-1 Container Tags : suse/dotnet-sdk:3.1 , suse/dotnet-sdk:3.1.202 Container Release : 7.9.1 Severity : moderate Type : recommended References : 1099521 1188127 ----------------------------------------------------------------- The container suse/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). From sle-updates at lists.suse.com Sat Sep 4 07:55:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Sep 2021 09:55:13 +0200 (CEST) Subject: SUSE-CU-2021:303-1: Recommended update of suse/dotnet-aspnet Message-ID: <20210904075513.4FC2BFDED@maintenance.suse.de> SUSE Container Update Advisory: suse/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:303-1 Container Tags : suse/dotnet-aspnet:3.1 , suse/dotnet-aspnet:3.1.202 Container Release : 7.9.1 Severity : moderate Type : recommended References : 1099521 1188127 ----------------------------------------------------------------- The container suse/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). From sle-updates at lists.suse.com Sat Sep 4 07:58:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Sep 2021 09:58:52 +0200 (CEST) Subject: SUSE-CU-2021:304-1: Security update of suse/sle15 Message-ID: <20210904075852.78A0BFD9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:304-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.5.39 Container Release : 17.5.39 Severity : important Type : security References : 1184614 1189520 1189521 CVE-2021-3711 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) From sle-updates at lists.suse.com Mon Sep 6 13:16:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Sep 2021 15:16:37 +0200 (CEST) Subject: SUSE-SU-2021:2957-1: important: Security update for xen Message-ID: <20210906131637.8000AFD9C@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2957-1 Rating: important References: #1182654 #1186429 #1186433 #1186434 #1187369 #1187376 #1187378 #1189373 #1189376 #1189378 #1189380 #1189882 Cross-References: CVE-2021-0089 CVE-2021-20255 CVE-2021-28690 CVE-2021-28692 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVSS scores: CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-28694 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28695 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28696 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28698 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28699 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-3594: slirp: invalid pointer initialization may lead to information disclosure (udp)(bsc#1187378). - CVE-2021-3595: slirp: invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-3592: slirp: invalid pointer initialization may lead to information disclosure (bootp)(bsc#1187369). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2957=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2957=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2957=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2957=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2957=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2957=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_20-3.91.1 xen-debugsource-4.9.4_20-3.91.1 xen-doc-html-4.9.4_20-3.91.1 xen-libs-32bit-4.9.4_20-3.91.1 xen-libs-4.9.4_20-3.91.1 xen-libs-debuginfo-32bit-4.9.4_20-3.91.1 xen-libs-debuginfo-4.9.4_20-3.91.1 xen-tools-4.9.4_20-3.91.1 xen-tools-debuginfo-4.9.4_20-3.91.1 xen-tools-domU-4.9.4_20-3.91.1 xen-tools-domU-debuginfo-4.9.4_20-3.91.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_20-3.91.1 xen-debugsource-4.9.4_20-3.91.1 xen-doc-html-4.9.4_20-3.91.1 xen-libs-32bit-4.9.4_20-3.91.1 xen-libs-4.9.4_20-3.91.1 xen-libs-debuginfo-32bit-4.9.4_20-3.91.1 xen-libs-debuginfo-4.9.4_20-3.91.1 xen-tools-4.9.4_20-3.91.1 xen-tools-debuginfo-4.9.4_20-3.91.1 xen-tools-domU-4.9.4_20-3.91.1 xen-tools-domU-debuginfo-4.9.4_20-3.91.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_20-3.91.1 xen-debugsource-4.9.4_20-3.91.1 xen-doc-html-4.9.4_20-3.91.1 xen-libs-32bit-4.9.4_20-3.91.1 xen-libs-4.9.4_20-3.91.1 xen-libs-debuginfo-32bit-4.9.4_20-3.91.1 xen-libs-debuginfo-4.9.4_20-3.91.1 xen-tools-4.9.4_20-3.91.1 xen-tools-debuginfo-4.9.4_20-3.91.1 xen-tools-domU-4.9.4_20-3.91.1 xen-tools-domU-debuginfo-4.9.4_20-3.91.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_20-3.91.1 xen-debugsource-4.9.4_20-3.91.1 xen-doc-html-4.9.4_20-3.91.1 xen-libs-32bit-4.9.4_20-3.91.1 xen-libs-4.9.4_20-3.91.1 xen-libs-debuginfo-32bit-4.9.4_20-3.91.1 xen-libs-debuginfo-4.9.4_20-3.91.1 xen-tools-4.9.4_20-3.91.1 xen-tools-debuginfo-4.9.4_20-3.91.1 xen-tools-domU-4.9.4_20-3.91.1 xen-tools-domU-debuginfo-4.9.4_20-3.91.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_20-3.91.1 xen-debugsource-4.9.4_20-3.91.1 xen-doc-html-4.9.4_20-3.91.1 xen-libs-32bit-4.9.4_20-3.91.1 xen-libs-4.9.4_20-3.91.1 xen-libs-debuginfo-32bit-4.9.4_20-3.91.1 xen-libs-debuginfo-4.9.4_20-3.91.1 xen-tools-4.9.4_20-3.91.1 xen-tools-debuginfo-4.9.4_20-3.91.1 xen-tools-domU-4.9.4_20-3.91.1 xen-tools-domU-debuginfo-4.9.4_20-3.91.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_20-3.91.1 xen-debugsource-4.9.4_20-3.91.1 xen-doc-html-4.9.4_20-3.91.1 xen-libs-32bit-4.9.4_20-3.91.1 xen-libs-4.9.4_20-3.91.1 xen-libs-debuginfo-32bit-4.9.4_20-3.91.1 xen-libs-debuginfo-4.9.4_20-3.91.1 xen-tools-4.9.4_20-3.91.1 xen-tools-debuginfo-4.9.4_20-3.91.1 xen-tools-domU-4.9.4_20-3.91.1 xen-tools-domU-debuginfo-4.9.4_20-3.91.1 References: https://www.suse.com/security/cve/CVE-2021-0089.html https://www.suse.com/security/cve/CVE-2021-20255.html https://www.suse.com/security/cve/CVE-2021-28690.html https://www.suse.com/security/cve/CVE-2021-28692.html https://www.suse.com/security/cve/CVE-2021-28694.html https://www.suse.com/security/cve/CVE-2021-28695.html https://www.suse.com/security/cve/CVE-2021-28696.html https://www.suse.com/security/cve/CVE-2021-28697.html https://www.suse.com/security/cve/CVE-2021-28698.html https://www.suse.com/security/cve/CVE-2021-28699.html https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3594.html https://www.suse.com/security/cve/CVE-2021-3595.html https://bugzilla.suse.com/1182654 https://bugzilla.suse.com/1186429 https://bugzilla.suse.com/1186433 https://bugzilla.suse.com/1186434 https://bugzilla.suse.com/1187369 https://bugzilla.suse.com/1187376 https://bugzilla.suse.com/1187378 https://bugzilla.suse.com/1189373 https://bugzilla.suse.com/1189376 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189380 https://bugzilla.suse.com/1189882 From sle-updates at lists.suse.com Mon Sep 6 13:19:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Sep 2021 15:19:06 +0200 (CEST) Subject: SUSE-SU-2021:2958-1: important: Security update for xerces-c Message-ID: <20210906131906.CC9F6FD9C@maintenance.suse.de> SUSE Security Update: Security update for xerces-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2958-1 Rating: important References: #1159552 Cross-References: CVE-2018-1311 CVSS scores: CVE-2018-1311 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1311 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs (bsc#1159552). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2958=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libxerces-c-3_1-3.1.4-10.3.1 libxerces-c-3_1-debuginfo-3.1.4-10.3.1 libxerces-c-devel-3.1.4-10.3.1 xerces-c-debuginfo-3.1.4-10.3.1 xerces-c-debugsource-3.1.4-10.3.1 References: https://www.suse.com/security/cve/CVE-2018-1311.html https://bugzilla.suse.com/1159552 From sle-updates at lists.suse.com Mon Sep 6 13:22:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Sep 2021 15:22:24 +0200 (CEST) Subject: SUSE-RU-2021:2956-1: moderate: Recommended update for openCryptoki Message-ID: <20210906132224.51E6AFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2956-1 Rating: moderate References: #1188879 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openCryptoki fixes the following issues: - Opencryptoki slot daemon not able to start after migration. (bsc#1188879) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2956=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openCryptoki-3.15.1-5.6.1 openCryptoki-debuginfo-3.15.1-5.6.1 openCryptoki-debugsource-3.15.1-5.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le s390x x86_64): openCryptoki-devel-3.15.1-5.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le s390x): openCryptoki-64bit-3.15.1-5.6.1 openCryptoki-64bit-debuginfo-3.15.1-5.6.1 References: https://bugzilla.suse.com/1188879 From sle-updates at lists.suse.com Mon Sep 6 16:16:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Sep 2021 18:16:09 +0200 (CEST) Subject: SUSE-RU-2021:2960-1: moderate: Recommended update for habootstrap-formula Message-ID: <20210906161609.0E7B9FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for habootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2960-1 Rating: moderate References: #1181731 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for habootstrap-formula fixes the following issue: - Fix SUSE Manager integration. (bsc#1181731) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-2960=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-2960=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-2960=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-2960=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): habootstrap-formula-0.4.2+git.1623406073.ac4a6b1-3.17.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): habootstrap-formula-0.4.2+git.1623406073.ac4a6b1-3.17.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): habootstrap-formula-0.4.2+git.1623406073.ac4a6b1-3.17.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): habootstrap-formula-0.4.2+git.1623406073.ac4a6b1-3.17.1 References: https://bugzilla.suse.com/1181731 From sle-updates at lists.suse.com Mon Sep 6 16:17:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Sep 2021 18:17:18 +0200 (CEST) Subject: SUSE-RU-2021:2959-1: important: Recommended update for corosync Message-ID: <20210906161718.903C0FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2959-1 Rating: important References: #1189680 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for corosync fixes the following issue: - Add 'cancel_hold_on_retransmit' config option on corosync totem (bsc#1189680) - This option allows Corosync to hold the token by representative when there are too many retransmit messages. This allows the network to process increased load without overloading it. The used mechanism is same as described for the hold directive. Some deployments may prefer to never hold token when there is retransmit messages. If so, the option should be set to yes. The default value is no. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-2959=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): corosync-2.4.5-10.14.6.1 corosync-debuginfo-2.4.5-10.14.6.1 corosync-debugsource-2.4.5-10.14.6.1 corosync-qdevice-2.4.5-10.14.6.1 corosync-qdevice-debuginfo-2.4.5-10.14.6.1 corosync-qnetd-2.4.5-10.14.6.1 corosync-qnetd-debuginfo-2.4.5-10.14.6.1 corosync-testagents-2.4.5-10.14.6.1 corosync-testagents-debuginfo-2.4.5-10.14.6.1 libcfg6-2.4.5-10.14.6.1 libcfg6-debuginfo-2.4.5-10.14.6.1 libcmap4-2.4.5-10.14.6.1 libcmap4-debuginfo-2.4.5-10.14.6.1 libcorosync-devel-2.4.5-10.14.6.1 libcorosync_common4-2.4.5-10.14.6.1 libcorosync_common4-debuginfo-2.4.5-10.14.6.1 libcpg4-2.4.5-10.14.6.1 libcpg4-debuginfo-2.4.5-10.14.6.1 libquorum5-2.4.5-10.14.6.1 libquorum5-debuginfo-2.4.5-10.14.6.1 libsam4-2.4.5-10.14.6.1 libsam4-debuginfo-2.4.5-10.14.6.1 libtotem_pg5-2.4.5-10.14.6.1 libtotem_pg5-debuginfo-2.4.5-10.14.6.1 libvotequorum8-2.4.5-10.14.6.1 libvotequorum8-debuginfo-2.4.5-10.14.6.1 References: https://bugzilla.suse.com/1189680 From sle-updates at lists.suse.com Mon Sep 6 16:18:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Sep 2021 18:18:24 +0200 (CEST) Subject: SUSE-RU-2021:2961-1: moderate: Recommended update for inkscape Message-ID: <20210906161824.12172FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for inkscape ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2961-1 Rating: moderate References: #1188158 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This recommended update for inkscape provide the following fixes: - Branch Inkscape on SUSE Linux Enterprise 15-SP2 and avoid to build it with the old libpoppler version. (bsc#1188158) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-2961=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): inkscape-0.92.2-12.4.1 inkscape-debuginfo-0.92.2-12.4.1 inkscape-debugsource-0.92.2-12.4.1 inkscape-extensions-dia-0.92.2-12.4.1 inkscape-extensions-extra-0.92.2-12.4.1 inkscape-extensions-fig-0.92.2-12.4.1 inkscape-extensions-gimp-0.92.2-12.4.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): inkscape-lang-0.92.2-12.4.1 References: https://bugzilla.suse.com/1188158 From sle-updates at lists.suse.com Mon Sep 6 22:16:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 00:16:16 +0200 (CEST) Subject: SUSE-RU-2021:2963-1: important: Recommended update for corosync Message-ID: <20210906221616.5B2E8FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2963-1 Rating: important References: #1189680 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for corosync fixes the following issues: - Add 'cancel_hold_on_retransmit' config option on corosync totem (bsc#1189680) - This option allows Corosync to hold the token by representative when there are too many retransmit messages. This allows the network to process increased load without overloading it. The used mechanism is same as described for the hold directive. Some deployments may prefer to never hold token when there is retransmit messages. If so, the option should be set to yes. The default value is no. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2963=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-2963=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-2963=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-2963=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): corosync-debuginfo-2.3.6-9.19.1 corosync-debugsource-2.3.6-9.19.1 libcorosync-devel-2.3.6-9.19.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): corosync-2.3.6-9.19.1 corosync-debuginfo-2.3.6-9.19.1 corosync-debugsource-2.3.6-9.19.1 libcorosync4-2.3.6-9.19.1 libcorosync4-debuginfo-2.3.6-9.19.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): corosync-2.3.6-9.19.1 corosync-debuginfo-2.3.6-9.19.1 corosync-debugsource-2.3.6-9.19.1 libcorosync4-2.3.6-9.19.1 libcorosync4-debuginfo-2.3.6-9.19.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): corosync-2.3.6-9.19.1 corosync-debuginfo-2.3.6-9.19.1 corosync-debugsource-2.3.6-9.19.1 libcorosync4-2.3.6-9.19.1 libcorosync4-debuginfo-2.3.6-9.19.1 References: https://bugzilla.suse.com/1189680 From sle-updates at lists.suse.com Mon Sep 6 22:17:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 00:17:27 +0200 (CEST) Subject: SUSE-RU-2021:2962-1: critical: Recommended update for runc Message-ID: <20210906221727.55491FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for runc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2962-1 Rating: critical References: #1189743 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2962=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-2962=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-2962=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-2962=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): runc-1.0.0~rc93-1.17.1 runc-debuginfo-1.0.0~rc93-1.17.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): runc-1.0.0~rc93-1.17.1 runc-debuginfo-1.0.0~rc93-1.17.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): runc-1.0.0~rc93-1.17.1 runc-debuginfo-1.0.0~rc93-1.17.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): runc-1.0.0~rc93-1.17.1 runc-debuginfo-1.0.0~rc93-1.17.1 References: https://bugzilla.suse.com/1189743 From sle-updates at lists.suse.com Mon Sep 6 22:19:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 00:19:43 +0200 (CEST) Subject: SUSE-RU-2021:2964-1: Recommended update for SUSE-MicroOS-release Message-ID: <20210906221943.76474FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE-MicroOS-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2964-1 Rating: low References: MSC-132 MSC-181 Affected Products: SUSE MicroOS 5.0 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for SUSE-MicroOS-release provides the following fix: - Adjusted the EOL date for this product. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2964=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): SUSE-MicroOS-release-5.0-29.1 References: From sle-updates at lists.suse.com Tue Sep 7 13:17:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 15:17:27 +0200 (CEST) Subject: SUSE-SU-2021:2971-1: important: Security update for ntfs-3g_ntfsprogs Message-ID: <20210907131727.E06D6FDED@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2971-1 Rating: important References: #1189720 Cross-References: CVE-2019-9755 CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263 CVSS scores: CVE-2019-9755 (NVD) : 7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-9755 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: Update to version 2021.8.22 (bsc#1189720): * Fixed compile error when building with libfuse < 2.8.0 * Fixed obsolete macros in configure.ac * Signalled support of UTIME_OMIT to external libfuse2 * Fixed an improper macro usage in ntfscp.c * Updated the repository change in the README * Fixed vulnerability threats caused by maliciously tampered NTFS partitions * Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. - Library soversion is now 89 * Changes in version 2017.3.23 * Delegated processing of special reparse points to external plugins * Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs * Enabled fallback to read-only mount when the volume is hibernated * Made a full check for whether an extended attribute is allowed * Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap) * Enabled encoding broken UTF-16 into broken UTF-8 * Autoconfigured selecting vs * Allowed using the full library API on systems without extended attributes support * Fixed DISABLE_PLUGINS as the condition for not using plugins * Corrected validation of multi sector transfer protected records * Denied creating/removing files from $Extend * Returned the size of locale encoded target as the size of symlinks Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-2971=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-2971=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libntfs-3g-devel-2021.8.22-3.8.1 libntfs-3g87-2021.8.22-3.8.1 libntfs-3g87-debuginfo-2021.8.22-3.8.1 ntfs-3g-2021.8.22-3.8.1 ntfs-3g-debuginfo-2021.8.22-3.8.1 ntfs-3g_ntfsprogs-debuginfo-2021.8.22-3.8.1 ntfs-3g_ntfsprogs-debugsource-2021.8.22-3.8.1 ntfsprogs-2021.8.22-3.8.1 ntfsprogs-debuginfo-2021.8.22-3.8.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libntfs-3g-devel-2021.8.22-3.8.1 libntfs-3g87-2021.8.22-3.8.1 libntfs-3g87-debuginfo-2021.8.22-3.8.1 ntfs-3g-2021.8.22-3.8.1 ntfs-3g-debuginfo-2021.8.22-3.8.1 ntfs-3g_ntfsprogs-debuginfo-2021.8.22-3.8.1 ntfs-3g_ntfsprogs-debugsource-2021.8.22-3.8.1 ntfsprogs-2021.8.22-3.8.1 ntfsprogs-debuginfo-2021.8.22-3.8.1 References: https://www.suse.com/security/cve/CVE-2019-9755.html https://www.suse.com/security/cve/CVE-2021-33285.html https://www.suse.com/security/cve/CVE-2021-33286.html https://www.suse.com/security/cve/CVE-2021-33287.html https://www.suse.com/security/cve/CVE-2021-33289.html https://www.suse.com/security/cve/CVE-2021-35266.html https://www.suse.com/security/cve/CVE-2021-35267.html https://www.suse.com/security/cve/CVE-2021-35268.html https://www.suse.com/security/cve/CVE-2021-35269.html https://www.suse.com/security/cve/CVE-2021-39251.html https://www.suse.com/security/cve/CVE-2021-39252.html https://www.suse.com/security/cve/CVE-2021-39253.html https://www.suse.com/security/cve/CVE-2021-39255.html https://www.suse.com/security/cve/CVE-2021-39256.html https://www.suse.com/security/cve/CVE-2021-39257.html https://www.suse.com/security/cve/CVE-2021-39258.html https://www.suse.com/security/cve/CVE-2021-39259.html https://www.suse.com/security/cve/CVE-2021-39260.html https://www.suse.com/security/cve/CVE-2021-39261.html https://www.suse.com/security/cve/CVE-2021-39262.html https://www.suse.com/security/cve/CVE-2021-39263.html https://bugzilla.suse.com/1189720 From sle-updates at lists.suse.com Tue Sep 7 13:18:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 15:18:45 +0200 (CEST) Subject: SUSE-SU-2021:2968-1: Security update for openssl-1_1 Message-ID: <20210907131845.43D58FDED@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2968-1 Rating: low References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2968=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2968=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2968=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2968=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2968=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2968=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-14.21.2 libopenssl1_1-1.1.0i-14.21.2 libopenssl1_1-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-1.1.0i-14.21.2 openssl-1_1-1.1.0i-14.21.2 openssl-1_1-debuginfo-1.1.0i-14.21.2 openssl-1_1-debugsource-1.1.0i-14.21.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-32bit-1.1.0i-14.21.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-14.21.2 libopenssl1_1-1.1.0i-14.21.2 libopenssl1_1-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-1.1.0i-14.21.2 openssl-1_1-1.1.0i-14.21.2 openssl-1_1-debuginfo-1.1.0i-14.21.2 openssl-1_1-debugsource-1.1.0i-14.21.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-32bit-1.1.0i-14.21.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_1-devel-1.1.0i-14.21.2 libopenssl-1_1-devel-32bit-1.1.0i-14.21.2 libopenssl1_1-1.1.0i-14.21.2 libopenssl1_1-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-debuginfo-1.1.0i-14.21.2 libopenssl1_1-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-1.1.0i-14.21.2 libopenssl1_1-hmac-32bit-1.1.0i-14.21.2 openssl-1_1-1.1.0i-14.21.2 openssl-1_1-debuginfo-1.1.0i-14.21.2 openssl-1_1-debugsource-1.1.0i-14.21.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.21.2 libopenssl1_1-1.1.0i-14.21.2 libopenssl1_1-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-1.1.0i-14.21.2 openssl-1_1-1.1.0i-14.21.2 openssl-1_1-debuginfo-1.1.0i-14.21.2 openssl-1_1-debugsource-1.1.0i-14.21.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-32bit-1.1.0i-14.21.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.21.2 libopenssl1_1-1.1.0i-14.21.2 libopenssl1_1-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-1.1.0i-14.21.2 openssl-1_1-1.1.0i-14.21.2 openssl-1_1-debuginfo-1.1.0i-14.21.2 openssl-1_1-debugsource-1.1.0i-14.21.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-32bit-1.1.0i-14.21.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.21.2 libopenssl1_1-1.1.0i-14.21.2 libopenssl1_1-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-1.1.0i-14.21.2 openssl-1_1-1.1.0i-14.21.2 openssl-1_1-debuginfo-1.1.0i-14.21.2 openssl-1_1-debugsource-1.1.0i-14.21.2 - SUSE Enterprise Storage 6 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-32bit-1.1.0i-14.21.2 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_1-devel-1.1.0i-14.21.2 libopenssl-1_1-devel-32bit-1.1.0i-14.21.2 libopenssl1_1-1.1.0i-14.21.2 libopenssl1_1-32bit-1.1.0i-14.21.2 libopenssl1_1-32bit-debuginfo-1.1.0i-14.21.2 libopenssl1_1-debuginfo-1.1.0i-14.21.2 libopenssl1_1-hmac-1.1.0i-14.21.2 libopenssl1_1-hmac-32bit-1.1.0i-14.21.2 openssl-1_1-1.1.0i-14.21.2 openssl-1_1-debuginfo-1.1.0i-14.21.2 openssl-1_1-debugsource-1.1.0i-14.21.2 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Sep 7 13:23:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 15:23:54 +0200 (CEST) Subject: SUSE-SU-2021:2967-1: Security update for openssl-1_1 Message-ID: <20210907132354.14657FDED@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2967-1 Rating: low References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2967=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2967=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2967=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2967=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-4.63.1 libopenssl1_1-1.1.0i-4.63.1 libopenssl1_1-debuginfo-1.1.0i-4.63.1 libopenssl1_1-hmac-1.1.0i-4.63.1 openssl-1_1-1.1.0i-4.63.1 openssl-1_1-debuginfo-1.1.0i-4.63.1 openssl-1_1-debugsource-1.1.0i-4.63.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libopenssl1_1-32bit-1.1.0i-4.63.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.63.1 libopenssl1_1-hmac-32bit-1.1.0i-4.63.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_1-devel-1.1.0i-4.63.1 libopenssl1_1-1.1.0i-4.63.1 libopenssl1_1-debuginfo-1.1.0i-4.63.1 libopenssl1_1-hmac-1.1.0i-4.63.1 openssl-1_1-1.1.0i-4.63.1 openssl-1_1-debuginfo-1.1.0i-4.63.1 openssl-1_1-debugsource-1.1.0i-4.63.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-4.63.1 libopenssl1_1-1.1.0i-4.63.1 libopenssl1_1-debuginfo-1.1.0i-4.63.1 libopenssl1_1-hmac-1.1.0i-4.63.1 openssl-1_1-1.1.0i-4.63.1 openssl-1_1-debuginfo-1.1.0i-4.63.1 openssl-1_1-debugsource-1.1.0i-4.63.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libopenssl1_1-32bit-1.1.0i-4.63.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.63.1 libopenssl1_1-hmac-32bit-1.1.0i-4.63.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-4.63.1 libopenssl1_1-1.1.0i-4.63.1 libopenssl1_1-debuginfo-1.1.0i-4.63.1 libopenssl1_1-hmac-1.1.0i-4.63.1 openssl-1_1-1.1.0i-4.63.1 openssl-1_1-debuginfo-1.1.0i-4.63.1 openssl-1_1-debugsource-1.1.0i-4.63.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libopenssl1_1-32bit-1.1.0i-4.63.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.63.1 libopenssl1_1-hmac-32bit-1.1.0i-4.63.1 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Sep 7 13:25:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 15:25:08 +0200 (CEST) Subject: SUSE-SU-2021:2965-1: important: Security update for ntfs-3g_ntfsprogs Message-ID: <20210907132508.26E10FDED@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2965-1 Rating: important References: #1189720 Cross-References: CVE-2017-0358 CVE-2019-9755 CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263 CVSS scores: CVE-2017-0358 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-9755 (NVD) : 7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-9755 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: Update to version 2021.8.22 (bsc#1189720): * Signalled support of UTIME_OMIT to external libfuse2 * Updated the repository change in the README * Fixed vulnerability threats caused by maliciously tampered NTFS partitions * Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. Changes in version 2017.3.23: * Delegated processing of special reparse points to external plugins * Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs * Enabled fallback to read-only mount when the volume is hibernated * Made a full check for whether an extended attribute is allowed * Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap) * Enabled encoding broken UTF-16 into broken UTF-8 * Autoconfigured selecting vs * Allowed using the full library API on systems without extended attributes support * Fixed DISABLE_PLUGINS as the condition for not using plugins * Corrected validation of multi sector transfer protected records * Denied creating/removing files from $Extend * Returned the size of locale encoded target as the size of symlinks Changes in version 2016.2.22: - Changes to NTFS-3G driver: - Write as much data as possible in compressed attribute pwrite - Fixed getting space for making an index non resident - Alleviated constraints relative to reparse points - Fixed special case of decompressing a runlist - Fixed returning the trimming count to fstrim() - Fixed the range of valid subauthority counts in a SID - Updated the read-only flag even when the security attribute was cached - Defended against reusing data from an invalid MFT record - Simplified NTFS ACLs when group same as owner and same permission as world - Packed/unpacked st_rdev transported as 32-bits on Solaris 64-bits - Zero uninitialized bytes before writing compressed data - Clear the environment when starting mount or umount - Implemented rewinding a directory in lowntfs-3g - Use incremental offsets when reading a directory in lowntfs-3g - Changes to mkntfs: - Make installing mkntfs /sbin symlinks dependent on ENABLE_MOUNT_HELPER - Mention the starting sector when it overflows in mkntfs - Upgraded the upper-case table to same as Windows 7, 8 and 10 - Changes to ntfsresize: - Fixed relocating the MFT runlists - Decode the full list of bad clusters - Fixed resizing an extended bad cluster list - Changes to ntfsclone: - Decoded the full list of bad clusters - Changes to ntfsinfo: - Displayed reparse point information - Changes to ntfsdecrypt: - Fixed DESX decryption - Changes to ntfswipe: - Added clarifications about several options to the manual - New ntfsprogs tool: - Included ntfsrecover to recover the updates committed by Windows (experimental) - Overall: - Made a general cleanup of endianness types for easier checks Changes in version 2015.3.14: - ntfs-3g: Fixed inserting a new ACL after wiping out by chkdsk - ntfs-3g: Fixed Windows-type inheritance - ntfs-3g: Fixed ignoring the umask mount option when permissions are used - ntfs-3g: Fixed checking permissions when Posix ACLs are compiled in but not enabled - ntfs-3g: Disabled option remove_hiberfile on read-only mounts - ntfs-3g: Implemented an extended attribute to get/set EAs - ntfs-3g: Avoid full runlist updating in more situations - ntfs-3g: Update ctime after setting an ACL - ntfs-3g: Use MFT record 15 for the first extent to MFT:DATA - ntfs-3g: Ignore the sloppy mount option (-s) - ntfs-3g: Implemented FITRIM (fstrim) ioctl - ntfs-3g: Reengineered the compression algorithm - ntfsprogs: Added manuals for ntfsdecrypt, ntfswipe, ntfstruncate and ntfsfallocate Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-2965=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2965=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libntfs-3g84-2021.8.22-5.9.1 libntfs-3g84-debuginfo-2021.8.22-5.9.1 ntfs-3g-2021.8.22-5.9.1 ntfs-3g-debuginfo-2021.8.22-5.9.1 ntfs-3g_ntfsprogs-debugsource-2021.8.22-5.9.1 ntfsprogs-2021.8.22-5.9.1 ntfsprogs-debuginfo-2021.8.22-5.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2021.8.22-5.9.1 libntfs-3g84-2021.8.22-5.9.1 libntfs-3g84-debuginfo-2021.8.22-5.9.1 ntfs-3g_ntfsprogs-debugsource-2021.8.22-5.9.1 References: https://www.suse.com/security/cve/CVE-2017-0358.html https://www.suse.com/security/cve/CVE-2019-9755.html https://www.suse.com/security/cve/CVE-2021-33285.html https://www.suse.com/security/cve/CVE-2021-33286.html https://www.suse.com/security/cve/CVE-2021-33287.html https://www.suse.com/security/cve/CVE-2021-33289.html https://www.suse.com/security/cve/CVE-2021-35266.html https://www.suse.com/security/cve/CVE-2021-35267.html https://www.suse.com/security/cve/CVE-2021-35268.html https://www.suse.com/security/cve/CVE-2021-35269.html https://www.suse.com/security/cve/CVE-2021-39251.html https://www.suse.com/security/cve/CVE-2021-39252.html https://www.suse.com/security/cve/CVE-2021-39253.html https://www.suse.com/security/cve/CVE-2021-39255.html https://www.suse.com/security/cve/CVE-2021-39256.html https://www.suse.com/security/cve/CVE-2021-39257.html https://www.suse.com/security/cve/CVE-2021-39258.html https://www.suse.com/security/cve/CVE-2021-39259.html https://www.suse.com/security/cve/CVE-2021-39260.html https://www.suse.com/security/cve/CVE-2021-39261.html https://www.suse.com/security/cve/CVE-2021-39262.html https://www.suse.com/security/cve/CVE-2021-39263.html https://bugzilla.suse.com/1189720 From sle-updates at lists.suse.com Tue Sep 7 13:28:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 15:28:42 +0200 (CEST) Subject: SUSE-SU-2021:2966-1: Security update for openssl-1_1 Message-ID: <20210907132842.40EA3FDED@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2966-1 Rating: low References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2966=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2966=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2966=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libopenssl1_1-1.1.1d-11.30.1 libopenssl1_1-debuginfo-1.1.1d-11.30.1 openssl-1_1-1.1.1d-11.30.1 openssl-1_1-debuginfo-1.1.1d-11.30.1 openssl-1_1-debugsource-1.1.1d-11.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.30.1 libopenssl1_1-1.1.1d-11.30.1 libopenssl1_1-debuginfo-1.1.1d-11.30.1 libopenssl1_1-hmac-1.1.1d-11.30.1 openssl-1_1-1.1.1d-11.30.1 openssl-1_1-debuginfo-1.1.1d-11.30.1 openssl-1_1-debugsource-1.1.1d-11.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libopenssl1_1-32bit-1.1.1d-11.30.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.30.1 libopenssl1_1-hmac-32bit-1.1.1d-11.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.30.1 libopenssl1_1-1.1.1d-11.30.1 libopenssl1_1-debuginfo-1.1.1d-11.30.1 libopenssl1_1-hmac-1.1.1d-11.30.1 openssl-1_1-1.1.1d-11.30.1 openssl-1_1-debuginfo-1.1.1d-11.30.1 openssl-1_1-debugsource-1.1.1d-11.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libopenssl1_1-32bit-1.1.1d-11.30.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.30.1 libopenssl1_1-hmac-32bit-1.1.1d-11.30.1 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Sep 7 13:37:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 15:37:05 +0200 (CEST) Subject: SUSE-RU-2021:2970-1: moderate: Recommended update for opensc Message-ID: <20210907133705.AE540FDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for opensc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2970-1 Rating: moderate References: #1114649 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for opensc fixes the following issues: - Fixes segmentation fault in 'pkcs11-tool.c'. (bsc#1114649) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2970=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): opensc-0.13.0-3.14.1 opensc-debuginfo-0.13.0-3.14.1 opensc-debugsource-0.13.0-3.14.1 References: https://bugzilla.suse.com/1114649 From sle-updates at lists.suse.com Tue Sep 7 19:16:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 21:16:36 +0200 (CEST) Subject: SUSE-RU-2021:2972-1: moderate: Recommended update for yast2 Message-ID: <20210907191636.E9AA7FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2972-1 Rating: moderate References: #1187581 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2 fixes the following issues: - Do not escape "$" in URL paths. (bsc#1187581) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2972=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2972=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-2972=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): yast2-logs-4.2.95-3.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.95-3.33.1 yast2-logs-4.2.95-3.33.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.95-3.33.1 References: https://bugzilla.suse.com/1187581 From sle-updates at lists.suse.com Tue Sep 7 19:17:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 21:17:51 +0200 (CEST) Subject: SUSE-RU-2021:2974-1: important: Recommended update for librdkafka Message-ID: <20210907191751.F1E3DFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for librdkafka ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2974-1 Rating: important References: #1189792 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for librdkafka fixes the following issue: - Fixed thread creation on SUSE Linux Enterprise Server 15 SP3. (bsc#1189792) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2974=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2974=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2974=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2974=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2974=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2974=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2974=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2974=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2974=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2974=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2974=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2974=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2974=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2974=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2974=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Manager Proxy 4.0 (x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 - SUSE CaaS Platform 4.0 (x86_64): librdkafka-debugsource-0.11.6-1.6.1 librdkafka-devel-0.11.6-1.6.1 librdkafka1-0.11.6-1.6.1 librdkafka1-debuginfo-0.11.6-1.6.1 References: https://bugzilla.suse.com/1189792 From sle-updates at lists.suse.com Tue Sep 7 19:19:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Sep 2021 21:19:14 +0200 (CEST) Subject: SUSE-RU-2021:2973-1: moderate: Recommended update for hwdata Message-ID: <20210907191914.CDAD2FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwdata ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2973-1 Rating: moderate References: #1190091 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-2973=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-2973=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-2973=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2021-2973=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-2973=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-2973=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2021-2973=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2973=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2973=1 Package List: - SUSE Manager Tools 15 (noarch): hwdata-0.351-3.29.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): hwdata-0.351-3.29.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): hwdata-0.351-3.29.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): hwdata-0.351-3.29.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): hwdata-0.351-3.29.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): hwdata-0.351-3.29.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): hwdata-0.351-3.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): hwdata-0.351-3.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): hwdata-0.351-3.29.1 References: https://bugzilla.suse.com/1190091 From sle-updates at lists.suse.com Tue Sep 7 22:16:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Sep 2021 00:16:04 +0200 (CEST) Subject: SUSE-SU-2021:2975-1: moderate: Security update for haproxy Message-ID: <20210907221604.9214CFD9C@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2975-1 Rating: moderate References: #1189877 Cross-References: CVE-2021-40346 CVSS scores: CVE-2021-40346 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for haproxy fixes the following issues: - CVE-2021-40346: Fixed request smuggling vulnerability in HTX (bsc#1189877). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2975=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-2975=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): haproxy-2.0.14-11.11.1 haproxy-debuginfo-2.0.14-11.11.1 haproxy-debugsource-2.0.14-11.11.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): haproxy-2.0.14-11.11.1 haproxy-debuginfo-2.0.14-11.11.1 haproxy-debugsource-2.0.14-11.11.1 References: https://www.suse.com/security/cve/CVE-2021-40346.html https://bugzilla.suse.com/1189877 From sle-updates at lists.suse.com Wed Sep 8 13:17:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Sep 2021 15:17:50 +0200 (CEST) Subject: SUSE-RU-2021:2977-1: moderate: Recommended update for usbutils Message-ID: <20210908131750.EE6CDFDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for usbutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2977-1 Rating: moderate References: SLE-19451 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for usbutils fixes the following issue: - Update to version 0.14 (jira#SLE-19451) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2977=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): usbutils-014-3.3.1 usbutils-debuginfo-014-3.3.1 usbutils-debugsource-014-3.3.1 References: From sle-updates at lists.suse.com Wed Sep 8 13:18:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Sep 2021 15:18:53 +0200 (CEST) Subject: SUSE-RU-2021:2978-1: moderate: Recommended update for SUSEConnect Message-ID: <20210908131853.3601AFDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2978-1 Rating: moderate References: #1185611 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSEConnect fixes the following issues: - Disallow registering via SUSEConnect if the system is managed by SUSE Manager. - Add subscription name to output of 'SUSEConnect --status'. - send payload of GET requests as part of the url, not in the body (see bsc#1185611) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2978=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2978=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2978=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2978=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): SUSEConnect-0.3.31-3.37.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): SUSEConnect-0.3.31-3.37.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): SUSEConnect-0.3.31-3.37.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): SUSEConnect-0.3.31-3.37.1 References: https://bugzilla.suse.com/1185611 From sle-updates at lists.suse.com Wed Sep 8 13:20:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Sep 2021 15:20:02 +0200 (CEST) Subject: SUSE-RU-2021:2976-1: moderate: Recommended update for SUSEConnect Message-ID: <20210908132002.ACB42FDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2976-1 Rating: moderate References: #1185611 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSEConnect fixes the following issues: - Disallow registering via SUSEConnect if the system is managed by SUSE Manager. - Add subscription name to output of 'SUSEConnect --status'. - send payload of GET requests as part of the url, not in the body (see bsc#1185611) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2976=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.31-3.12.1 References: https://bugzilla.suse.com/1185611 From sle-updates at lists.suse.com Wed Sep 8 13:21:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Sep 2021 15:21:32 +0200 (CEST) Subject: SUSE-RU-2021:2979-1: moderate: Recommended update for SUSEConnect Message-ID: <20210908132132.80DFDFDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2979-1 Rating: moderate References: #1185611 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSEConnect fixes the following issues: - Disallow registering via SUSEConnect if the system is managed by SUSE Manager. - Add subscription name to output of 'SUSEConnect --status'. - send payload of GET requests as part of the url, not in the body (see bsc#1185611) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2979=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2979=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2979=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2979=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2979=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2979=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): SUSEConnect-0.3.31-7.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.31-7.22.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): SUSEConnect-0.3.31-7.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): SUSEConnect-0.3.31-7.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): SUSEConnect-0.3.31-7.22.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): SUSEConnect-0.3.31-7.22.1 - SUSE CaaS Platform 4.0 (x86_64): SUSEConnect-0.3.31-7.22.1 References: https://bugzilla.suse.com/1185611 From sle-updates at lists.suse.com Wed Sep 8 13:22:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Sep 2021 15:22:52 +0200 (CEST) Subject: SUSE-RU-2021:2980-1: moderate: Recommended update for SUSEConnect Message-ID: <20210908132252.C68CCFDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2980-1 Rating: moderate References: #1185611 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSEConnect fixes the following issues: - Disallow registering via SUSEConnect if the system is managed by SUSE Manager. - Add subscription name to output of 'SUSEConnect --status'. - send payload of GET requests as part of the url, not in the body (see bsc#1185611) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2980=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2980=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2980=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2980=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2980=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2980=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2980=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2980=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2980=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2980=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): SUSEConnect-0.3.31-3.45.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): SUSEConnect-0.3.31-3.45.1 - SUSE OpenStack Cloud 9 (x86_64): SUSEConnect-0.3.31-3.45.1 - SUSE OpenStack Cloud 8 (x86_64): SUSEConnect-0.3.31-3.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): SUSEConnect-0.3.31-3.45.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): SUSEConnect-0.3.31-3.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.31-3.45.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.31-3.45.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): SUSEConnect-0.3.31-3.45.1 - HPE Helion Openstack 8 (x86_64): SUSEConnect-0.3.31-3.45.1 References: https://bugzilla.suse.com/1185611 From sle-updates at lists.suse.com Wed Sep 8 16:16:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Sep 2021 18:16:43 +0200 (CEST) Subject: SUSE-RU-2021:2982-1: moderate: Recommended update for python Message-ID: <20210908161643.BF554FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for python ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2982-1 Rating: moderate References: #1187668 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python fixes the following issues: - Fix for python base to contain the same version numbers as are in reality the ones in the bundled wheels. (bsc#1187668) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-2982=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-2982=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2982=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-2982=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2982=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2982=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.18-7.58.1 python-base-debugsource-2.7.18-7.58.1 python-curses-2.7.18-7.58.1 python-curses-debuginfo-2.7.18-7.58.1 python-debuginfo-2.7.18-7.58.1 python-debugsource-2.7.18-7.58.1 python-devel-2.7.18-7.58.1 python-gdbm-2.7.18-7.58.1 python-gdbm-debuginfo-2.7.18-7.58.1 python-xml-2.7.18-7.58.1 python-xml-debuginfo-2.7.18-7.58.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.18-7.58.1 python-base-debugsource-2.7.18-7.58.1 python-curses-2.7.18-7.58.1 python-curses-debuginfo-2.7.18-7.58.1 python-debuginfo-2.7.18-7.58.1 python-debugsource-2.7.18-7.58.1 python-devel-2.7.18-7.58.1 python-gdbm-2.7.18-7.58.1 python-gdbm-debuginfo-2.7.18-7.58.1 python-xml-2.7.18-7.58.1 python-xml-debuginfo-2.7.18-7.58.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.18-7.58.1 python-debugsource-2.7.18-7.58.1 python-tk-2.7.18-7.58.1 python-tk-debuginfo-2.7.18-7.58.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.18-7.58.1 python-debugsource-2.7.18-7.58.1 python-tk-2.7.18-7.58.1 python-tk-debuginfo-2.7.18-7.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-7.58.1 libpython2_7-1_0-debuginfo-2.7.18-7.58.1 python-2.7.18-7.58.1 python-base-2.7.18-7.58.1 python-base-debuginfo-2.7.18-7.58.1 python-base-debugsource-2.7.18-7.58.1 python-debuginfo-2.7.18-7.58.1 python-debugsource-2.7.18-7.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-7.58.1 libpython2_7-1_0-debuginfo-2.7.18-7.58.1 python-2.7.18-7.58.1 python-base-2.7.18-7.58.1 python-base-debuginfo-2.7.18-7.58.1 python-base-debugsource-2.7.18-7.58.1 python-debuginfo-2.7.18-7.58.1 python-debugsource-2.7.18-7.58.1 References: https://bugzilla.suse.com/1187668 From sle-updates at lists.suse.com Wed Sep 8 16:19:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Sep 2021 18:19:02 +0200 (CEST) Subject: SUSE-RU-2021:2981-1: moderate: Recommended update for libGLw Message-ID: <20210908161902.EAEF2FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for libGLw ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2981-1 Rating: moderate References: ECO-3136 SLE-15018 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for libGLw fixes the following issues: - Includes everything needed for ECO to enable Motif support in SLE12-SP5 (jsc#SLE-15018, jsc#ECO-3136) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-2981=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2981=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libGLw-debugsource-8.0.0-16.6.1 libGLw1-32bit-8.0.0-16.6.1 libGLw1-8.0.0-16.6.1 libGLw1-debuginfo-32bit-8.0.0-16.6.1 libGLw1-debuginfo-8.0.0-16.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libGLw-debugsource-8.0.0-16.6.1 libGLw-devel-8.0.0-16.6.1 libGLw1-8.0.0-16.6.1 libGLw1-debuginfo-8.0.0-16.6.1 References: From sle-updates at lists.suse.com Wed Sep 8 16:20:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Sep 2021 18:20:06 +0200 (CEST) Subject: SUSE-RU-2021:2983-1: moderate: Recommended update for yast2-users Message-ID: <20210908162006.7D360FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2983-1 Rating: moderate References: #1188361 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-users fixes the following issues: - Do not rewrite authorized_keys unless it is needed (bsc#1188361). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2983=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-users-4.2.13-3.6.1 yast2-users-debuginfo-4.2.13-3.6.1 yast2-users-debugsource-4.2.13-3.6.1 References: https://bugzilla.suse.com/1188361 From sle-updates at lists.suse.com Wed Sep 8 19:16:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Sep 2021 21:16:12 +0200 (CEST) Subject: SUSE-RU-2021:2985-1: moderate: Recommended update for cryptconfig, ecryptfs-utils, libp11, engine_pkcs11, pam_p11, pam_ssh Message-ID: <20210908191612.37640FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for cryptconfig, ecryptfs-utils, libp11, engine_pkcs11, pam_p11, pam_ssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2985-1 Rating: moderate References: #1187784 SLE-18105 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for cryptconfig, ecryptfs-utils, libp11, engine_pkcs11, pam_p11, pam_ssh rebuilds the packages with a symbol versioned openssl, to allow later migration to a TLS 1.3 enabled openssl 1.1.1. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2985=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2985=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2985=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2985=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2985=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2985=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): cryptconfig-0.3-99.2.1 cryptconfig-32bit-0.3-99.2.1 cryptconfig-debuginfo-0.3-99.2.1 cryptconfig-debuginfo-32bit-0.3-99.2.1 cryptconfig-debugsource-0.3-99.2.1 ecryptfs-utils-103-14.2.2 ecryptfs-utils-32bit-103-14.2.2 ecryptfs-utils-debuginfo-103-14.2.2 ecryptfs-utils-debuginfo-32bit-103-14.2.2 ecryptfs-utils-debugsource-103-14.2.2 engine_pkcs11-0.1.8-23.2.1 engine_pkcs11-debuginfo-0.1.8-23.2.1 engine_pkcs11-debugsource-0.1.8-23.2.1 libp11-2-0.2.8-12.2.1 libp11-2-32bit-0.2.8-12.2.1 libp11-2-debuginfo-0.2.8-12.2.1 libp11-2-debuginfo-32bit-0.2.8-12.2.1 libp11-debugsource-0.2.8-12.2.1 libpkcs11-helper1-1.09-13.3.1 libpkcs11-helper1-32bit-1.09-13.3.1 libpkcs11-helper1-debuginfo-1.09-13.3.1 libpkcs11-helper1-debuginfo-32bit-1.09-13.3.1 pam_p11-0.1.5-32.2.1 pam_p11-32bit-0.1.5-32.2.1 pam_p11-debuginfo-0.1.5-32.2.1 pam_p11-debuginfo-32bit-0.1.5-32.2.1 pam_p11-debugsource-0.1.5-32.2.1 pam_ssh-2.0-8.2.1 pam_ssh-32bit-2.0-8.2.1 pam_ssh-debuginfo-2.0-8.2.1 pam_ssh-debuginfo-32bit-2.0-8.2.1 pam_ssh-debugsource-2.0-8.2.1 pkcs11-helper-1.09-13.3.1 pkcs11-helper-debugsource-1.09-13.3.1 - SUSE OpenStack Cloud 9 (x86_64): cryptconfig-0.3-99.2.1 cryptconfig-32bit-0.3-99.2.1 cryptconfig-debuginfo-0.3-99.2.1 cryptconfig-debuginfo-32bit-0.3-99.2.1 cryptconfig-debugsource-0.3-99.2.1 ecryptfs-utils-103-14.2.2 ecryptfs-utils-32bit-103-14.2.2 ecryptfs-utils-debuginfo-103-14.2.2 ecryptfs-utils-debuginfo-32bit-103-14.2.2 ecryptfs-utils-debugsource-103-14.2.2 engine_pkcs11-0.1.8-23.2.1 engine_pkcs11-debuginfo-0.1.8-23.2.1 engine_pkcs11-debugsource-0.1.8-23.2.1 libp11-2-0.2.8-12.2.1 libp11-2-32bit-0.2.8-12.2.1 libp11-2-debuginfo-0.2.8-12.2.1 libp11-2-debuginfo-32bit-0.2.8-12.2.1 libp11-debugsource-0.2.8-12.2.1 libpkcs11-helper1-1.09-13.3.1 libpkcs11-helper1-32bit-1.09-13.3.1 libpkcs11-helper1-debuginfo-1.09-13.3.1 libpkcs11-helper1-debuginfo-32bit-1.09-13.3.1 pam_p11-0.1.5-32.2.1 pam_p11-32bit-0.1.5-32.2.1 pam_p11-debuginfo-0.1.5-32.2.1 pam_p11-debuginfo-32bit-0.1.5-32.2.1 pam_p11-debugsource-0.1.5-32.2.1 pam_ssh-2.0-8.2.1 pam_ssh-32bit-2.0-8.2.1 pam_ssh-debuginfo-2.0-8.2.1 pam_ssh-debuginfo-32bit-2.0-8.2.1 pam_ssh-debugsource-2.0-8.2.1 pkcs11-helper-1.09-13.3.1 pkcs11-helper-debugsource-1.09-13.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libp11-debugsource-0.2.8-12.2.1 libp11-devel-0.2.8-12.2.1 pkcs11-helper-debugsource-1.09-13.3.1 pkcs11-helper-devel-1.09-13.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): cryptconfig-0.3-99.2.1 cryptconfig-debuginfo-0.3-99.2.1 cryptconfig-debugsource-0.3-99.2.1 ecryptfs-utils-103-14.2.2 ecryptfs-utils-debuginfo-103-14.2.2 ecryptfs-utils-debugsource-103-14.2.2 engine_pkcs11-0.1.8-23.2.1 engine_pkcs11-debuginfo-0.1.8-23.2.1 engine_pkcs11-debugsource-0.1.8-23.2.1 libp11-2-0.2.8-12.2.1 libp11-2-debuginfo-0.2.8-12.2.1 libp11-debugsource-0.2.8-12.2.1 libpkcs11-helper1-1.09-13.3.1 libpkcs11-helper1-debuginfo-1.09-13.3.1 pam_p11-0.1.5-32.2.1 pam_p11-debuginfo-0.1.5-32.2.1 pam_p11-debugsource-0.1.5-32.2.1 pam_ssh-2.0-8.2.1 pam_ssh-debuginfo-2.0-8.2.1 pam_ssh-debugsource-2.0-8.2.1 pkcs11-helper-1.09-13.3.1 pkcs11-helper-debugsource-1.09-13.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): cryptconfig-32bit-0.3-99.2.1 cryptconfig-debuginfo-32bit-0.3-99.2.1 ecryptfs-utils-32bit-103-14.2.2 ecryptfs-utils-debuginfo-32bit-103-14.2.2 libp11-2-32bit-0.2.8-12.2.1 libp11-2-debuginfo-32bit-0.2.8-12.2.1 libpkcs11-helper1-32bit-1.09-13.3.1 libpkcs11-helper1-debuginfo-32bit-1.09-13.3.1 pam_p11-32bit-0.1.5-32.2.1 pam_p11-debuginfo-32bit-0.1.5-32.2.1 pam_ssh-32bit-2.0-8.2.1 pam_ssh-debuginfo-32bit-2.0-8.2.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cryptconfig-0.3-99.2.1 cryptconfig-debuginfo-0.3-99.2.1 cryptconfig-debugsource-0.3-99.2.1 ecryptfs-utils-103-14.2.2 ecryptfs-utils-debuginfo-103-14.2.2 ecryptfs-utils-debugsource-103-14.2.2 engine_pkcs11-0.1.8-23.2.1 engine_pkcs11-debuginfo-0.1.8-23.2.1 engine_pkcs11-debugsource-0.1.8-23.2.1 libp11-2-0.2.8-12.2.1 libp11-2-debuginfo-0.2.8-12.2.1 libp11-debugsource-0.2.8-12.2.1 libpkcs11-helper1-1.09-13.3.1 libpkcs11-helper1-debuginfo-1.09-13.3.1 pam_p11-0.1.5-32.2.1 pam_p11-debuginfo-0.1.5-32.2.1 pam_p11-debugsource-0.1.5-32.2.1 pam_ssh-2.0-8.2.1 pam_ssh-debuginfo-2.0-8.2.1 pam_ssh-debugsource-2.0-8.2.1 pkcs11-helper-1.09-13.3.1 pkcs11-helper-debugsource-1.09-13.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): cryptconfig-32bit-0.3-99.2.1 cryptconfig-debuginfo-32bit-0.3-99.2.1 ecryptfs-utils-32bit-103-14.2.2 ecryptfs-utils-debuginfo-32bit-103-14.2.2 libp11-2-32bit-0.2.8-12.2.1 libp11-2-debuginfo-32bit-0.2.8-12.2.1 libpkcs11-helper1-32bit-1.09-13.3.1 libpkcs11-helper1-debuginfo-32bit-1.09-13.3.1 pam_p11-32bit-0.1.5-32.2.1 pam_p11-debuginfo-32bit-0.1.5-32.2.1 pam_ssh-32bit-2.0-8.2.1 pam_ssh-debuginfo-32bit-2.0-8.2.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): cryptconfig-0.3-99.2.1 cryptconfig-debuginfo-0.3-99.2.1 cryptconfig-debugsource-0.3-99.2.1 ecryptfs-utils-103-14.2.2 ecryptfs-utils-debuginfo-103-14.2.2 ecryptfs-utils-debugsource-103-14.2.2 engine_pkcs11-0.1.8-23.2.1 engine_pkcs11-debuginfo-0.1.8-23.2.1 engine_pkcs11-debugsource-0.1.8-23.2.1 libp11-2-0.2.8-12.2.1 libp11-2-debuginfo-0.2.8-12.2.1 libp11-debugsource-0.2.8-12.2.1 libpkcs11-helper1-1.09-13.3.1 libpkcs11-helper1-debuginfo-1.09-13.3.1 pam_p11-0.1.5-32.2.1 pam_p11-debuginfo-0.1.5-32.2.1 pam_p11-debugsource-0.1.5-32.2.1 pam_ssh-2.0-8.2.1 pam_ssh-debuginfo-2.0-8.2.1 pam_ssh-debugsource-2.0-8.2.1 pkcs11-helper-1.09-13.3.1 pkcs11-helper-debugsource-1.09-13.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): cryptconfig-32bit-0.3-99.2.1 cryptconfig-debuginfo-32bit-0.3-99.2.1 ecryptfs-utils-32bit-103-14.2.2 ecryptfs-utils-debuginfo-32bit-103-14.2.2 libp11-2-32bit-0.2.8-12.2.1 libp11-2-debuginfo-32bit-0.2.8-12.2.1 libpkcs11-helper1-32bit-1.09-13.3.1 libpkcs11-helper1-debuginfo-32bit-1.09-13.3.1 pam_p11-32bit-0.1.5-32.2.1 pam_p11-debuginfo-32bit-0.1.5-32.2.1 pam_ssh-32bit-2.0-8.2.1 pam_ssh-debuginfo-32bit-2.0-8.2.1 References: https://bugzilla.suse.com/1187784 From sle-updates at lists.suse.com Wed Sep 8 19:17:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Sep 2021 21:17:21 +0200 (CEST) Subject: SUSE-RU-2021:2984-1: moderate: Recommended update for crmsh Message-ID: <20210908191721.BA4B6FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2984-1 Rating: moderate References: #1188290 #1188966 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for the documentation: Note that resource tracing is only supported by OCF resource agents. (bsc#1188966) - Development for 'ui_context': Add info when spell-corrections happen. - Fix for 'parse': Should still be able to show the empty property if it already exists. (bsc#1188290) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2984=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-2984=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (noarch): crmsh-4.3.1+20210811.2a30e37e-5.62.1 crmsh-scripts-4.3.1+20210811.2a30e37e-5.62.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.3.1+20210811.2a30e37e-5.62.1 crmsh-scripts-4.3.1+20210811.2a30e37e-5.62.1 References: https://bugzilla.suse.com/1188290 https://bugzilla.suse.com/1188966 From sle-updates at lists.suse.com Thu Sep 9 01:17:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 03:17:31 +0200 (CEST) Subject: SUSE-RU-2021:2986-1: moderate: Recommended update for systemd-rpm-macros Message-ID: <20210909011731.04A3BFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2986-1 Rating: moderate References: #1186282 #1187332 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd-rpm-macros fixes the following issues: - Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332) - Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead. - %sysusers_create_inline: use here-docs instead of echo (bsc#1186282) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2986=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-rpm-macros-8-10.28.1 References: https://bugzilla.suse.com/1186282 https://bugzilla.suse.com/1187332 From sle-updates at lists.suse.com Thu Sep 9 01:18:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 03:18:40 +0200 (CEST) Subject: SUSE-RU-2021:2987-1: Recommended update for pesign Message-ID: <20210909011840.03337FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2987-1 Rating: low References: #1184124 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign fixes the following issues: - Link as Position Independent Executable (bsc#1184124). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2987=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2987=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): pesign-0.112-4.9.1 pesign-debuginfo-0.112-4.9.1 pesign-debugsource-0.112-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): pesign-0.112-4.9.1 pesign-debuginfo-0.112-4.9.1 pesign-debugsource-0.112-4.9.1 References: https://bugzilla.suse.com/1184124 From sle-updates at lists.suse.com Thu Sep 9 01:19:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 03:19:43 +0200 (CEST) Subject: SUSE-RU-2021:2988-1: moderate: Recommended update for python Message-ID: <20210909011943.93C5DFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for python ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2988-1 Rating: moderate References: #1187668 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python fixes the following issues: - Fix for python base to contain the same version numbers as are in reality the ones in the bundled wheels. (bsc#1187668) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-2988=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2988=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): python-base-debuginfo-2.7.18-28.71.3 python-base-debugsource-2.7.18-28.71.3 python-devel-2.7.18-28.71.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-28.71.3 libpython2_7-1_0-debuginfo-2.7.18-28.71.3 python-2.7.18-28.71.2 python-base-2.7.18-28.71.3 python-base-debuginfo-2.7.18-28.71.3 python-base-debugsource-2.7.18-28.71.3 python-curses-2.7.18-28.71.2 python-curses-debuginfo-2.7.18-28.71.2 python-debuginfo-2.7.18-28.71.2 python-debugsource-2.7.18-28.71.2 python-demo-2.7.18-28.71.2 python-devel-2.7.18-28.71.3 python-gdbm-2.7.18-28.71.2 python-gdbm-debuginfo-2.7.18-28.71.2 python-idle-2.7.18-28.71.2 python-tk-2.7.18-28.71.2 python-tk-debuginfo-2.7.18-28.71.2 python-xml-2.7.18-28.71.3 python-xml-debuginfo-2.7.18-28.71.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython2_7-1_0-32bit-2.7.18-28.71.3 libpython2_7-1_0-debuginfo-32bit-2.7.18-28.71.3 python-32bit-2.7.18-28.71.2 python-base-32bit-2.7.18-28.71.3 python-base-debuginfo-32bit-2.7.18-28.71.3 python-debuginfo-32bit-2.7.18-28.71.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-doc-2.7.18-28.71.5 python-doc-pdf-2.7.18-28.71.5 References: https://bugzilla.suse.com/1187668 From sle-updates at lists.suse.com Thu Sep 9 16:16:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:16:57 +0200 (CEST) Subject: SUSE-RU-2021:2999-1: moderate: Recommended update for crmsh Message-ID: <20210909161657.1A56AFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2999-1 Rating: moderate References: #1188971 #1189641 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Current code uses parallax to get and copy known_hosts, it (bsc#1188971) shouldn't exclude localhost. - Use python to collect trace files for hb_report generation (bsc#1189641) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-2999=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.3.1+20210827.4fb174c4-3.78.1 crmsh-scripts-4.3.1+20210827.4fb174c4-3.78.1 References: https://bugzilla.suse.com/1188971 https://bugzilla.suse.com/1189641 From sle-updates at lists.suse.com Thu Sep 9 16:18:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:18:11 +0200 (CEST) Subject: SUSE-RU-2021:3002-1: moderate: Recommended update for cronie Message-ID: <20210909161811.1312AFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for cronie ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3002-1 Rating: moderate References: #1187508 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cronie fixes the following issue: - Increase the limit of allowed entries in 'crontab' files. (bsc#1187508) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3002=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3002=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cron-4.2-70.14.4.1 cronie-1.5.1-70.14.4.1 cronie-debuginfo-1.5.1-70.14.4.1 cronie-debugsource-1.5.1-70.14.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cron-4.2-70.14.4.1 cronie-1.5.1-70.14.4.1 cronie-debuginfo-1.5.1-70.14.4.1 cronie-debugsource-1.5.1-70.14.4.1 References: https://bugzilla.suse.com/1187508 From sle-updates at lists.suse.com Thu Sep 9 16:19:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:19:19 +0200 (CEST) Subject: SUSE-RU-2021:2998-1: moderate: Recommended update for crmsh Message-ID: <20210909161919.6B290FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2998-1 Rating: moderate References: #1188971 #1189641 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Current code uses parallax to get and copy known_hosts, it (bsc#1188971) shouldn't exclude localhost. - Use python to collect trace files for hb_report generation (bsc#1189641) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-2998=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.3.1+20210827.4fb174c4-3.83.1 crmsh-scripts-4.3.1+20210827.4fb174c4-3.83.1 References: https://bugzilla.suse.com/1188971 https://bugzilla.suse.com/1189641 From sle-updates at lists.suse.com Thu Sep 9 16:21:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:21:43 +0200 (CEST) Subject: SUSE-RU-2021:3000-1: moderate: Recommended update for vncmanager-controller Message-ID: <20210909162143.338CDFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for vncmanager-controller ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3000-1 Rating: moderate References: #1188118 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vncmanager-controller fixes the following issues: - Fix extension loading error that disables "Vnc session configuration" option (bsc#1188118) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3000=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3000=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): vncmanager-controller-1.0.1-3.3.1 vncmanager-controller-debuginfo-1.0.1-3.3.1 vncmanager-controller-debugsource-1.0.1-3.3.1 vncmanager-controller-gnome-1.0.1-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): vncmanager-controller-1.0.1-3.3.1 vncmanager-controller-debuginfo-1.0.1-3.3.1 vncmanager-controller-debugsource-1.0.1-3.3.1 vncmanager-controller-gnome-1.0.1-3.3.1 References: https://bugzilla.suse.com/1188118 From sle-updates at lists.suse.com Thu Sep 9 16:22:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:22:55 +0200 (CEST) Subject: SUSE-SU-2021:3007-1: moderate: Security update for java-1_7_0-openjdk Message-ID: <20210909162255.44877FD9C@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3007-1 Rating: moderate References: #1185055 #1185056 #1188564 #1188565 #1188568 Cross-References: CVE-2018-3639 CVE-2021-2161 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2432 CVSS scores: CVE-2018-3639 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-3639 (SUSE): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2021-2161 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-2161 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2432 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-2432 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.27 - OpenJDK 7u311 (July 2021 CPU) Security fixes: - CVE-2021-2341: Improve file transfers (bsc#1188564) - CVE-2021-2369: Better jar file validation (bsc#1188565) - CVE-2021-2432: Provide better LDAP provider support (bsc#1188568) - CVE-2021-2163: Enhance opening JARs (bsc#1185055) - CVE-2021-2161: Less ambiguous processing (bsc#1185056) - CVE-2018-3639: Fix revision to prefer Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3007=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.311-43.50.2 java-1_7_0-openjdk-debuginfo-1.7.0.311-43.50.2 java-1_7_0-openjdk-debugsource-1.7.0.311-43.50.2 java-1_7_0-openjdk-demo-1.7.0.311-43.50.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.311-43.50.2 java-1_7_0-openjdk-devel-1.7.0.311-43.50.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.311-43.50.2 java-1_7_0-openjdk-headless-1.7.0.311-43.50.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.311-43.50.2 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2021-2161.html https://www.suse.com/security/cve/CVE-2021-2163.html https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-2432.html https://bugzilla.suse.com/1185055 https://bugzilla.suse.com/1185056 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1188568 From sle-updates at lists.suse.com Thu Sep 9 16:24:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:24:35 +0200 (CEST) Subject: SUSE-SU-2021:2995-1: Security update for openssl-1_0_0 Message-ID: <20210909162435.246CBFD9C@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2995-1 Rating: low References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2995=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2995=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2995=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2995=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2995=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2995=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.42.2 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.42.2 libopenssl1_0_0-1.0.2p-3.42.2 libopenssl1_0_0-32bit-1.0.2p-3.42.2 libopenssl1_0_0-debuginfo-1.0.2p-3.42.2 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.42.2 libopenssl1_0_0-hmac-1.0.2p-3.42.2 libopenssl1_0_0-hmac-32bit-1.0.2p-3.42.2 openssl-1_0_0-1.0.2p-3.42.2 openssl-1_0_0-debuginfo-1.0.2p-3.42.2 openssl-1_0_0-debugsource-1.0.2p-3.42.2 - SUSE OpenStack Cloud 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.42.2 - SUSE OpenStack Cloud 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.42.2 libopenssl1_0_0-1.0.2p-3.42.2 libopenssl1_0_0-32bit-1.0.2p-3.42.2 libopenssl1_0_0-debuginfo-1.0.2p-3.42.2 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.42.2 libopenssl1_0_0-hmac-1.0.2p-3.42.2 libopenssl1_0_0-hmac-32bit-1.0.2p-3.42.2 openssl-1_0_0-1.0.2p-3.42.2 openssl-1_0_0-debuginfo-1.0.2p-3.42.2 openssl-1_0_0-debugsource-1.0.2p-3.42.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.42.2 openssl-1_0_0-debuginfo-1.0.2p-3.42.2 openssl-1_0_0-debugsource-1.0.2p-3.42.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.42.2 libopenssl1_0_0-1.0.2p-3.42.2 libopenssl1_0_0-debuginfo-1.0.2p-3.42.2 libopenssl1_0_0-hmac-1.0.2p-3.42.2 openssl-1_0_0-1.0.2p-3.42.2 openssl-1_0_0-debuginfo-1.0.2p-3.42.2 openssl-1_0_0-debugsource-1.0.2p-3.42.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.42.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_0_0-32bit-1.0.2p-3.42.2 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.42.2 libopenssl1_0_0-hmac-32bit-1.0.2p-3.42.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.42.2 libopenssl1_0_0-1.0.2p-3.42.2 libopenssl1_0_0-debuginfo-1.0.2p-3.42.2 libopenssl1_0_0-hmac-1.0.2p-3.42.2 openssl-1_0_0-1.0.2p-3.42.2 openssl-1_0_0-debuginfo-1.0.2p-3.42.2 openssl-1_0_0-debugsource-1.0.2p-3.42.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.42.2 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.42.2 libopenssl1_0_0-hmac-32bit-1.0.2p-3.42.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): openssl-1_0_0-doc-1.0.2p-3.42.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.42.2 libopenssl1_0_0-1.0.2p-3.42.2 libopenssl1_0_0-debuginfo-1.0.2p-3.42.2 libopenssl1_0_0-hmac-1.0.2p-3.42.2 openssl-1_0_0-1.0.2p-3.42.2 openssl-1_0_0-debuginfo-1.0.2p-3.42.2 openssl-1_0_0-debugsource-1.0.2p-3.42.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.42.2 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.42.2 libopenssl1_0_0-hmac-32bit-1.0.2p-3.42.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openssl-1_0_0-doc-1.0.2p-3.42.2 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Thu Sep 9 16:25:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:25:45 +0200 (CEST) Subject: SUSE-SU-2021:3006-1: important: Security update for php74-pear Message-ID: <20210909162545.DA5D6FD9C@maintenance.suse.de> SUSE Security Update: Security update for php74-pear ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3006-1 Rating: important References: #1189591 Cross-References: CVE-2020-36193 CVSS scores: CVE-2020-36193 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-36193 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php74-pear fixes the following issues: - CVE-2020-36193: Fixed Archive_Tar directory traversal due to inadequate checking of symbolic links (bsc#1189591). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-3006=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php74-pear-1.10.21-1.6.1 php74-pecl-1.10.21-1.6.1 References: https://www.suse.com/security/cve/CVE-2020-36193.html https://bugzilla.suse.com/1189591 From sle-updates at lists.suse.com Thu Sep 9 16:26:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:26:57 +0200 (CEST) Subject: SUSE-SU-2021:2996-1: Security update for openssl-1_1 Message-ID: <20210909162657.27F9CFD9C@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2996-1 Rating: low References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2996=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2996=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2996=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2996=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2996=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2996=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl1_1-1.1.1d-2.39.2 libopenssl1_1-32bit-1.1.1d-2.39.2 libopenssl1_1-debuginfo-1.1.1d-2.39.2 libopenssl1_1-debuginfo-32bit-1.1.1d-2.39.2 openssl-1_1-1.1.1d-2.39.2 openssl-1_1-debuginfo-1.1.1d-2.39.2 openssl-1_1-debugsource-1.1.1d-2.39.2 - SUSE OpenStack Cloud 9 (x86_64): libopenssl1_1-1.1.1d-2.39.2 libopenssl1_1-32bit-1.1.1d-2.39.2 libopenssl1_1-debuginfo-1.1.1d-2.39.2 libopenssl1_1-debuginfo-32bit-1.1.1d-2.39.2 openssl-1_1-1.1.1d-2.39.2 openssl-1_1-debuginfo-1.1.1d-2.39.2 openssl-1_1-debugsource-1.1.1d-2.39.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-2.39.2 openssl-1_1-debuginfo-1.1.1d-2.39.2 openssl-1_1-debugsource-1.1.1d-2.39.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1d-2.39.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl1_1-1.1.1d-2.39.2 libopenssl1_1-debuginfo-1.1.1d-2.39.2 openssl-1_1-1.1.1d-2.39.2 openssl-1_1-debuginfo-1.1.1d-2.39.2 openssl-1_1-debugsource-1.1.1d-2.39.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_1-32bit-1.1.1d-2.39.2 libopenssl1_1-debuginfo-32bit-1.1.1d-2.39.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.39.2 libopenssl1_1-debuginfo-1.1.1d-2.39.2 openssl-1_1-1.1.1d-2.39.2 openssl-1_1-debuginfo-1.1.1d-2.39.2 openssl-1_1-debugsource-1.1.1d-2.39.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.39.2 libopenssl1_1-debuginfo-32bit-1.1.1d-2.39.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.39.2 libopenssl1_1-debuginfo-1.1.1d-2.39.2 openssl-1_1-1.1.1d-2.39.2 openssl-1_1-debuginfo-1.1.1d-2.39.2 openssl-1_1-debugsource-1.1.1d-2.39.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.39.2 libopenssl1_1-debuginfo-32bit-1.1.1d-2.39.2 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Thu Sep 9 16:29:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:29:17 +0200 (CEST) Subject: SUSE-SU-2021:3005-1: important: Security update for libaom Message-ID: <20210909162917.345BFFD9C@maintenance.suse.de> SUSE Security Update: Security update for libaom ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3005-1 Rating: important References: #1189497 Cross-References: CVE-2021-30475 CVSS scores: CVE-2021-30475 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30475 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libaom fixes the following issues: - CVE-2021-30475: Fixed buffer overflow in aom_dsp/noise_model.c (bsc#1189497). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3005=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3005=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libaom-debugsource-1.0.0-3.3.1 libaom0-1.0.0-3.3.1 libaom0-debuginfo-1.0.0-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libaom-debugsource-1.0.0-3.3.1 libaom0-1.0.0-3.3.1 libaom0-debuginfo-1.0.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-30475.html https://bugzilla.suse.com/1189497 From sle-updates at lists.suse.com Thu Sep 9 16:31:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:31:33 +0200 (CEST) Subject: SUSE-RU-2021:2990-1: important: Recommended update for powerpc-utils Message-ID: <20210909163133.740D4FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2990-1 Rating: important References: #1189015 #1189571 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - Update from version 1.3.8 to version 1.3.9 (bsc#1189015) - Raise the log rotation threshold to 1MB so that more history is preserved. - Fix checking HCNID array size at boot time - Set autoconnect-slaves on HNV connections. - When trying to detect HNV bond list all connections, not only active ones. - Use hexdump from util-linux rather than xxd from vim. - hcn-init.service: Start together with NetworkManager. - ofpathname: Fix OF to logical FC lookup for multipath and partitions - bootlist: Fix for multipath devices with > 5 paths - Add the missing substring extraction of the partition number from the logical device path so that the partition number is appended to OFPATH when the logical device is a partition. - Introducing 'lparnumascore' that is is computing the LPAR NUMA score for CPU and memory. - This new command detects CPU and memory resources the kernel keep binded to the NUMA node topology of the departure node. It computes a ratio, and print it to the standard output. The ratio is between 0 (worst) and 100 (best). The command is **not** locking '/var/lock/dr_config_lock' so user should ensure that there is not ongoing command impacting the computed scores. This allows the command to be run without special privileges. - Introduce 'of_associativity_to_node' - This device tree related function reads the ibm associativity property of a node and, using the specified 'min_common_deth', returns the NUMA node id - Rename 'is_lsslot_cmd' into 'read_dynamic_memory_v2' - Add manpage for the drmgr utility - Add a check against 'usr_drc_index' which is set when a remove by index operation is done to ensure the NUMA removal code is not triggered in that case. - Add support for the plug ID of a SCSI/SATA host - 'lpartstat': add '-x' option for the security flavor. - The output number means: - 0 = Speculative execution fully enabled - 1 = Speculative execution controls to mitigate user-to-kernel side-channel attacks - 2 = Speculative execution controls to mitigate user-to-kernel and user-to-user side-channel attacks - \- = The running kernel is not exposing the security flavor in '/proc/powerpc/lparcfg' - Introduce NUMA based LMB removal - When the NUMA topology can be read, all the LMBs found in the Device Tree are linked the corresponding node. LMB not associated to node are considered as not used. LMB associated to CPU less node are accounted separately because they will be targeted first to be remove. The LMB are removed from the CPU less nodes to reach an average number LMBs per CPU less node. The removal is done through the remove by DRC index API, allowing to remove a LMB at a time. When the requested amount of LMB could not be removed a partial status is reported. If the NUMA topology can't be read, we fallback using the legacy remove way. - Fix ofpathname race with udev rename - ofpathname: Use NVMe controller physical nsid - Use a loop to check for all related bonding connections and remove them explicitly one by one instead of using xargs - Avoid using 'ifcfg' file for checking bonding interface status - Wait for sysfs device ready when looking up device name - Avoid cleanup of bond interface at boot time when no HNV exists - Adds the option 'ppc64_cpu --version in 'ppc64_cpu --help' in the usage information of ppc64-cpu command. - Clean up dead network config interface after inactive migration - Disable 'vnic' as backup vdevice for migratable 'SR_IOV' - Fix qrydev checking for active interface error - Skip collecting lsdevinfo right before migration. When the LPARs has large number of devices, this can take quite a long time and flood the log message. - Wait for OS ready to lookup device name for configure HNV device. - The hybrid network virtualization is only supported on PowerVM LPAR. Exit the 'hcnmgr' gracefully on other power platform instead of return error. - Optimize 'lsdevinfo' filtering to prevent LPM timeouts (bsc#1189571) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2990=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le): powerpc-utils-1.3.9-9.9.1 powerpc-utils-debuginfo-1.3.9-9.9.1 powerpc-utils-debugsource-1.3.9-9.9.1 References: https://bugzilla.suse.com/1189015 https://bugzilla.suse.com/1189571 From sle-updates at lists.suse.com Thu Sep 9 16:35:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:35:02 +0200 (CEST) Subject: SUSE-SU-2021:3003-1: important: Security update for grilo Message-ID: <20210909163502.29664FDED@maintenance.suse.de> SUSE Security Update: Security update for grilo ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3003-1 Rating: important References: #1189839 Cross-References: CVE-2021-39365 CVSS scores: CVE-2021-39365 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for grilo fixes the following issues: - CVE-2021-39365: Fixed missing TLS certificate verification (bsc#1189839). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3003=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3003=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3003=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): grilo-lang-0.3.2-7.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): grilo-debugsource-0.3.2-7.3.1 libgrlnet-0_3-0-0.3.2-7.3.1 libgrlnet-0_3-0-debuginfo-0.3.2-7.3.1 libgrlpls-0_3-0-0.3.2-7.3.1 libgrlpls-0_3-0-debuginfo-0.3.2-7.3.1 typelib-1_0-Grl-0_3-0.3.2-7.3.1 typelib-1_0-GrlNet-0_3-0.3.2-7.3.1 typelib-1_0-GrlPls-0_3-0.3.2-7.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): grilo-debugsource-0.3.2-7.3.1 grilo-devel-0.3.2-7.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grilo-debugsource-0.3.2-7.3.1 libgrilo-0_3-0-0.3.2-7.3.1 libgrilo-0_3-0-debuginfo-0.3.2-7.3.1 References: https://www.suse.com/security/cve/CVE-2021-39365.html https://bugzilla.suse.com/1189839 From sle-updates at lists.suse.com Thu Sep 9 16:36:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:36:14 +0200 (CEST) Subject: SUSE-RU-2021:2997-1: moderate: Recommended update for python3 Message-ID: <20210909163614.3417DFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2997-1 Rating: moderate References: #1187338 #1189659 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3 fixes the following issues: - Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2997=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2997=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.13-10.3.1 python3-tools-3.6.13-10.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.13-10.3.1 libpython3_6m1_0-debuginfo-3.6.13-10.3.1 python3-3.6.13-10.3.1 python3-base-3.6.13-10.3.1 python3-base-debuginfo-3.6.13-10.3.1 python3-core-debugsource-3.6.13-10.3.1 python3-curses-3.6.13-10.3.1 python3-curses-debuginfo-3.6.13-10.3.1 python3-dbm-3.6.13-10.3.1 python3-dbm-debuginfo-3.6.13-10.3.1 python3-debuginfo-3.6.13-10.3.1 python3-debugsource-3.6.13-10.3.1 python3-devel-3.6.13-10.3.1 python3-devel-debuginfo-3.6.13-10.3.1 python3-idle-3.6.13-10.3.1 python3-tk-3.6.13-10.3.1 python3-tk-debuginfo-3.6.13-10.3.1 References: https://bugzilla.suse.com/1187338 https://bugzilla.suse.com/1189659 From sle-updates at lists.suse.com Thu Sep 9 16:39:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:39:53 +0200 (CEST) Subject: SUSE-RU-2021:2991-1: critical: Recommended update for SLES12-SP4-SLES15-Migration Message-ID: <20210909163953.54CA7FDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLES12-SP4-SLES15-Migration ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2991-1 Rating: critical References: Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for SLES12-SP4-SLES15-Migration fixes the following issues: This is the image build that uses SUSE migration services, the team handling WBA is waiting for this package. This update for suse-migration-sle15-activation fixes the following issues: - Setup package conflicts properly migration services and migration activation conflicts. The activation is installed on the host to migrate, the services are installed in the live migration image. There is no situation in which migration services and activation is installed on the same host. As both packages are build from the same python sources they have to conflict - Fixed migration services package build Several issues fixed in this commit: - Moving the sed original file over the changed one prior calling sdist invalidates the actual change - Fixed spec template for the activation The package builds a python and a grub.d app. Thus the instructions in the 'spec file' to install from the two places needs to be adapted. In addition the %post section now runs a binary which is called in the process of creating an rpm in the checks processing. Thus all python requirements must be in BuildRequires - Make sure prechecks are grafted in MANIFEST - Add pre checks This extends the activation package - Check no remote repositories - Check filesystem has LUKS encryption The checks are kept in their own files and run on the host, before rebooting. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-2991=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): suse-migration-sle15-activation-2.0.31-6.23.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): SLES15-Migration-2.0.31-6 References: From sle-updates at lists.suse.com Thu Sep 9 16:42:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:42:03 +0200 (CEST) Subject: SUSE-RU-2021:2992-1: moderate: Recommended update for drbd Message-ID: <20210909164203.E6C9AFDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2992-1 Rating: moderate References: #1188472 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issues: - bsc#1188472, update to 9.0.29 * fix data corruption when DRBD's backing disk is a degraded Linux software raid (MD) * add correct thawing of IO requests after IO was frozen due to loss of quorum * fix timeout detection after idle periods and for configs with ko-count when a disk on an a secondary stops delivering IO-completion events * fixed an issue where UUIDs where not shifted in the history slots; that caused false "unrelated data" events * fix switching resync sources by letting resync requests drain before issuing resync requests to the new source; before the fix, it could happen that the resync does not terminate since a late reply from the previous caused a out-of-sync bit set after the "scan point" * fix a temporal deadlock you could trigger when you exercise promotion races and mix some read-only openers into the test case * fix for bitmap-copy operation in a very specific and unlikely case where two nodes do a bitmap-based resync due to disk-states * fix size negotiation when combining nodes of different CPU architectures that have different page sizes * fix a very rare race where DRBD reported wrong magic in a header packet right after reconnecting * fix a case where DRBD ends up reporting unrelated data; it affected thinly allocated resources with a diskless node in a recreate from day0 event * speedup open() of drbd devices if promote has not chance to go through * new option "--reset-bitmap=no" for the invalidate and invalidate-remote commands; this allows to do a resync after online verify found differences * changes to socket buffer sizes get applied to established connections immediately; before it was applied after a re-connect * add exists events for path objects * forbid keyed hash algorithms for online verify, csyms and HMAC base alg * fix a regression introduces with 9.0.25; it failed to determine the right device size and the connection hangs in 'WFBitmapS/WFBitmapT' repl state; to trigger this you need to do a partial resync to a new node with different backing device size * fix an issue with netlink packets processed in parallel on multiple CPUs; the bug caused drbdadm adjust failing in very rare cases * fix a very rare occurrence of a reconciliation resync getting stuck * fix a race condition that causes a detach operation to hang; it is very hard to trigger * fix a kernel OOPS (via a BUG()) upon adding a timer twice under very rare timing * fix a counter imbalance that could lead to assertion messages when a protocol A peer disconnects with a certain timing * fix a rare race with receiving bitmap and a state change while establishing a connection * fix UUID handling to avoid false split-brain detections; this bug got triggered an isolated primary that gets demoted, and temporal network interruptions among the remaining nodes * fix resync decision to obey disk states when the generation UUIDs are equal; the effect of this bug was that you could end up with two Outdated nodes after resync * fix concurrent disk-attach operations * Fix possible kernel warning regarding an inbalance of backing device link/unlink * move some amount of kernel backward compatibility code moved from the old method (drbd_wrappers.h) to new cocci semantic patches * add support renaming resources while its devices might be in use and process IO requests * Allow setting c_max_rate to 0 with the meaning that the resync controller has no upper limit for the resync speed * Fix regression: allow live migration between two diskful peers again Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2992=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): drbd-9.0.29~0+git.9a7bc817-3.3.1 drbd-debugsource-9.0.29~0+git.9a7bc817-3.3.1 drbd-kmp-default-9.0.29~0+git.9a7bc817_k5.3.18_59.19-3.3.1 drbd-kmp-default-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_59.19-3.3.1 References: https://bugzilla.suse.com/1188472 From sle-updates at lists.suse.com Thu Sep 9 16:43:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:43:14 +0200 (CEST) Subject: SUSE-SU-2021:3004-1: important: Security update for libtpms Message-ID: <20210909164314.B47F4FD9C@maintenance.suse.de> SUSE Security Update: Security update for libtpms ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3004-1 Rating: important References: #1189935 Cross-References: CVE-2021-3746 CVSS scores: CVE-2021-3746 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtpms fixes the following issues: - CVE-2021-3746: Fixed out-of-bounds access via specially crafted TPM 2 command packets (bsc#1189935). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3004=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libtpms-debugsource-0.8.2-3.3.1 libtpms-devel-0.8.2-3.3.1 libtpms0-0.8.2-3.3.1 libtpms0-debuginfo-0.8.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3746.html https://bugzilla.suse.com/1189935 From sle-updates at lists.suse.com Thu Sep 9 16:45:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:45:29 +0200 (CEST) Subject: SUSE-RU-2021:3001-1: moderate: Recommended update for netcfg Message-ID: <20210909164529.61222FDED@maintenance.suse.de> SUSE Recommended Update: Recommended update for netcfg ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3001-1 Rating: moderate References: #1189683 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3001=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3001=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3001=1 Package List: - SUSE MicroOS 5.0 (noarch): netcfg-11.6-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): netcfg-11.6-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): netcfg-11.6-3.3.1 References: https://bugzilla.suse.com/1189683 From sle-updates at lists.suse.com Thu Sep 9 16:46:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:46:46 +0200 (CEST) Subject: SUSE-SU-2021:2994-1: Security update for openssl-1_0_0 Message-ID: <20210909164646.F046BFDED@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2994-1 Rating: low References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2994=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2994=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2994=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2994=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2994=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-2994=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-2994=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2994=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.43.1 libopenssl1_0_0-1.0.2p-3.43.1 libopenssl1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-1.0.2p-3.43.1 openssl-1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-debugsource-1.0.2p-3.43.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.43.1 libopenssl1_0_0-1.0.2p-3.43.1 libopenssl1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-1.0.2p-3.43.1 openssl-1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-debugsource-1.0.2p-3.43.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.43.1 libopenssl1_0_0-1.0.2p-3.43.1 libopenssl1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-1.0.2p-3.43.1 openssl-1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-debugsource-1.0.2p-3.43.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.43.1 libopenssl1_0_0-1.0.2p-3.43.1 libopenssl1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-1.0.2p-3.43.1 openssl-1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-debugsource-1.0.2p-3.43.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_0_0-devel-1.0.2p-3.43.1 libopenssl1_0_0-1.0.2p-3.43.1 libopenssl1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-1.0.2p-3.43.1 openssl-1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-debugsource-1.0.2p-3.43.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.43.1 libopenssl10-1.0.2p-3.43.1 libopenssl10-debuginfo-1.0.2p-3.43.1 libopenssl1_0_0-1.0.2p-3.43.1 libopenssl1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-1.0.2p-3.43.1 openssl-1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-debugsource-1.0.2p-3.43.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.43.1 libopenssl1_0_0-1.0.2p-3.43.1 libopenssl1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-1.0.2p-3.43.1 openssl-1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-debugsource-1.0.2p-3.43.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-3.43.1 libopenssl1_0_0-1.0.2p-3.43.1 libopenssl1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-1.0.2p-3.43.1 openssl-1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-debugsource-1.0.2p-3.43.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.43.1 libopenssl1_0_0-1.0.2p-3.43.1 libopenssl1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-1.0.2p-3.43.1 openssl-1_0_0-debuginfo-1.0.2p-3.43.1 openssl-1_0_0-debugsource-1.0.2p-3.43.1 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Thu Sep 9 16:50:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:50:10 +0200 (CEST) Subject: SUSE-RU-2021:2993-1: moderate: Recommended update for gcc Message-ID: <20210909165010.8DF1CFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2993-1 Rating: moderate References: #1185348 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gcc fixes the following issues: - With gcc-PIE add -pie even when -fPIC is specified but we are not linking a shared library. [bsc#1185348] - Fix postun of gcc-go alternative. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2993=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2993=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2993=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2993=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): gcc-PIE-7-3.9.1 gcc-ada-7-3.9.1 gcc-info-7-3.9.1 gcc-locale-7-3.9.1 gcc-objc-7-3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): gcc-32bit-7-3.9.1 gcc-c++-32bit-7-3.9.1 gcc-fortran-32bit-7-3.9.1 libstdc++-devel-32bit-7-3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): gcc-PIE-7-3.9.1 gcc-ada-7-3.9.1 gcc-info-7-3.9.1 gcc-locale-7-3.9.1 gcc-objc-7-3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): gcc-32bit-7-3.9.1 gcc-c++-32bit-7-3.9.1 gcc-fortran-32bit-7-3.9.1 libstdc++-devel-32bit-7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cpp-7-3.9.1 gcc-7-3.9.1 gcc-c++-7-3.9.1 gcc-fortran-7-3.9.1 libstdc++-devel-7-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cpp-7-3.9.1 gcc-7-3.9.1 gcc-c++-7-3.9.1 gcc-fortran-7-3.9.1 libstdc++-devel-7-3.9.1 References: https://bugzilla.suse.com/1185348 From sle-updates at lists.suse.com Thu Sep 9 16:51:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:51:27 +0200 (CEST) Subject: SUSE-SU-2021:3008-1: moderate: Security update for mariadb Message-ID: <20210909165127.25AE7FD9C@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3008-1 Rating: moderate References: #1182255 #1189320 Cross-References: CVE-2021-2372 CVE-2021-2389 CVSS scores: CVE-2021-2372 (NVD) : 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2372 (SUSE): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2389 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-2389 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mariadb fixes the following issues: Update to version 10.2.40 [bsc#1189320]: - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3008=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3008=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3008=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3008=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3008=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mariadb-10.2.40-3.39.1 mariadb-client-10.2.40-3.39.1 mariadb-client-debuginfo-10.2.40-3.39.1 mariadb-debuginfo-10.2.40-3.39.1 mariadb-debugsource-10.2.40-3.39.1 mariadb-galera-10.2.40-3.39.1 mariadb-tools-10.2.40-3.39.1 mariadb-tools-debuginfo-10.2.40-3.39.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): mariadb-errormessages-10.2.40-3.39.1 - SUSE OpenStack Cloud 9 (noarch): mariadb-errormessages-10.2.40-3.39.1 - SUSE OpenStack Cloud 9 (x86_64): mariadb-10.2.40-3.39.1 mariadb-client-10.2.40-3.39.1 mariadb-client-debuginfo-10.2.40-3.39.1 mariadb-debuginfo-10.2.40-3.39.1 mariadb-debugsource-10.2.40-3.39.1 mariadb-galera-10.2.40-3.39.1 mariadb-tools-10.2.40-3.39.1 mariadb-tools-debuginfo-10.2.40-3.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): mariadb-10.2.40-3.39.1 mariadb-client-10.2.40-3.39.1 mariadb-client-debuginfo-10.2.40-3.39.1 mariadb-debuginfo-10.2.40-3.39.1 mariadb-debugsource-10.2.40-3.39.1 mariadb-tools-10.2.40-3.39.1 mariadb-tools-debuginfo-10.2.40-3.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): mariadb-errormessages-10.2.40-3.39.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mariadb-10.2.40-3.39.1 mariadb-client-10.2.40-3.39.1 mariadb-client-debuginfo-10.2.40-3.39.1 mariadb-debuginfo-10.2.40-3.39.1 mariadb-debugsource-10.2.40-3.39.1 mariadb-tools-10.2.40-3.39.1 mariadb-tools-debuginfo-10.2.40-3.39.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): mariadb-errormessages-10.2.40-3.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): mariadb-10.2.40-3.39.1 mariadb-client-10.2.40-3.39.1 mariadb-client-debuginfo-10.2.40-3.39.1 mariadb-debuginfo-10.2.40-3.39.1 mariadb-debugsource-10.2.40-3.39.1 mariadb-tools-10.2.40-3.39.1 mariadb-tools-debuginfo-10.2.40-3.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): mariadb-errormessages-10.2.40-3.39.1 References: https://www.suse.com/security/cve/CVE-2021-2372.html https://www.suse.com/security/cve/CVE-2021-2389.html https://bugzilla.suse.com/1182255 https://bugzilla.suse.com/1189320 From sle-updates at lists.suse.com Thu Sep 9 16:52:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 18:52:46 +0200 (CEST) Subject: SUSE-RU-2021:3010-1: moderate: Recommended update for pesign-obs-integration Message-ID: <20210909165246.5D35AFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign-obs-integration ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3010-1 Rating: moderate References: #1188636 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign-obs-integration fixes the following issues: - Fixed slowness when MALLOC_PERTURB_ is set (bsc#1188636) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3010=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): pesign-obs-integration-10.1-13.3.1 References: https://bugzilla.suse.com/1188636 From sle-updates at lists.suse.com Thu Sep 9 19:16:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 21:16:09 +0200 (CEST) Subject: SUSE-RU-2021:3013-1: moderate: Recommended update for patterns-base, patterns-server-enterprise, sles15-image Message-ID: <20210909191609.37A34FD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-base, patterns-server-enterprise, sles15-image ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3013-1 Rating: moderate References: #1183154 #1189550 Affected Products: SUSE Linux Enterprise Module for Transactional Server 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues: - Add pattern to install necessary packages for FIPS (bsc#1183154) - Add patterns-base-fips to work also in FIPS environments (bsc#1183154) - Use the same icon in the fips pattern as the previous pattern had (bsc#1189550) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2021-3013=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3013=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3013=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): patterns-base-transactional_base-20200124-10.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64): patterns-base-x11_raspberrypi-20200124-10.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): patterns-base-apparmor-20200124-10.5.1 patterns-base-apparmor-32bit-20200124-10.5.1 patterns-base-base-20200124-10.5.1 patterns-base-base-32bit-20200124-10.5.1 patterns-base-basesystem-20200124-10.5.1 patterns-base-basic_desktop-20200124-10.5.1 patterns-base-documentation-20200124-10.5.1 patterns-base-enhanced_base-20200124-10.5.1 patterns-base-enhanced_base-32bit-20200124-10.5.1 patterns-base-fips-20200124-10.5.1 patterns-base-minimal_base-20200124-10.5.1 patterns-base-minimal_base-32bit-20200124-10.5.1 patterns-base-sw_management-20200124-10.5.1 patterns-base-sw_management-32bit-20200124-10.5.1 patterns-base-x11-20200124-10.5.1 patterns-base-x11-32bit-20200124-10.5.1 patterns-base-x11_enhanced-20200124-10.5.1 patterns-base-x11_enhanced-32bit-20200124-10.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le x86_64): patterns-base-32bit-20200124-10.5.1 References: https://bugzilla.suse.com/1183154 https://bugzilla.suse.com/1189550 From sle-updates at lists.suse.com Thu Sep 9 19:18:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Sep 2021 21:18:38 +0200 (CEST) Subject: SUSE-RU-2021:14799-1: important: Recommended update for mdadm Message-ID: <20210909191838.BE42EFD9C@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14799-1 Rating: important References: #1164265 #1187363 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mdadm fixes the following issue: - Remove unnecessary error messages when checking if the underlying device is multipath or not. (bsc#1187363) - Monitor: improve checks for duplicated process. (bsc#1164265) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mdadm-14799=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mdadm-14799=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): mdadm-3.3.1-10.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mdadm-debuginfo-3.3.1-10.32.1 mdadm-debugsource-3.3.1-10.32.1 References: https://bugzilla.suse.com/1164265 https://bugzilla.suse.com/1187363 From sle-updates at lists.suse.com Fri Sep 10 16:16:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Sep 2021 18:16:26 +0200 (CEST) Subject: SUSE-RU-2021:3014-1: moderate: Recommended update for cronie Message-ID: <20210910161626.3EB7AF78D@maintenance.suse.de> SUSE Recommended Update: Recommended update for cronie ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3014-1 Rating: moderate References: #1187508 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cronie fixes the following issues: - Increase limit of allowed entries in crontab service file (bsc#1187508) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3014=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cron-4.2-59.16.1 cronie-1.4.11-59.16.1 cronie-debuginfo-1.4.11-59.16.1 cronie-debugsource-1.4.11-59.16.1 References: https://bugzilla.suse.com/1187508 From sle-updates at lists.suse.com Sat Sep 11 16:17:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Sep 2021 18:17:54 +0200 (CEST) Subject: SUSE-RU-2021:3015-1: moderate: Recommended update for ceph Message-ID: <20210911161754.3248DFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3015-1 Rating: moderate References: #1181291 #1183561 #1184517 #1185246 #1186348 #1188979 #1189173 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for ceph fixes the following issues: - cls/rgw: look for plane entries in non-ascii plain namespace too (bsc#1184517) - rgw: check object locks in multi-object delete (bsc#1185246) - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - mgr/cephadm: pass --container-init to "cephadm deploy" if specified (bsc#1188979) - mgr/dashboard: Downstream branding: Adapt latest upstream changes to branded navigation component (bsc#1189173) - qa/tasks/salt_manager: allow gatherlogs for files in subdir - qa/tasks/ceph_salt: gather /var/log/ceph/cephadm.out - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - Revert "cephadm: default container_init to False" (bsc#1188979) - mgr/cephadm: alias rgw-nfs -> nfs (bsc#1181291) - mgr/cephadm: on ssh connection error, advice chmod 0600 (bsc#1183561) - Update _constraints: only honor physical memory, not 'any memory' (e.g. swap). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3015=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3015=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3015=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-3015=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): librados2-15.2.14.84+gb6e5642e260-3.31.1 librados2-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 librbd1-15.2.14.84+gb6e5642e260-3.31.1 librbd1-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-15.2.14.84+gb6e5642e260-3.31.1 ceph-common-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 ceph-debugsource-15.2.14.84+gb6e5642e260-3.31.1 libcephfs-devel-15.2.14.84+gb6e5642e260-3.31.1 libcephfs2-15.2.14.84+gb6e5642e260-3.31.1 libcephfs2-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 librados-devel-15.2.14.84+gb6e5642e260-3.31.1 librados-devel-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 librados2-15.2.14.84+gb6e5642e260-3.31.1 librados2-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 libradospp-devel-15.2.14.84+gb6e5642e260-3.31.1 librbd-devel-15.2.14.84+gb6e5642e260-3.31.1 librbd1-15.2.14.84+gb6e5642e260-3.31.1 librbd1-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 librgw-devel-15.2.14.84+gb6e5642e260-3.31.1 librgw2-15.2.14.84+gb6e5642e260-3.31.1 librgw2-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-ceph-argparse-15.2.14.84+gb6e5642e260-3.31.1 python3-ceph-common-15.2.14.84+gb6e5642e260-3.31.1 python3-cephfs-15.2.14.84+gb6e5642e260-3.31.1 python3-cephfs-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-rados-15.2.14.84+gb6e5642e260-3.31.1 python3-rados-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-rbd-15.2.14.84+gb6e5642e260-3.31.1 python3-rbd-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-rgw-15.2.14.84+gb6e5642e260-3.31.1 python3-rgw-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 rados-objclass-devel-15.2.14.84+gb6e5642e260-3.31.1 rbd-nbd-15.2.14.84+gb6e5642e260-3.31.1 rbd-nbd-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ceph-common-15.2.14.84+gb6e5642e260-3.31.1 ceph-common-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 ceph-debugsource-15.2.14.84+gb6e5642e260-3.31.1 libcephfs-devel-15.2.14.84+gb6e5642e260-3.31.1 libcephfs2-15.2.14.84+gb6e5642e260-3.31.1 libcephfs2-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 librados-devel-15.2.14.84+gb6e5642e260-3.31.1 librados-devel-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 librados2-15.2.14.84+gb6e5642e260-3.31.1 librados2-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 libradospp-devel-15.2.14.84+gb6e5642e260-3.31.1 librbd-devel-15.2.14.84+gb6e5642e260-3.31.1 librbd1-15.2.14.84+gb6e5642e260-3.31.1 librbd1-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 librgw-devel-15.2.14.84+gb6e5642e260-3.31.1 librgw2-15.2.14.84+gb6e5642e260-3.31.1 librgw2-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-ceph-argparse-15.2.14.84+gb6e5642e260-3.31.1 python3-ceph-common-15.2.14.84+gb6e5642e260-3.31.1 python3-cephfs-15.2.14.84+gb6e5642e260-3.31.1 python3-cephfs-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-rados-15.2.14.84+gb6e5642e260-3.31.1 python3-rados-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-rbd-15.2.14.84+gb6e5642e260-3.31.1 python3-rbd-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-rgw-15.2.14.84+gb6e5642e260-3.31.1 python3-rgw-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 rados-objclass-devel-15.2.14.84+gb6e5642e260-3.31.1 rbd-nbd-15.2.14.84+gb6e5642e260-3.31.1 rbd-nbd-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): ceph-base-15.2.14.84+gb6e5642e260-3.31.1 ceph-base-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 ceph-common-15.2.14.84+gb6e5642e260-3.31.1 ceph-common-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 ceph-debugsource-15.2.14.84+gb6e5642e260-3.31.1 libcephfs2-15.2.14.84+gb6e5642e260-3.31.1 libcephfs2-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 librados2-15.2.14.84+gb6e5642e260-3.31.1 librados2-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 librbd1-15.2.14.84+gb6e5642e260-3.31.1 librbd1-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 librgw2-15.2.14.84+gb6e5642e260-3.31.1 librgw2-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-ceph-argparse-15.2.14.84+gb6e5642e260-3.31.1 python3-ceph-common-15.2.14.84+gb6e5642e260-3.31.1 python3-cephfs-15.2.14.84+gb6e5642e260-3.31.1 python3-cephfs-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-rados-15.2.14.84+gb6e5642e260-3.31.1 python3-rados-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-rbd-15.2.14.84+gb6e5642e260-3.31.1 python3-rbd-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 python3-rgw-15.2.14.84+gb6e5642e260-3.31.1 python3-rgw-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 rbd-nbd-15.2.14.84+gb6e5642e260-3.31.1 rbd-nbd-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 - SUSE Enterprise Storage 7 (noarch): cephadm-15.2.14.84+gb6e5642e260-3.31.1 References: https://bugzilla.suse.com/1181291 https://bugzilla.suse.com/1183561 https://bugzilla.suse.com/1184517 https://bugzilla.suse.com/1185246 https://bugzilla.suse.com/1186348 https://bugzilla.suse.com/1188979 https://bugzilla.suse.com/1189173 From sle-updates at lists.suse.com Mon Sep 13 10:18:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 12:18:10 +0200 (CEST) Subject: SUSE-SU-2021:3020-1: moderate: Security update for apache2-mod_auth_openidc Message-ID: <20210913101810.9AC47FCC9@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_auth_openidc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3020-1 Rating: moderate References: #1188638 #1188639 #1188848 #1188849 Cross-References: CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 CVSS scores: CVE-2021-32785 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32786 (SUSE): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVE-2021-32791 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-32792 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis (bsc#1188638) - CVE-2021-32786: open redirect in logout functionality (bsc#1188639) - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849) - CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3020=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3020=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_openidc-2.3.8-3.15.1 apache2-mod_auth_openidc-debuginfo-2.3.8-3.15.1 apache2-mod_auth_openidc-debugsource-2.3.8-3.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_openidc-2.3.8-3.15.1 apache2-mod_auth_openidc-debuginfo-2.3.8-3.15.1 apache2-mod_auth_openidc-debugsource-2.3.8-3.15.1 References: https://www.suse.com/security/cve/CVE-2021-32785.html https://www.suse.com/security/cve/CVE-2021-32786.html https://www.suse.com/security/cve/CVE-2021-32791.html https://www.suse.com/security/cve/CVE-2021-32792.html https://bugzilla.suse.com/1188638 https://bugzilla.suse.com/1188639 https://bugzilla.suse.com/1188848 https://bugzilla.suse.com/1188849 From sle-updates at lists.suse.com Mon Sep 13 10:19:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 12:19:43 +0200 (CEST) Subject: SUSE-SU-2021:3017-1: moderate: Security update for wireshark Message-ID: <20210913101943.3CE32FCC9@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3017-1 Rating: moderate References: #1188375 Cross-References: CVE-2021-22235 CVSS scores: CVE-2021-22235 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wireshark fixes the following issues: - Update to Wireshark 3.4.7 - CVE-2021-22235: Fixed DNP dissector crash (bsc#1188375). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3017=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3017=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3017=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3017=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.4.7-3.59.1 wireshark-debugsource-3.4.7-3.59.1 wireshark-devel-3.4.7-3.59.1 wireshark-ui-qt-3.4.7-3.59.1 wireshark-ui-qt-debuginfo-3.4.7-3.59.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.4.7-3.59.1 wireshark-debugsource-3.4.7-3.59.1 wireshark-devel-3.4.7-3.59.1 wireshark-ui-qt-3.4.7-3.59.1 wireshark-ui-qt-debuginfo-3.4.7-3.59.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libwireshark14-3.4.7-3.59.1 libwireshark14-debuginfo-3.4.7-3.59.1 libwiretap11-3.4.7-3.59.1 libwiretap11-debuginfo-3.4.7-3.59.1 libwsutil12-3.4.7-3.59.1 libwsutil12-debuginfo-3.4.7-3.59.1 wireshark-3.4.7-3.59.1 wireshark-debuginfo-3.4.7-3.59.1 wireshark-debugsource-3.4.7-3.59.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libwireshark14-3.4.7-3.59.1 libwireshark14-debuginfo-3.4.7-3.59.1 libwiretap11-3.4.7-3.59.1 libwiretap11-debuginfo-3.4.7-3.59.1 libwsutil12-3.4.7-3.59.1 libwsutil12-debuginfo-3.4.7-3.59.1 wireshark-3.4.7-3.59.1 wireshark-debuginfo-3.4.7-3.59.1 wireshark-debugsource-3.4.7-3.59.1 References: https://www.suse.com/security/cve/CVE-2021-22235.html https://bugzilla.suse.com/1188375 From sle-updates at lists.suse.com Mon Sep 13 10:23:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 12:23:30 +0200 (CEST) Subject: SUSE-RU-2021:3016-1: important: Create update the package in the update channels Message-ID: <20210913102330.CB5ADFCC9@maintenance.suse.de> SUSE Recommended Update: Create update the package in the update channels ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3016-1 Rating: important References: #1189738 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Create update to release base-container-licenses to fix bsc#1189738 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3016=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3016=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): base-container-licenses-3.0-14.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): base-container-licenses-3.0-14.4 References: https://bugzilla.suse.com/1189738 From sle-updates at lists.suse.com Mon Sep 13 10:24:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 12:24:42 +0200 (CEST) Subject: SUSE-SU-2021:3019-1: Security update for compat-openssl098 Message-ID: <20210913102442.45C7DFCC9@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3019-1 Rating: low References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for compat-openssl098 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-3019=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3019=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3019=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2021-3019=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (x86_64): compat-openssl098-debugsource-0.9.8j-106.30.2 libopenssl0_9_8-0.9.8j-106.30.2 libopenssl0_9_8-debuginfo-0.9.8j-106.30.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.30.2 libopenssl0_9_8-0.9.8j-106.30.2 libopenssl0_9_8-debuginfo-0.9.8j-106.30.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.30.2 libopenssl0_9_8-0.9.8j-106.30.2 libopenssl0_9_8-debuginfo-0.9.8j-106.30.2 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-106.30.2 libopenssl0_9_8-0.9.8j-106.30.2 libopenssl0_9_8-32bit-0.9.8j-106.30.2 libopenssl0_9_8-debuginfo-0.9.8j-106.30.2 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.30.2 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Mon Sep 13 10:25:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 12:25:54 +0200 (CEST) Subject: SUSE-SU-2021:3018-1: important: Security update for php7-pear Message-ID: <20210913102554.E9CF1FCC9@maintenance.suse.de> SUSE Security Update: Security update for php7-pear ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3018-1 Rating: important References: #1189591 Cross-References: CVE-2020-36193 CVSS scores: CVE-2020-36193 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-36193 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7-pear fixes the following issues: - CVE-2020-36193: Fixed Archive_Tar directory traversal due to inadequate checking of symbolic links (bsc#1189591). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-3018=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-3018=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): php7-pear-1.10.21-3.6.1 php7-pecl-1.10.21-3.6.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): php7-pear-1.10.21-3.6.1 php7-pecl-1.10.21-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-36193.html https://bugzilla.suse.com/1189591 From sle-updates at lists.suse.com Mon Sep 13 13:17:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 15:17:20 +0200 (CEST) Subject: SUSE-RU-2021:3024-1: moderate: Recommended update for powerpc-utils Message-ID: <20210913131720.9AE03FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3024-1 Rating: moderate References: #1189571 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Optimize 'lsdevinfo' filtering to prevent LPM timeouts. (bsc#1189571) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3024=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (ppc64le): powerpc-utils-1.3.7.1-5.32.1 powerpc-utils-debuginfo-1.3.7.1-5.32.1 powerpc-utils-debugsource-1.3.7.1-5.32.1 References: https://bugzilla.suse.com/1189571 From sle-updates at lists.suse.com Mon Sep 13 13:19:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 15:19:30 +0200 (CEST) Subject: SUSE-RU-2021:3023-1: moderate: Recommended update for pidgin Message-ID: <20210913131930.C2031FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for pidgin ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3023-1 Rating: moderate References: SLE-17111 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for pidgin fixes the following issue: - Add support for the 'no_proxy' environment variable. (jsc#SLE-17111) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3023=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3023=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3023=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libpurple-2.13.0-12.3.1 libpurple-debuginfo-2.13.0-12.3.1 libpurple-devel-2.13.0-12.3.1 libpurple-plugin-sametime-2.13.0-12.3.1 libpurple-plugin-sametime-debuginfo-2.13.0-12.3.1 pidgin-2.13.0-12.3.1 pidgin-debuginfo-2.13.0-12.3.1 pidgin-debugsource-2.13.0-12.3.1 pidgin-devel-2.13.0-12.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): libpurple-branding-upstream-2.13.0-12.3.1 libpurple-lang-2.13.0-12.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): libpurple-branding-upstream-2.13.0-12.3.1 libpurple-lang-2.13.0-12.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libpurple-2.13.0-12.3.1 libpurple-debuginfo-2.13.0-12.3.1 libpurple-devel-2.13.0-12.3.1 libpurple-plugin-sametime-2.13.0-12.3.1 libpurple-plugin-sametime-debuginfo-2.13.0-12.3.1 pidgin-2.13.0-12.3.1 pidgin-debuginfo-2.13.0-12.3.1 pidgin-debugsource-2.13.0-12.3.1 pidgin-devel-2.13.0-12.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): finch-2.13.0-12.3.1 finch-debuginfo-2.13.0-12.3.1 finch-devel-2.13.0-12.3.1 libpurple-2.13.0-12.3.1 libpurple-debuginfo-2.13.0-12.3.1 libpurple-devel-2.13.0-12.3.1 libpurple-plugin-sametime-2.13.0-12.3.1 libpurple-plugin-sametime-debuginfo-2.13.0-12.3.1 libpurple-tcl-2.13.0-12.3.1 libpurple-tcl-debuginfo-2.13.0-12.3.1 pidgin-2.13.0-12.3.1 pidgin-debuginfo-2.13.0-12.3.1 pidgin-debugsource-2.13.0-12.3.1 pidgin-devel-2.13.0-12.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): libpurple-branding-upstream-2.13.0-12.3.1 libpurple-lang-2.13.0-12.3.1 References: From sle-updates at lists.suse.com Mon Sep 13 13:21:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 15:21:39 +0200 (CEST) Subject: SUSE-RU-2021:3025-1: important: Recommended update for powerpc-utils Message-ID: <20210913132139.1572FFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3025-1 Rating: important References: #1186487 #1189571 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - Optimize lsdevinfo filtering to prevent LPM timeouts. (bsc#1189571) - Calculate physc and entc values correctly. (bsc#1186487) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3025=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3025=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3025=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le): powerpc-utils-1.3.7.1-6.1.3.1 powerpc-utils-debuginfo-1.3.7.1-6.1.3.1 powerpc-utils-debugsource-1.3.7.1-6.1.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le): powerpc-utils-1.3.7.1-6.1.3.1 powerpc-utils-debuginfo-1.3.7.1-6.1.3.1 powerpc-utils-debugsource-1.3.7.1-6.1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le): powerpc-utils-1.3.7.1-6.1.3.1 powerpc-utils-debuginfo-1.3.7.1-6.1.3.1 powerpc-utils-debugsource-1.3.7.1-6.1.3.1 References: https://bugzilla.suse.com/1186487 https://bugzilla.suse.com/1189571 From sle-updates at lists.suse.com Mon Sep 13 13:23:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 15:23:56 +0200 (CEST) Subject: SUSE-RU-2021:3026-1: moderate: Recommended update for oracleasm Message-ID: <20210913132356.1701BFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3026-1 Rating: moderate References: #1189119 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Realtime 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for oracleasm fixes the following issues: - Added 4 upstream commits/patches, as requested by support (bsc#1189119): - Fix incorrectly set flag - Fix memory leak - Add 'ENXIO' handling - Tracing update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3026=1 - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2021-3026=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_59.19-19.3.2 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_59.19-19.3.2 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): oracleasm-kmp-rt-2.0.8_k5.3.18_8.13-19.3.2 oracleasm-kmp-rt-debuginfo-2.0.8_k5.3.18_8.13-19.3.2 References: https://bugzilla.suse.com/1189119 From sle-updates at lists.suse.com Mon Sep 13 13:26:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 15:26:18 +0200 (CEST) Subject: SUSE-RU-2021:3022-1: important: Recommended update for c-ares Message-ID: <20210913132618.8B229FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for c-ares ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3022-1 Rating: important References: #1190225 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for c-ares fixes the following issue: - Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3022=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3022=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3022=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3022=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3022=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3022=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3022=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3022=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3022=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3022=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3022=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3022=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 - SUSE CaaS Platform 4.0 (x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 c-ares-devel-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 References: https://bugzilla.suse.com/1190225 From sle-updates at lists.suse.com Mon Sep 13 16:17:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 18:17:00 +0200 (CEST) Subject: SUSE-FU-2021:3027-1: moderate: Feature providing NVIDIA GPU utilities Message-ID: <20210913161700.1792AFCC9@maintenance.suse.de> SUSE Feature Update: Feature providing NVIDIA GPU utilities ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3027-1 Rating: moderate References: SLE-18750 SLE-19341 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP2 ______________________________________________________________________________ An update that has 0 feature fixes and contains two features can now be installed. Description: This feature provides NVIDIA GPU utilities (jsc#SLE-18750, jsc#SLE-19341): Provide: - 'bmake' version 20181221 - 'libnvidia-container' version 1.4.0 - 'nvidia-container-runtime' version 3.5.0 - 'nvidia-container-toolkit' version 1.5.1 Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-3027=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-3027=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): bmake-20181221-5.3.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le x86_64): libnvidia-container-debuginfo-1.4.0-5.3.1 libnvidia-container-debugsource-1.4.0-5.3.1 libnvidia-container-devel-1.4.0-5.3.1 libnvidia-container-static-1.4.0-5.3.1 libnvidia-container-tools-1.4.0-5.3.1 libnvidia-container-tools-debuginfo-1.4.0-5.3.1 libnvidia-container1-1.4.0-5.3.1 libnvidia-container1-debuginfo-1.4.0-5.3.1 nvidia-container-runtime-3.5.0-5.3.1 nvidia-container-toolkit-1.5.1-5.3.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): bmake-20181221-5.3.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le x86_64): libnvidia-container-debuginfo-1.4.0-5.3.1 libnvidia-container-debugsource-1.4.0-5.3.1 libnvidia-container-devel-1.4.0-5.3.1 libnvidia-container-static-1.4.0-5.3.1 libnvidia-container-tools-1.4.0-5.3.1 libnvidia-container-tools-debuginfo-1.4.0-5.3.1 libnvidia-container1-1.4.0-5.3.1 libnvidia-container1-debuginfo-1.4.0-5.3.1 nvidia-container-runtime-3.5.0-5.3.1 nvidia-container-toolkit-1.5.1-5.3.1 References: From sle-updates at lists.suse.com Mon Sep 13 16:18:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Sep 2021 18:18:07 +0200 (CEST) Subject: SUSE-RU-2021:3028-1: moderate: Recommended update for wxWidgets-3_0 Message-ID: <20210913161807.7B45EFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for wxWidgets-3_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3028-1 Rating: moderate References: #1162418 #1180492 ECO-3376 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for wxWidgets-3_0 fixes the following issues: Update from version 3.0.3 to 3.0.5.1 (bsc#1180492, jsc#ECO-3376) - Workaround for the problem with overflowing the maximum command line length in MinGW builds not using configure. - Fix for a problem with 'wxSpinCtrl' in 'wxGTK' - Update the 'SOVERSION' - Relax the ABI changes avoiding to check for the exact match of '__GXX_ABI_VERSION'. - Build 'wxWidgets-3_0-nostl' variant with LTO disabled. (bsc#1162418) - Don't crash on trailing '%' in 'wxDateTime::Format()'. - Fix various problems when parsing invalid ZIP files. - Fix generic 'wxTimePickerCtrl' to accept max values from keyboard. - Multiple surrogate-related fixes in UTF-16 support. - Fix reading wide character data in 'wxFile::ReadAll()'. - Make parsing 'WAV' data more robust. - Fix copy 'ctor' in numeric validators classes. - Fix a memory error when 'wxDataViewCtrl' is deleted. - Avoid some GTK+ run-time errors when using 'wx{File,Dir}PickerCtrl'. - Prevent breaking binaries, if C++11 is enabled. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3028=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3028=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3028=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3028=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libwx_baseu-suse3_0_5-3.0.5.1-11.3.2 libwx_baseu-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_core-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_core-suse3_0_5-debuginfo-3.0.5.1-11.3.2 wxWidgets-3_0-debugsource-3.0.5.1-11.3.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64_ilp32): libwx_baseu-suse3_0_5-64bit-3.0.5.1-11.3.2 libwx_baseu-suse3_0_5-64bit-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_core-suse3_0_5-64bit-3.0.5.1-11.3.2 libwx_gtk2u_core-suse3_0_5-64bit-debuginfo-3.0.5.1-11.3.2 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libwx_baseu-suse3_0_5-3.0.5.1-11.3.2 libwx_baseu-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_core-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_core-suse3_0_5-debuginfo-3.0.5.1-11.3.2 wxWidgets-3_0-debugsource-3.0.5.1-11.3.2 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64_ilp32): libwx_baseu-suse3_0_5-64bit-3.0.5.1-11.3.2 libwx_baseu-suse3_0_5-64bit-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_core-suse3_0_5-64bit-3.0.5.1-11.3.2 libwx_gtk2u_core-suse3_0_5-64bit-debuginfo-3.0.5.1-11.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): libwx_baseu_net-suse3_0_5-3.0.5.1-11.3.2 libwx_baseu_net-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_baseu_xml-suse3_0_5-3.0.5.1-11.3.2 libwx_baseu_xml-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_adv-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_adv-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_aui-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_aui-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_gl-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_gl-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_html-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_html-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_media-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_media-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_propgrid-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_propgrid-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_qa-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_qa-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_ribbon-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_ribbon-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_richtext-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_richtext-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_stc-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_stc-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_xrc-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_xrc-suse3_0_5-debuginfo-3.0.5.1-11.3.2 wxWidgets-3_0-debugsource-3.0.5.1-11.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): libwx_baseu_net-suse3_0_5-3.0.5.1-11.3.2 libwx_baseu_net-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_baseu_xml-suse3_0_5-3.0.5.1-11.3.2 libwx_baseu_xml-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_adv-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_adv-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_aui-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_aui-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_gl-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_gl-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_html-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_html-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_media-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_media-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_propgrid-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_propgrid-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_qa-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_qa-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_ribbon-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_ribbon-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_richtext-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_richtext-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_stc-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_stc-suse3_0_5-debuginfo-3.0.5.1-11.3.2 libwx_gtk2u_xrc-suse3_0_5-3.0.5.1-11.3.2 libwx_gtk2u_xrc-suse3_0_5-debuginfo-3.0.5.1-11.3.2 wxWidgets-3_0-debugsource-3.0.5.1-11.3.2 References: https://bugzilla.suse.com/1162418 https://bugzilla.suse.com/1180492 From sle-updates at lists.suse.com Tue Sep 14 06:24:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 08:24:35 +0200 (CEST) Subject: SUSE-CU-2021:309-1: Security update of suse/sle15 Message-ID: <20210914062435.EA574FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:309-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.1 Container Release : 17.8.1 Severity : moderate Type : security References : 1183154 1189521 1189550 1189683 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3013-1 Released: Thu Sep 9 16:55:40 2021 Summary: Recommended update for patterns-base, patterns-server-enterprise, sles15-image Type: recommended Severity: moderate References: 1183154,1189550 This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues: - Add pattern to install necessary packages for FIPS (bsc#1183154) - Add patterns-base-fips to work also in FIPS environments (bsc#1183154) - Use the same icon in the fips pattern as the previous pattern had (bsc#1189550) From sle-updates at lists.suse.com Tue Sep 14 10:18:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 12:18:54 +0200 (CEST) Subject: SUSE-RU-2021:3029-1: moderate: Recommended update for sapconf Message-ID: <20210914101854.06066FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3029-1 Rating: moderate References: #1189496 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sapconf fixes the following issues: - Adapt the activity detection of saptune to the upcoming saptune version 3. (bsc#1189496) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-3029=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-3029=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-3029=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3029=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3029=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3029=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3029=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3029=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3029=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3029=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3029=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3029=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3029=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3029=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3029=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): sapconf-5.0.3-7.18.1 - SUSE Manager Retail Branch Server 4.0 (noarch): sapconf-5.0.3-7.18.1 - SUSE Manager Proxy 4.0 (noarch): sapconf-5.0.3-7.18.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): sapconf-5.0.3-7.18.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): sapconf-5.0.3-7.18.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): sapconf-5.0.3-7.18.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): sapconf-5.0.3-7.18.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): sapconf-5.0.3-7.18.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): sapconf-5.0.3-7.18.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): sapconf-5.0.3-7.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): sapconf-5.0.3-7.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): sapconf-5.0.3-7.18.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): sapconf-5.0.3-7.18.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): sapconf-5.0.3-7.18.1 - SUSE Enterprise Storage 6 (noarch): sapconf-5.0.3-7.18.1 - SUSE CaaS Platform 4.0 (noarch): sapconf-5.0.3-7.18.1 References: https://bugzilla.suse.com/1189496 From sle-updates at lists.suse.com Tue Sep 14 10:30:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 12:30:56 +0200 (CEST) Subject: SUSE-IU-2021:658-1: Security update of suse-sles-15-sp2-chost-byos-v20210913-gen2 Message-ID: <20210914103056.79500FCC9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20210913-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:658-1 Image Tags : suse-sles-15-sp2-chost-byos-v20210913-gen2:20210913 Image Release : Severity : critical Type : security References : 1027519 1065729 1085224 1094840 1113295 1137251 1153274 1154353 1155518 1156395 1160462 1172505 1176189 1176940 1177695 1179148 1179243 1179246 1180092 1180491 1181989 1183871 1183877 1183939 1184114 1184124 1184350 1184614 1184631 1184758 1184804 1185232 1185261 1185377 1185420 1185441 1185615 1185621 1185646 1185682 1185991 1185993 1186194 1186206 1186347 1186397 1186428 1186429 1186433 1186434 1186482 1186483 1186687 1187071 1187115 1187260 1187470 1187476 1187696 1187774 1187921 1187937 1188050 1188101 1188127 1188405 1188445 1188504 1188571 1188620 1188683 1188746 1188747 1188748 1188763 1188770 1188771 1188772 1188773 1188774 1188777 1188838 1188876 1188881 1188885 1188973 1189097 1189206 1189373 1189376 1189378 1189380 1189381 1189465 1189465 1189520 1189521 1189521 1189683 1189743 1189882 1190225 CVE-2019-19977 CVE-2020-12049 CVE-2021-0089 CVE-2021-21781 CVE-2021-22543 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-36222 CVE-2021-3659 CVE-2021-3672 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37576 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20210913-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2465-1 Released: Fri Jul 23 14:56:48 2021 Summary: Recommended update for shim Type: recommended Severity: moderate References: 1185232,1185261,1185441,1185621,1187071,1187260,1187696 This update for shim fixes the following issues: Update to shim to 15.4-4.7.1, Version: 15.4, 'Thu Jul 15 2021' Update the SLE signatures Includes fixes for various bugs in MOK handling and booting (bsc#1187696, bsc#1185261, bsc#1185441, bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261, bsc#1187260, bsc#1185232) Remove shim-install because the shim-install is updated in the RPM. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2481-1 Released: Tue Jul 27 14:20:27 2021 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1184124 This update for sysconfig fixes the following issues: - Link as Position Independent Executable (bsc#1184124). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2593-1 Released: Mon Aug 2 15:40:22 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1177695 This update for suse-module-tools provides the following fix: - modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2603-1 Released: Wed Aug 4 10:09:08 2021 Summary: Recommended update for sca-appliance-common, supportutils Type: recommended Severity: moderate References: 1185991,1185993,1186347,1186397,1186687 This update for sca-appliance-common, supportutils fixes the following issues: - Adding ethtool options to the supportconfigt. (jsc#SLE-18239, jsc#SLE-18344) - Fixed and issue when 'lsof' causes performance problems. (bsc#1186687) - Exclude 'rhn.conf' from 'etc.txt' to prevent supportconfig capturing passwords in clear text. (bsc#1186347) - Fix 'analyzevmcore' to supports local directories. (bsc#1186397) - Fix for 'getappcore' checking for valid compression binary. (bsc#1185991) - Fixed 'getappcore' to prevent triggering errors with help message. (bsc#1185993) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2623-1 Released: Thu Aug 5 11:54:08 2021 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1185420 This update for samba fixes the following issues: - Add 'msDS-AdditionalDnsHostName' to the keytab. (bsc#1185420) - Add 'net-ads-join dnshostname' option. (bsc#1185420) - Fix adding 'msDS-AdditionalDnsHostName' to keytab with Windows DC. (bsc#1185420) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2756-1 Released: Tue Aug 17 13:24:52 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085224,1094840,1113295,1153274,1154353,1155518,1156395,1176940,1179243,1180092,1183871,1184114,1184350,1184631,1184804,1185377,1186194,1186206,1186482,1186483,1187476,1188101,1188405,1188445,1188504,1188620,1188683,1188746,1188747,1188748,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188973,CVE-2021-21781,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes). - Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes). - Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mvpp2: suppress warning (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - replaced with upstream security mitigation cleanup - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - sfp: Fix error handing in sfp_probe() (git-fixes). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2760-1 Released: Tue Aug 17 17:11:14 2021 Summary: Security update for c-ares Type: security Severity: important References: 1188881,CVE-2021-3672 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2805-1 Released: Mon Aug 23 07:01:37 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1185615,1185646,1187115,1187470,1187774 This update for dracut fixes the following issues: - Correct man pages regarding the 'INITRD_MODULES' as some parts already invalid. (bsc#1187115) - Fixed an issue when running mkinitrd inproper arch is being expanded. (bsc#1185615) - Fix for 'suse-initrd' exclude modules that are built-in to prevent failing modules to be installed. (bsc#1185646) - Fix informing on usage of obsolete -f parameter. (bsc#1187470) - Fix reference to 'insmodpost module' in the documentation. (bsc#1187774) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2871-1 Released: Mon Aug 30 15:46:25 2021 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1187921,1188763 This update for bind fixes the following issues: - Fix an assertion failure in the 'rehash()' function (bsc#1188763) When calculating the new hashtable bitsize, there was an off-by-one error that would allow the new bitsize to be larger than maximum allowed. - tsig-keygen is now used to generate DDNS keys (bsc#1187921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2887-1 Released: Tue Aug 31 13:31:19 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1183939,1184758 This update for cloud-init contains the following: - Change log file creation mode to 640. (bsc#1183939) - Do not write the generated password to the log file. (bsc#1184758) - Allow purging cache when Python when version change detected. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2922-1 Released: Thu Sep 2 10:10:17 2021 Summary: Security update for xen Type: security Severity: important References: 1027519,1137251,1176189,1179148,1179246,1180491,1181989,1183877,1185682,1186428,1186429,1186433,1186434,1188050,1189373,1189376,1189378,1189380,1189381,1189882,CVE-2021-0089,CVE-2021-28690,CVE-2021-28692,CVE-2021-28693,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-28700 This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2937-1 Released: Fri Sep 3 09:18:45 2021 Summary: Security update for libesmtp Type: security Severity: important References: 1160462,1189097,CVE-2019-19977 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2950-1 Released: Fri Sep 3 11:59:19 2021 Summary: Recommended update for pcre2 Type: recommended Severity: moderate References: 1187937 This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2962-1 Released: Mon Sep 6 18:23:01 2021 Summary: Recommended update for runc Type: recommended Severity: critical References: 1189743 This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3022-1 Released: Mon Sep 13 10:48:16 2021 Summary: Recommended update for c-ares Type: recommended Severity: important References: 1190225 This update for c-ares fixes the following issue: - Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores. From sle-updates at lists.suse.com Tue Sep 14 10:34:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 12:34:58 +0200 (CEST) Subject: SUSE-IU-2021:659-1: Security update of suse-sles-15-sp2-chost-byos-v20210913-hvm-ssd-x86_64 Message-ID: <20210914103458.49F0AFCC9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20210913-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:659-1 Image Tags : suse-sles-15-sp2-chost-byos-v20210913-hvm-ssd-x86_64:20210913 Image Release : Severity : critical Type : security References : 1027519 1065729 1085224 1094840 1113295 1137251 1153274 1154353 1155518 1156395 1160462 1172505 1176189 1176940 1177695 1179148 1179243 1179246 1180092 1180491 1181989 1183871 1183877 1183939 1184114 1184124 1184350 1184614 1184631 1184758 1184804 1185377 1185420 1185615 1185646 1185682 1185991 1185993 1186194 1186206 1186347 1186397 1186428 1186429 1186433 1186434 1186482 1186483 1186687 1187115 1187470 1187476 1187774 1187921 1187937 1188050 1188101 1188127 1188405 1188445 1188504 1188571 1188620 1188683 1188746 1188747 1188748 1188763 1188770 1188771 1188772 1188773 1188774 1188777 1188838 1188876 1188881 1188885 1188973 1189097 1189206 1189373 1189376 1189378 1189380 1189381 1189465 1189465 1189520 1189521 1189521 1189683 1189743 1189882 1190225 CVE-2019-19977 CVE-2020-12049 CVE-2021-0089 CVE-2021-21781 CVE-2021-22543 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-36222 CVE-2021-3659 CVE-2021-3672 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37576 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20210913-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2481-1 Released: Tue Jul 27 14:20:27 2021 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1184124 This update for sysconfig fixes the following issues: - Link as Position Independent Executable (bsc#1184124). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2593-1 Released: Mon Aug 2 15:40:22 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1177695 This update for suse-module-tools provides the following fix: - modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2603-1 Released: Wed Aug 4 10:09:08 2021 Summary: Recommended update for sca-appliance-common, supportutils Type: recommended Severity: moderate References: 1185991,1185993,1186347,1186397,1186687 This update for sca-appliance-common, supportutils fixes the following issues: - Adding ethtool options to the supportconfigt. (jsc#SLE-18239, jsc#SLE-18344) - Fixed and issue when 'lsof' causes performance problems. (bsc#1186687) - Exclude 'rhn.conf' from 'etc.txt' to prevent supportconfig capturing passwords in clear text. (bsc#1186347) - Fix 'analyzevmcore' to supports local directories. (bsc#1186397) - Fix for 'getappcore' checking for valid compression binary. (bsc#1185991) - Fixed 'getappcore' to prevent triggering errors with help message. (bsc#1185993) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2623-1 Released: Thu Aug 5 11:54:08 2021 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1185420 This update for samba fixes the following issues: - Add 'msDS-AdditionalDnsHostName' to the keytab. (bsc#1185420) - Add 'net-ads-join dnshostname' option. (bsc#1185420) - Fix adding 'msDS-AdditionalDnsHostName' to keytab with Windows DC. (bsc#1185420) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2756-1 Released: Tue Aug 17 13:24:52 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085224,1094840,1113295,1153274,1154353,1155518,1156395,1176940,1179243,1180092,1183871,1184114,1184350,1184631,1184804,1185377,1186194,1186206,1186482,1186483,1187476,1188101,1188405,1188445,1188504,1188620,1188683,1188746,1188747,1188748,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188973,CVE-2021-21781,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes). - Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes). - Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mvpp2: suppress warning (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - replaced with upstream security mitigation cleanup - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - sfp: Fix error handing in sfp_probe() (git-fixes). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2760-1 Released: Tue Aug 17 17:11:14 2021 Summary: Security update for c-ares Type: security Severity: important References: 1188881,CVE-2021-3672 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2805-1 Released: Mon Aug 23 07:01:37 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1185615,1185646,1187115,1187470,1187774 This update for dracut fixes the following issues: - Correct man pages regarding the 'INITRD_MODULES' as some parts already invalid. (bsc#1187115) - Fixed an issue when running mkinitrd inproper arch is being expanded. (bsc#1185615) - Fix for 'suse-initrd' exclude modules that are built-in to prevent failing modules to be installed. (bsc#1185646) - Fix informing on usage of obsolete -f parameter. (bsc#1187470) - Fix reference to 'insmodpost module' in the documentation. (bsc#1187774) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2871-1 Released: Mon Aug 30 15:46:25 2021 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1187921,1188763 This update for bind fixes the following issues: - Fix an assertion failure in the 'rehash()' function (bsc#1188763) When calculating the new hashtable bitsize, there was an off-by-one error that would allow the new bitsize to be larger than maximum allowed. - tsig-keygen is now used to generate DDNS keys (bsc#1187921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2887-1 Released: Tue Aug 31 13:31:19 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1183939,1184758 This update for cloud-init contains the following: - Change log file creation mode to 640. (bsc#1183939) - Do not write the generated password to the log file. (bsc#1184758) - Allow purging cache when Python when version change detected. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2922-1 Released: Thu Sep 2 10:10:17 2021 Summary: Security update for xen Type: security Severity: important References: 1027519,1137251,1176189,1179148,1179246,1180491,1181989,1183877,1185682,1186428,1186429,1186433,1186434,1188050,1189373,1189376,1189378,1189380,1189381,1189882,CVE-2021-0089,CVE-2021-28690,CVE-2021-28692,CVE-2021-28693,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-28700 This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2937-1 Released: Fri Sep 3 09:18:45 2021 Summary: Security update for libesmtp Type: security Severity: important References: 1160462,1189097,CVE-2019-19977 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2950-1 Released: Fri Sep 3 11:59:19 2021 Summary: Recommended update for pcre2 Type: recommended Severity: moderate References: 1187937 This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2962-1 Released: Mon Sep 6 18:23:01 2021 Summary: Recommended update for runc Type: recommended Severity: critical References: 1189743 This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3022-1 Released: Mon Sep 13 10:48:16 2021 Summary: Recommended update for c-ares Type: recommended Severity: important References: 1190225 This update for c-ares fixes the following issue: - Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores. From sle-updates at lists.suse.com Tue Sep 14 10:39:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 12:39:15 +0200 (CEST) Subject: SUSE-IU-2021:660-1: Security update of sles-15-sp2-chost-byos-v20210913 Message-ID: <20210914103915.E453BFCC9@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp2-chost-byos-v20210913 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:660-1 Image Tags : sles-15-sp2-chost-byos-v20210913:20210913 Image Release : Severity : critical Type : security References : 1027519 1065729 1085224 1094840 1113295 1137251 1153274 1154353 1155518 1156395 1160462 1165198 1172505 1176189 1176940 1177695 1179148 1179243 1179246 1180092 1180491 1181989 1183871 1183877 1184114 1184124 1184350 1184614 1184631 1184804 1185232 1185261 1185377 1185420 1185441 1185615 1185621 1185646 1185682 1185991 1185993 1186194 1186206 1186347 1186397 1186428 1186429 1186433 1186434 1186482 1186483 1186687 1187071 1187115 1187260 1187470 1187476 1187696 1187774 1187921 1187937 1188050 1188101 1188127 1188179 1188405 1188445 1188504 1188571 1188620 1188683 1188746 1188747 1188748 1188763 1188770 1188771 1188772 1188773 1188774 1188777 1188838 1188868 1188876 1188881 1188885 1188904 1188973 1189097 1189206 1189373 1189376 1189378 1189380 1189381 1189465 1189465 1189520 1189521 1189521 1189683 1189743 1189882 1190225 CVE-2019-19977 CVE-2020-12049 CVE-2021-0089 CVE-2021-21781 CVE-2021-22543 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-36222 CVE-2021-3659 CVE-2021-3672 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37576 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container sles-15-sp2-chost-byos-v20210913 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2465-1 Released: Fri Jul 23 14:56:48 2021 Summary: Recommended update for shim Type: recommended Severity: moderate References: 1185232,1185261,1185441,1185621,1187071,1187260,1187696 This update for shim fixes the following issues: Update to shim to 15.4-4.7.1, Version: 15.4, 'Thu Jul 15 2021' Update the SLE signatures Includes fixes for various bugs in MOK handling and booting (bsc#1187696, bsc#1185261, bsc#1185441, bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261, bsc#1187260, bsc#1185232) Remove shim-install because the shim-install is updated in the RPM. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2477-1 Released: Tue Jul 27 13:32:50 2021 Summary: Recommended update for growpart-rootgrow Type: recommended Severity: important References: 1165198,1188179 This update for growpart-rootgrow fixes the following issues: - Change the logic to determine the partition ID of the root filesystem (bsc#1188179) + Previously the algorithm depended on the order of the output from lsblk using an index to keep track of the known partitions. The new implementation is order independent, it depends on the partition ID being numerical in nature and at the end of the device string. - Add coverage config. Omit version module from coverage check. - Fix string formatting for flake8 formatting. - Replace travis testing with GitHub actions. Add ci testing workflow action. - Switch implementation to use Popen for Python 3.4 compatibility (bsc#1165198) - Bump version: 1.0.2 ??? 1.0.3 - Fixed unit tests and style This clobbers several fixes into one. Sorry about it but I started on already made changes done by other people. This commit includes several pep8 style fixes mostly on the indentation level. In addition it fixes the unit tests to really cover all code and to make the exception tests really effective. - Switch to use Popen instead of run The run() fuction in the subprocess module was implemented after Python 3.4. However, we need to support Python 3.4 for SLES 12 - Bump version: 1.0.1 ??? 1.0.2 - Package LICENSE file The LICENSE file is part of the source repo but was not packaged with the rpm package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2481-1 Released: Tue Jul 27 14:20:27 2021 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1184124 This update for sysconfig fixes the following issues: - Link as Position Independent Executable (bsc#1184124). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2593-1 Released: Mon Aug 2 15:40:22 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1177695 This update for suse-module-tools provides the following fix: - modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2603-1 Released: Wed Aug 4 10:09:08 2021 Summary: Recommended update for sca-appliance-common, supportutils Type: recommended Severity: moderate References: 1185991,1185993,1186347,1186397,1186687 This update for sca-appliance-common, supportutils fixes the following issues: - Adding ethtool options to the supportconfigt. (jsc#SLE-18239, jsc#SLE-18344) - Fixed and issue when 'lsof' causes performance problems. (bsc#1186687) - Exclude 'rhn.conf' from 'etc.txt' to prevent supportconfig capturing passwords in clear text. (bsc#1186347) - Fix 'analyzevmcore' to supports local directories. (bsc#1186397) - Fix for 'getappcore' checking for valid compression binary. (bsc#1185991) - Fixed 'getappcore' to prevent triggering errors with help message. (bsc#1185993) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2623-1 Released: Thu Aug 5 11:54:08 2021 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1185420 This update for samba fixes the following issues: - Add 'msDS-AdditionalDnsHostName' to the keytab. (bsc#1185420) - Add 'net-ads-join dnshostname' option. (bsc#1185420) - Fix adding 'msDS-AdditionalDnsHostName' to keytab with Windows DC. (bsc#1185420) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2681-1 Released: Thu Aug 12 14:59:06 2021 Summary: Recommended update for growpart-rootgrow Type: recommended Severity: important References: 1188868,1188904 This update for growpart-rootgrow fixes the following issues: - Fix root partition ID lookup. Only consider trailing digits to be part of the paritition ID. (bsc#1188868) (bsc#1188904) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2756-1 Released: Tue Aug 17 13:24:52 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085224,1094840,1113295,1153274,1154353,1155518,1156395,1176940,1179243,1180092,1183871,1184114,1184350,1184631,1184804,1185377,1186194,1186206,1186482,1186483,1187476,1188101,1188405,1188445,1188504,1188620,1188683,1188746,1188747,1188748,1188770,1188771,1188772,1188773,1188774,1188777,1188838,1188876,1188885,1188973,CVE-2021-21781,CVE-2021-22543,CVE-2021-3659,CVE-2021-37576 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes). - Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes). - Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mvpp2: suppress warning (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - replaced with upstream security mitigation cleanup - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - sfp: Fix error handing in sfp_probe() (git-fixes). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2760-1 Released: Tue Aug 17 17:11:14 2021 Summary: Security update for c-ares Type: security Severity: important References: 1188881,CVE-2021-3672 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2805-1 Released: Mon Aug 23 07:01:37 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1185615,1185646,1187115,1187470,1187774 This update for dracut fixes the following issues: - Correct man pages regarding the 'INITRD_MODULES' as some parts already invalid. (bsc#1187115) - Fixed an issue when running mkinitrd inproper arch is being expanded. (bsc#1185615) - Fix for 'suse-initrd' exclude modules that are built-in to prevent failing modules to be installed. (bsc#1185646) - Fix informing on usage of obsolete -f parameter. (bsc#1187470) - Fix reference to 'insmodpost module' in the documentation. (bsc#1187774) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2871-1 Released: Mon Aug 30 15:46:25 2021 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1187921,1188763 This update for bind fixes the following issues: - Fix an assertion failure in the 'rehash()' function (bsc#1188763) When calculating the new hashtable bitsize, there was an off-by-one error that would allow the new bitsize to be larger than maximum allowed. - tsig-keygen is now used to generate DDNS keys (bsc#1187921) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2922-1 Released: Thu Sep 2 10:10:17 2021 Summary: Security update for xen Type: security Severity: important References: 1027519,1137251,1176189,1179148,1179246,1180491,1181989,1183877,1185682,1186428,1186429,1186433,1186434,1188050,1189373,1189376,1189378,1189380,1189381,1189882,CVE-2021-0089,CVE-2021-28690,CVE-2021-28692,CVE-2021-28693,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-28700 This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2937-1 Released: Fri Sep 3 09:18:45 2021 Summary: Security update for libesmtp Type: security Severity: important References: 1160462,1189097,CVE-2019-19977 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2950-1 Released: Fri Sep 3 11:59:19 2021 Summary: Recommended update for pcre2 Type: recommended Severity: moderate References: 1187937 This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2962-1 Released: Mon Sep 6 18:23:01 2021 Summary: Recommended update for runc Type: recommended Severity: critical References: 1189743 This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3022-1 Released: Mon Sep 13 10:48:16 2021 Summary: Recommended update for c-ares Type: recommended Severity: important References: 1190225 This update for c-ares fixes the following issue: - Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores. From sle-updates at lists.suse.com Tue Sep 14 13:17:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 15:17:27 +0200 (CEST) Subject: SUSE-RU-2021:3032-1: important: Recommended update for autoyast2 Message-ID: <20210914131727.429D6FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3032-1 Rating: important References: #1171356 #1174194 #1176089 #1187220 #1187916 #1188153 #1188357 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for autoyast2 fixes the following issues: - Copy the files to the right location when a 'file_location' is given. (bsc#1188357) - Add missing elements to 'rules.xml' schema. (bsc#1176089, bsc#1188153) - Do not export the general/storage section when it is empty to prevent installation failing. (bsc#1171356, bsc#1187916) - Moving 'files' section handling from second installation stage to first installation stage. (bsc#1174194) This update for yast2-installation fixes the following issues: - Moving 'files' section handling from second installation stage to first installation stage. (bsc#1174194) - Activate devices before probing to fix an issue when volume groups are incomplete due to inactive multipathing after upgrade. (bsc#1187220) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3032=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-3032=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): autoyast2-4.2.55-3.19.2 autoyast2-installation-4.2.55-3.19.2 yast2-installation-4.2.53-3.31.2 - SUSE Linux Enterprise Installer 15-SP2 (noarch): autoyast2-4.2.55-3.19.2 autoyast2-installation-4.2.55-3.19.2 yast2-installation-4.2.53-3.31.2 References: https://bugzilla.suse.com/1171356 https://bugzilla.suse.com/1174194 https://bugzilla.suse.com/1176089 https://bugzilla.suse.com/1187220 https://bugzilla.suse.com/1187916 https://bugzilla.suse.com/1188153 https://bugzilla.suse.com/1188357 From sle-updates at lists.suse.com Tue Sep 14 13:19:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 15:19:43 +0200 (CEST) Subject: SUSE-RU-2021:3030-1: moderate: Recommended update for patterns-base Message-ID: <20210914131943.C1C00FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-base ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3030-1 Rating: moderate References: #1189534 #1189554 Affected Products: SUSE Linux Enterprise Module for Transactional Server 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update of patterns-base fixes the following issue: - The fips pattern should also install "openssh-fips" if "openssh" is installed (bsc#1189554 bsc#1189534) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP2: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP2-2021-3030=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3030=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3030=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP2 (aarch64 ppc64le s390x x86_64): patterns-base-transactional_base-20200124-4.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64): patterns-base-x11_raspberrypi-20200124-4.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): patterns-base-apparmor-20200124-4.12.1 patterns-base-apparmor-32bit-20200124-4.12.1 patterns-base-base-20200124-4.12.1 patterns-base-base-32bit-20200124-4.12.1 patterns-base-basesystem-20200124-4.12.1 patterns-base-basic_desktop-20200124-4.12.1 patterns-base-documentation-20200124-4.12.1 patterns-base-enhanced_base-20200124-4.12.1 patterns-base-enhanced_base-32bit-20200124-4.12.1 patterns-base-fips-20200124-4.12.1 patterns-base-minimal_base-20200124-4.12.1 patterns-base-minimal_base-32bit-20200124-4.12.1 patterns-base-sw_management-20200124-4.12.1 patterns-base-sw_management-32bit-20200124-4.12.1 patterns-base-x11-20200124-4.12.1 patterns-base-x11-32bit-20200124-4.12.1 patterns-base-x11_enhanced-20200124-4.12.1 patterns-base-x11_enhanced-32bit-20200124-4.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le x86_64): patterns-base-32bit-20200124-4.12.1 References: https://bugzilla.suse.com/1189534 https://bugzilla.suse.com/1189554 From sle-updates at lists.suse.com Tue Sep 14 13:24:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 15:24:57 +0200 (CEST) Subject: SUSE-RU-2021:3031-1: moderate: Recommended update for sapconf Message-ID: <20210914132457.25FA0FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3031-1 Rating: moderate References: #1189496 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sapconf fixes the following issues: - Adapt the activity detection of saptune to the upcoming saptune version 3. (bsc#1189496) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3031=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3031=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3031=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3031=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3031=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3031=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3031=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3031=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3031=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3031=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3031=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): sapconf-5.0.3-40.68.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): sapconf-5.0.3-40.68.1 - SUSE OpenStack Cloud 9 (noarch): sapconf-5.0.3-40.68.1 - SUSE OpenStack Cloud 8 (noarch): sapconf-5.0.3-40.68.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): sapconf-5.0.3-40.68.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): sapconf-5.0.3-40.68.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): sapconf-5.0.3-40.68.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): sapconf-5.0.3-40.68.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): sapconf-5.0.3-40.68.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): sapconf-5.0.3-40.68.1 - HPE Helion Openstack 8 (noarch): sapconf-5.0.3-40.68.1 References: https://bugzilla.suse.com/1189496 From sle-updates at lists.suse.com Tue Sep 14 16:20:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 18:20:29 +0200 (CEST) Subject: SUSE-RU-2021:3033-1: Recommended update for yast2-theme Message-ID: <20210914162029.7E124FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-theme ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3033-1 Rating: low References: Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for yast2-theme fixes the following issues: - Fix the icons' style and minify them. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3033=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-theme-4.3.9-3.3.1 References: From sle-updates at lists.suse.com Tue Sep 14 16:21:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 18:21:33 +0200 (CEST) Subject: SUSE-RU-2021:3034-1: moderate: Recommended update for python-pytz Message-ID: <20210914162133.8199FFE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pytz ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3034-1 Rating: moderate References: #1185748 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-pytz fixes the following issues: - Add %pyunittest shim for platforms where it is missing. - Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748) - update to 2021.1: * update to IANA 2021a timezone release - update to 2020.5: * update to IANA 2020e timezone release - update to 2020.4: * update to IANA 2020d timezone release - update to version 2020.1: * Test against Python 3.8 and Python 3.9 * Bump version numbers to 2020.1/2020a * use .rst extension name * Make FixedOffset part of public API - Update to 2019.3 * IANA 2019c - Add versioned dependency on timezone database to ensure the correct data is installed - Add a symlink to the system timezone database - update to 2019.2 * IANA 2019b * Defer generating case-insensitive lookups Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3034=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-3034=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3034=1 Package List: - SUSE MicroOS 5.0 (noarch): python3-pytz-2021.1-6.7.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-pytz-2021.1-6.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-pytz-2021.1-6.7.1 References: https://bugzilla.suse.com/1185748 From sle-updates at lists.suse.com Tue Sep 14 16:26:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 18:26:14 +0200 (CEST) Subject: SUSE-RU-2021:3036-1: moderate: Recommended update for ocl-icd Message-ID: <20210914162614.AC962FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for ocl-icd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3036-1 Rating: moderate References: #1172303 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ocl-icd fixes the following issue: - provide a libOpenCL1-32bit for use by Wine. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3036=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3036=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libOpenCL1-2.2.11-8.3.1 libOpenCL1-debuginfo-2.2.11-8.3.1 ocl-icd-debugsource-2.2.11-8.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libOpenCL1-2.2.11-8.3.1 libOpenCL1-debuginfo-2.2.11-8.3.1 ocl-icd-debugsource-2.2.11-8.3.1 References: https://bugzilla.suse.com/1172303 From sle-updates at lists.suse.com Tue Sep 14 16:27:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 18:27:25 +0200 (CEST) Subject: SUSE-RU-2021:3035-1: moderate: Recommended update for ibus Message-ID: <20210914162725.8E0B3FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for ibus ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3035-1 Rating: moderate References: #1187202 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ibus fixes the following issues: - Fixed an issue when 'Qt5 IBus IM' module cannot connect to 'IBus' daemon under 'GNOME Wayland' session. (bsc#1187202) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3035=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ibus-1.5.23-3.3.1 ibus-debuginfo-1.5.23-3.3.1 ibus-debugsource-1.5.23-3.3.1 ibus-devel-1.5.23-3.3.1 ibus-gtk-1.5.23-3.3.1 ibus-gtk-debuginfo-1.5.23-3.3.1 ibus-gtk3-1.5.23-3.3.1 ibus-gtk3-debuginfo-1.5.23-3.3.1 libibus-1_0-5-1.5.23-3.3.1 libibus-1_0-5-debuginfo-1.5.23-3.3.1 typelib-1_0-IBus-1_0-1.5.23-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): ibus-dict-emoji-1.5.23-3.3.1 ibus-lang-1.5.23-3.3.1 References: https://bugzilla.suse.com/1187202 From sle-updates at lists.suse.com Tue Sep 14 16:32:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 18:32:01 +0200 (CEST) Subject: SUSE-RU-2021:3037-1: moderate: Recommended update for PackageKit Message-ID: <20210914163201.F1B32FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for PackageKit ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3037-1 Rating: moderate References: #1179287 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for PackageKit fixes the following issues: - Fix crash when search string is NULL (bsc#1179287). - Fix hang in packagekit-glib2 client if daemon crashes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3037=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3037=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3037=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3037=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): PackageKit-debuginfo-1.1.13-4.23.1 PackageKit-debugsource-1.1.13-4.23.1 PackageKit-gstreamer-plugin-1.1.13-4.23.1 PackageKit-gstreamer-plugin-debuginfo-1.1.13-4.23.1 PackageKit-gtk3-module-1.1.13-4.23.1 PackageKit-gtk3-module-debuginfo-1.1.13-4.23.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): PackageKit-debuginfo-1.1.13-4.23.1 PackageKit-debugsource-1.1.13-4.23.1 PackageKit-gstreamer-plugin-1.1.13-4.23.1 PackageKit-gstreamer-plugin-debuginfo-1.1.13-4.23.1 PackageKit-gtk3-module-1.1.13-4.23.1 PackageKit-gtk3-module-debuginfo-1.1.13-4.23.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): PackageKit-1.1.13-4.23.1 PackageKit-backend-zypp-1.1.13-4.23.1 PackageKit-backend-zypp-debuginfo-1.1.13-4.23.1 PackageKit-debuginfo-1.1.13-4.23.1 PackageKit-debugsource-1.1.13-4.23.1 PackageKit-devel-1.1.13-4.23.1 PackageKit-devel-debuginfo-1.1.13-4.23.1 libpackagekit-glib2-18-1.1.13-4.23.1 libpackagekit-glib2-18-debuginfo-1.1.13-4.23.1 libpackagekit-glib2-devel-1.1.13-4.23.1 typelib-1_0-PackageKitGlib-1_0-1.1.13-4.23.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): PackageKit-lang-1.1.13-4.23.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): PackageKit-1.1.13-4.23.1 PackageKit-backend-zypp-1.1.13-4.23.1 PackageKit-backend-zypp-debuginfo-1.1.13-4.23.1 PackageKit-debuginfo-1.1.13-4.23.1 PackageKit-debugsource-1.1.13-4.23.1 PackageKit-devel-1.1.13-4.23.1 PackageKit-devel-debuginfo-1.1.13-4.23.1 libpackagekit-glib2-18-1.1.13-4.23.1 libpackagekit-glib2-18-debuginfo-1.1.13-4.23.1 libpackagekit-glib2-devel-1.1.13-4.23.1 typelib-1_0-PackageKitGlib-1_0-1.1.13-4.23.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): PackageKit-lang-1.1.13-4.23.1 References: https://bugzilla.suse.com/1179287 From sle-updates at lists.suse.com Tue Sep 14 19:17:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 21:17:46 +0200 (CEST) Subject: SUSE-RU-2021:3038-1: important: Recommended update for kernel-livepatch-tools Message-ID: <20210914191746.A2162FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-livepatch-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3038-1 Rating: important References: #1187780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-livepatch-tools fixes the following issue: - Introduce a controlled live patch deployment to solve an issue with the transactional server role (bsc#1187780) - The deployment mode is defined in '/etc/sysconfig/livepatching'. The valid settings are 'always', 'never' and 'auto' with 'auto' as default. This change will preserve the immutability of the system in the transactional server role that skips the patch loading in transactional updates. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3038=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3038=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-tools-1.2-7.6.1 kernel-livepatch-tools-debugsource-1.2-7.6.1 kernel-livepatch-tools-devel-1.2-7.6.1 kernel-livepatch-tools-devel-debuginfo-1.2-7.6.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-tools-1.2-7.6.1 kernel-livepatch-tools-debugsource-1.2-7.6.1 kernel-livepatch-tools-devel-1.2-7.6.1 kernel-livepatch-tools-devel-debuginfo-1.2-7.6.1 References: https://bugzilla.suse.com/1187780 From sle-updates at lists.suse.com Tue Sep 14 19:19:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Sep 2021 21:19:00 +0200 (CEST) Subject: SUSE-RU-2021:3039-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20210914191900.50454FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3039-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issue: Lifecycle data updates. (bsc#1020320) - Updates for 4_12_14-150_75, 4_12_14-197_99, 5_3_18-24_70, 5_3_18-24_75, 5_3_18-24_78, 5_3_18-59_13, 5_3_18-59_16, 5_3_18-59_19. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3040=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3040=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-3040=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-3040=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-3039=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-3039=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2021-3039=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2021-3039=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (noarch): lifecycle-data-sle-module-live-patching-15-4.60.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-4.60.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-4.60.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.60.1 - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.94.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.94.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.94.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.94.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Wed Sep 15 09:56:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 11:56:49 +0200 (CEST) Subject: SUSE-CU-2021:311-1: Security update of ses/7/cephcsi/cephcsi Message-ID: <20210915095649.DD5C8FCC9@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:311-1 Container Tags : ses/7/cephcsi/cephcsi:3.3.1 , ses/7/cephcsi/cephcsi:3.3.1.0.3.539 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.3.1 , ses/7/cephcsi/cephcsi:v3.3.1.0 Container Release : 3.539 Severity : moderate Type : security References : 1177695 1184994 1187091 1188063 1188127 1188217 1188218 1188219 1188220 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33910 ----------------------------------------------------------------- The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2456-1 Released: Thu Jul 22 15:28:39 2021 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1187091 This update for pam-config fixes the following issues: - Add 'revoke' to the option list for 'pam_keyinit'. - Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2593-1 Released: Mon Aug 2 15:40:22 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1177695 This update for suse-module-tools provides the following fix: - modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695) From sle-updates at lists.suse.com Wed Sep 15 09:59:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 11:59:40 +0200 (CEST) Subject: SUSE-CU-2021:313-1: Security update of ses/7/ceph/grafana Message-ID: <20210915095940.61E59FCC9@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:313-1 Container Tags : ses/7/ceph/grafana:7.5.7 , ses/7/ceph/grafana:7.5.7.3.559 , ses/7/ceph/grafana:latest , ses/7/ceph/grafana:sle15.2.octopus Container Release : 3.559 Severity : critical Type : security References : 1181291 1183561 1183803 1183809 1183811 1183813 1184371 1184517 1184614 1184994 1185246 1186348 1188063 1188217 1188218 1188219 1188220 1188571 1188979 1189173 1189206 1189465 1189465 1189520 1189521 1189521 1189534 1189554 1189683 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-27358 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-33910 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container ses/7/ceph/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2662-1 Released: Thu Aug 12 12:01:41 2021 Summary: Security update for grafana Type: security Severity: important References: 1183803,1183809,1183811,1183813,1184371,CVE-2021-27358,CVE-2021-27962,CVE-2021-28146,CVE-2021-28147,CVE-2021-28148 This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call (bsc#1183803) - Update to version 7.5.7: * Updated relref to 'Configuring exemplars' section (#34240) (#34243) * Added exemplar topic (#34147) (#34226) * Quota: Do not count folders towards dashboard quota (#32519) (#34025) * Instructions to separate emails with semicolons (#32499) (#34138) * Docs: Remove documentation of v8 generic OAuth feature (#34018) * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975) * [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935) * ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936) * Stop hoisting @icons/material (#33922) * Chore: fix react-color version in yarn.lock (#33914) * 'Release: Updated versions in package to 7.5.6' (#33909) * Loki: fix label browser crashing when + typed (#33900) (#33901) * Document `hide_version` flag (#33670) (#33881) * Add isolation level db configuration parameter (#33830) (#33878) * Sanitize PromLink button (#33874) (#33876) * Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872) * Docs feedback: /administration/provisioning.md (#33804) (#33842) * Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851) * Docs: Update _index.md (#33797) (#33799) * Docs: Update installation.md (#33656) (#33703) * GraphNG: uPlot 1.6.9 (#33598) (#33612) * dont consider invalid email address a failed email (#33671) (#33681) * InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625) * add template for dashboard url parameters (#33549) (#33588) * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586) * Update team.md (#33454) (#33536) * Removed duplicate file 'dashboard_folder_permissions.md (#33497) * Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495) * ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492) * Documentation: Update developer-guide.md (#33478) (#33490) * add closed parenthesis to fix a hyperlink (#33471) (#33481) - Update to version 7.5.5: * 'Release: Updated versions in package to 7.5.5' (#33469) * GraphNG: Fix exemplars window position (#33427) (#33462) * Remove field limitation from slack notification (#33113) (#33455) * Prometheus: Support POST in template variables (#33321) (#33441) * Instrumentation: Add success rate metrics for email notifications (#33359) (#33409) * Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406) * Docs: Removed type from find annotations example. (#33399) (#33403) * [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255) * Updated label for add panel. (#33285) (#33286) * Bug: Add git to Dockerfile.ubuntu (#33247) (#33248) * Docs: Sync latest master docs with 7.5.x (#33156) * Docs: Update getting-started-influxdb.md (#33234) (#33241) * Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239) * Minor Changes in Auditing.md (#31435) (#33238) * Docs: Add license check endpoint doc (#32987) (#33236) * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219) * Docs: InfluxDB doc improvements (#32815) (#33185) * [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031) * update cla (#33181) * Fix inefficient regular expression (#33155) (#33159) * Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136) * Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128) * Update team.md (#33060) (#33084) * GE issue 1268 (#33049) (#33081) * Fixed some formatting issues for PRs from yesterday. (#33078) (#33079) * Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061) * Docs: Replace next with latest in aliases (#33054) (#33059) * Added missing link item. (#33052) (#33055) * Backport 33034 (#33038) * Docs: Backport 32916 to v7.5x (#33008) * ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998) * Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996) * Docs: Sync release branch with latest docs (#32986) - Update to version 7.5.4: * 'Release: Updated versions in package to 7.5.4' (#32971) * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967) * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968) * fix sqlite3 tx retry condition operator precedence (#32897) (#32952) * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947) * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945) * GraphNG: uPlot 1.6.8 (#32859) (#32863) * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844) * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804) * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758) * TablePanel: Makes sorting case-insensitive (#32435) (#32752) - Update to version 7.5.3: * 'Release: Updated versions in package to 7.5.3' (#32745) * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741) * Loki: Remove empty annotations tags (#32359) (#32490) * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739) * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726) * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714) * Variables: Confirms selection before opening new picker (#32586) (#32710) * CloudWarch: Fix service quotas link (#32686) (#32689) * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598) * chore: bump execa to v2.1.0 (#32543) (#32592) * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558) * Fix broken gtime tests (#32582) (#32587) * resolve conflicts (#32567) * gtime: Make ParseInterval deterministic (#32539) (#32560) * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535) * TextboxVariable: Limits the length of the preview value (#32472) (#32530) * AdHocVariable: Adds default data source (#32470) (#32476) * Variables: Fixes Unsupported data format error for null values (#32480) (#32487) * Prometheus: align exemplars check to latest api change (#32513) (#32515) * 'Release: Updated versions in package to 7.5.2' (#32502) * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488) * Set spanNulls to default (#32471) (#32486) * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442) * API: Return 409 on datasource version conflict (#32425) (#32433) * API: Return 400 on invalid Annotation requests (#32429) (#32431) * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424) * Table: Fixes so links work for image cells (#32370) (#32410) * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394) * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395) * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397) * 'Release: Updated versions in package to 7.5.1' (#32362) * MSSQL: Upgrade go-mssqldb (#32347) (#32361) * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348) * 'Release: Updated versions in package to 7.5.0' (#32308) * Loki: Fix text search in Label browser (#32293) (#32306) * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299) * PieChartV2: Add migration from old piechart (#32259) (#32291) * LibraryPanels: Adds Type and Description to DB (#32258) (#32288) * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284) * Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281) * LibraryPanels: Changes to non readonly reducer (#32193) (#32200) * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262) * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102) * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247) * Logs: If log message missing, use empty string (#32080) (#32243) * CloudWatch: Use latest version of aws sdk (#32217) (#32223) * Release: Updated versions in package to 7.5.0-beta.2 (#32158) * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154) * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151) * Fix loading timezone info on windows (#32029) (#32149) * SQLStore: Close session in withDbSession (#31775) (#32108) * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148) * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125) * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144) * Backport 32005 to v7.5.x #32128 (#32130) * Loki: Label browser UI updates (#31737) (#32119) * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929) * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103) * LibraryPanels: Improves the Get All experience (#32028) (#32093) * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032) * Exemplars: always query exemplars (#31673) (#32024) * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055) * Chore: Collect elasticsearch version usage stats (#31787) (#32063) * Chore: Tidy up Go deps (#32053) * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066) * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060) * [v7.5.x] Auth: Allow soft token revocation (#32037) * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036) * Make master green (#32011) (#32015) * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982) * Variables: Fixes filtering in picker with null items (#31979) (#31995) * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003) * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987) * Loki: Fix type errors in language_provider (#31902) (#31945) * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977) * Cloudwatch: use shared library for aws auth (#29550) (#31946) * Tooltip: partial perf improvement (#31774) (#31837) (#31957) * Backport 31913 to v7.5.x (#31955) * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938) * Variables: Do not reset description on variable type change (#31933) (#31939) * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894) * Elasticseach: Support histogram fields (#29079) (#31914) * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896) * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891) * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801) * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882) * Run go mod tidy to update go.mod and go.sum (#31859) * Grafana/ui: display all selected levels for Cascader (#31729) (#31862) * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861) * Cloudwatch: ListMetrics API page limit (#31788) (#31851) * Remove invalid attribute (#31848) (#31850) * CloudWatch: Restrict auth provider and assume role usage according to??? (#31845) * CloudWatch: Add support for EC2 IAM role (#31804) (#31841) * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819) * Variables: Improves inspection performance and unknown filtering (#31811) (#31813) * Change piechart plugin state to beta (#31797) (#31798) * ReduceTransform: Include series with numeric string names (#31763) (#31794) * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769) * Fix escaping in ANSI and dynamic button removal (#31731) (#31767) * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718) * log skipped, performed and duration for migrations (#31722) (#31754) * Search: Make items more compact (#31734) (#31750) * loki_datasource: add documentation to label_format and line_format (#31710) (#31746) * Tempo: Convert tempo to backend data source2 (#31733) * Elasticsearch: Fix script fields in query editor (#31681) (#31727) * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717) * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675) * Tempo: set authentication header properly (#31699) (#31701) * Tempo: convert to backend data source (#31618) (#31695) * Update package.json (#31672) * Release: Bump version to 7.5.0-beta.1 (#31664) * Fix whatsNewUrl version to 7.5 (#31666) * Chore: add alias for what's new 7.5 (#31669) * Docs: Update doc for PostgreSQL authentication (#31434) * Docs: document report template variables (#31637) * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633) * Color: Fixes issue where colors where reset to gray when switch panels (#31611) * Live: Use pure WebSocket transport (#31630) * Docs: Fix broken image link (#31661) * Docs: Add Whats new in 7.5 (#31659) * Docs: Fix links for 7.5 (#31658) * Update enterprise-configuration.md (#31656) * Explore/Logs: Escaping of incorrectly escaped log lines (#31352) * Tracing: Small improvements to trace types (#31646) * Update _index.md (#31645) * AlertingNG: code refactoring (#30787) * Remove pkill gpg-agent (#31169) * Remove format for plugin routes (#31633) * Library Panels: Change unsaved change detection logic (#31477) * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624) * add new metrics and dimensions (#31595) * fix devenv dashboard content typo (#31583) * DashList: Sort starred and searched dashboard alphabetically (#31605) * Docs: Update whats-new-in-v7-4.md (#31612) * SSE: Add 'Classic Condition' on backend (#31511) * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259) * Alerting: PagerDuty: adding current state to the payload (#29270) * devenv: Fix typo (#31589) * Loki: Label browser (#30351) * LibraryPanels: No save modal when user is on same dashboard (#31606) * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603) * Update node-graph.md (#31571) * test: pass Cypress options objects into selector wrappers (#31567) * Loki: Add support for alerting (#31424) * Tracing: Specify type of the data frame that is expected for TraceView (#31465) * LibraryPanels: Adds version column (#31590) * PieChart: Add color changing options to pie chart (#31588) * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558) * Bring back correct legend sizing afer PlotLegend refactor (#31582) * Alerting: Fix bug in Discord for when name for metric value is absent (#31257) * LibraryPanels: Deletes library panels during folder deletion (#31572) * chore: bump lodash to 4.17.21 (#31549) * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518) * TestData: Fixes never ending annotations scenario (#31573) * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498) * propagate plugin unavailable message to UI (#31560) * ConfirmButton: updates story from knobs to controls (#31476) * Loki: Refactor line limit to use grafana/ui component (#31509) * LibraryPanels: Adds folder checks and permissions (#31473) * Add guide on custom option editors (#31254) * PieChart: Update text color and minor changes (#31546) * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036) * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210) * PieChart: Improve piechart legend and options (#31446) * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538) * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539) * Add multiselect options ui (#31501) * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516) * Variables: Fixes error with: cannot read property length of undefined (#31458) * Explore: Show ANSI colored logs in logs context (#31510) * LogsPanel: Show all received logs (#31505) * AddPanel: Design polish (#31484) * TimeSeriesPanel: Remove unnecessary margin from legend (#31467) * influxdb: flux: handle is-hidden (#31324) * Graph: Fix tooltip not showing when close to the edge of viewport (#31493) * FolderPicker: Remove useNewForms from FolderPicker (#31485) * Add reportVariables feature toggle (#31469) * Grafana datasource: support multiple targets (#31495) * Update license-restrictions.md (#31488) * Docs: Derived fields links in logs detail view (#31482) * Docs: Add new data source links to Enterprise page (#31480) * Convert annotations to dataframes (#31400) * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475) * GrafanaUI: Fixes typescript error for missing css prop (#31479) * Login: handle custom token creation error messages (#31283) * Library Panels: Don't list current panel in available panels list (#31472) * DashboardSettings: Migrate Link Settings to React (#31150) * Frontend changes for library panels feature (#30653) * Alerting notifier SensuGo: improvements in default message (#31428) * AppPlugins: Options to disable showing config page in nav (#31354) * add aws config (#31464) * Heatmap: Fix missing/wrong value in heatmap legend (#31430) * Chore: Fixes small typos (#31461) * Graphite/SSE: update graphite to work with server side expressions (#31455) * update the lastest version to 7.4.3 (#31457) * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454) * AWS: Add aws plugin configuration (#31312) * Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452) * Remove UserSyncInfo.tsx (#31450) * Elasticsearch: Add word highlighting to search results (#30293) * Chore: Fix eslint react hook warnings in grafana-ui (#31092) * CloudWatch: Make it possible to specify custom api endpoint (#31402) * Chore: fixed incorrect naming for disable settings (#31448) * TraceViewer: Fix show log marker in spanbar (#30742) * LibraryPanels: Adds permissions to getAllHandler (#31416) * NamedColorsPalette: updates story from knobs to controls (#31443) * 'Release: Updated versions in package to 7.4.3' (#31444) * ColorPicker: updates story from knobs to controls (#31429) * Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431) * ClipboardButton: updates story from knobs to controls (#31422) * we should never log unhashed tokens (#31432) * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407) * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322) * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353) * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362) * TraceViewer: Fix trace to logs icon to show in right pane (#31414) * add hg team as migrations code owners (#31420) * Remove tidy-check script (#31423) * InfluxDB: handle columns named 'table' (#30985) * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401) * Devenv: Add gdev-influxdb2 data source (#31250) * Update grabpl from 0.5.38 to 0.5.42 version (#31419) * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421) * remove squadcast details from docs (#31413) * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297) * Logging: add frontend logging helpers to @grafana/runtime package (#30482) * CallToActionCard: updates story from knobs to controls (#31393) * Add eu-south-1 cloudwatch region, closes #31197 (#31198) * Chore: Upgrade eslint packages (#31408) * Cascader: updates story from knobs to controls (#31399) * addressed issues 28763 and 30314. (#31404) * Added section Query a time series database by id (#31337) * Prometheus: Change default httpMethod for new instances to POST (#31292) * Data source list: Use Card component (#31326) * Chore: Remove gotest.tools dependency (#31391) * Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388) * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387) * AdHocVariables: Fixes crash when values are stored as numbers (#31382) * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379) * Chore: Fix strict errors, down to 416 (#31365) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378) * StoryBook: Introduces Grafana Controls (#31351) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313) * Theming: Support for runtime theme switching and hooks for custom themes (#31301) * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282) * Zipkin: Show success on test data source (#30829) * Update grot template (needs more info) (#31350) * DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347) * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332) * Grafana/UI: Add basic legend to the PieChart (#31278) * SAML: single logout only enabled in enterprise (#31325) * QueryEditor: handle query.hide changes in angular based query-editors (#31336) * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334) * LibraryPanels: Syncs panel title with name (#31311) * Chore: Upgrade golangci-lint (#31330) * Add info to docs about concurrent session limits (#31333) * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316) * BarGuage: updates story from knobs to controls (#31223) * Docs: Clarifies how to add Key/Value pairs (#31303) * Usagestats: Exclude folders from total dashboard count (#31320) * ButtonCascader: updates story from knobs to controls (#31288) * test: allow check for Table as well as Graph for Explore e2e flow (#31290) * Grafana-UI: Update tooltip type (#31310) * fix 7.4.2 release note (#31299) * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285) * Chore: reduce strict errors for variables (#31241) * update latest release version (#31296) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291) * Correct name of Discord notifier tests (#31277) * Docs: Clarifies custom date formats for variables (#31271) * BigValue: updates story from knobs to controls (#31240) * Docs: Annotations update (#31194) * Introduce functions for interacting with library panels API (#30993) * Search: display sort metadata (#31167) * Folders: Editors should be able to edit name and delete folders (#31242) * Make Datetime local (No date if today) working (#31274) * UsageStats: Purpose named variables (#31264) * Snapshots: Disallow anonymous user to create snapshots (#31263) * only update usagestats every 30min (#31131) * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701) * Grafana-UI: Add id to Select to make it easier to test (#31230) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) * UI/Card: Fix handling of 'onClick' callback (#31225) * Loki: Add line limit for annotations (#31183) * Remove deprecated and breaking loki config field (#31227) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) * LibraryPanels: Disconnect before connect during dashboard save (#31235) * Disable Change Password for OAuth users (#27886) * TagsInput: Design update and component refactor (#31163) * Variables: Adds back default option for data source variable (#31208) * IPv6: Support host address configured with enclosing square brackets (#31226) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) * GraphNG: refactor core to class component (#30941) * Remove last synchronisation field from LDAP debug view (#30984) * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975) * Graph: Make axes unit option work even when field option unit is set (#31205) * AlertingNG: Test definition (#30886) * Docs: Update Influx config options (#31146) * WIP: Skip this call when we skip migrations (#31216) * use 0.1.0 (#31215) * DataSourceSrv: Filter out non queryable data sources by default (#31144) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) * Chore: report eslint no-explicit-any errors to metrics (#31182) * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211) * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773) * Alerting: Fix modal text for deleting obsolete notifier (#31171) * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204) * Variables: Fixes missing empty elements from regex filters (#31156) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) * Fixed the typo. (#31189) * Docs: Rewrite preferences docs (#31154) * Explore/Refactor: Simplify URL handling (#29173) * DashboardLinks: Fixes links always cause full page reload (#31178) * Replace PR with Commit truncated hash when build fails (#31177) * Alert: update story to use controls (#31145) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) * Update prometheus.md (#31173) * Variables: Extend option pickers to accept custom onChange callback (#30913) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) * Add author name and pr number in drone pipeline notifications (#31124) * Prometheus: Add documentation for ad-hoc filters (#31122) * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135) * Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079) * Chore: Update latest.json (#31139) * Docs: add 7.4.1 relese notes link (#31137) * PieChart: Progress on new core pie chart (#28020) * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133) * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) * MuxWriter: Handle error for already closed file (#31119) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) * Search: add sort information in dashboard results (#30609) * area/grafana/e2e: ginstall should pull version specified (#31056) * Exemplars: Change CTA style (#30880) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) * Docs: request security (#30937) * update configurePanel for 7.4.0 changes (#31093) * Elasticsearch: fix log row context erroring out (#31088) * Prometheus: Fix issues with ad-hoc filters (#30931) * LogsPanel: Add deduplication option for logs (#31019) * Drone: Make sure CDN upload is ok before pushing docker images (#31075) * PluginManager: Remove some global state (#31081) * test: update addDashboard flow for v7.4.0 changes (#31059) * Transformations: Fixed typo in FilterByValue transformer description. (#31078) * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074) * Usage stats: Adds source/distributor setting (#31039) * CDN: Add CDN upload step to enterprise and release pipelines (#31058) * Chore: Replace native select with grafana ui select (#31030) * Docs: Update json-model.md (#31066) * Docs: Update whats-new-in-v7-4.md (#31069) * Added hyperlinks to Graphite documentation (#31064) * DashboardSettings: Update to new form styles (#31022) * CDN: Fixing drone CI config (#31052) * convert path to posix by default (#31045) * DashboardLinks: Fixes crash when link has no title (#31008) * Alerting: Fixes so notification channels are properly deleted (#31040) * Explore: Remove emotion error when displaying logs (#31026) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) * CDN: Adds uppload to CDN step to drone CI (#30879) * Improved glossary (#31004) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) * Drone: Fix deployment image (#31027) * ColorPicker: migrated styles from sass to emotion (#30909) * Dashboard: Migrate general settings to react (#30914) * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018) * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966) * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017) * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013) * Graph: Fixes so graph is shown for non numeric time values (#30972) * CloudMonitoring: Prevent resource type variable function from crashing (#30901) * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971) * Build: Releases e2e and e2e-selectors too (#31006) * TextPanel: Fixes so panel title is updated when variables change (#30884) * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000) * instrumentation: make the first database histogram bucket smaller (#30995) * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt??? (#30988) * StatPanel: Fixes issue formatting date values using unit option (#30979) * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973) * Units: Fixes formatting of duration units (#30982) * Elasticsearch: Show Size setting for raw_data metric (#30980) * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935) * make sure service and slo display name is passed to segment comp (#30900) * assign changes in cloud datasources to the new cloud datasources team (#30645) * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927) * Theme: Use higher order theme color variables rather then is light/dark logic (#30939) * Docs: Add alias for what's new in 7.4 (#30945) * e2e: extends selector factory to plugins (#30932) * Chore: Upgrade docker build image (#30820) * Docs: updated developer guide (#29978) * Alerts: Update Alert storybook to show more states (#30908) * Variables: Adds queryparam formatting option (#30858) * Chore: pad unknown values with undefined (#30808) * Transformers: add search to transform selection (#30854) * Exemplars: change api to reflect latest changes (#30910) * docs: use selinux relabelling on docker containers (#27685) * Docs: Fix bad image path for alert notification template (#30911) * Make value mappings correctly interpret numeric-like strings (#30893) * Chore: Update latest.json (#30905) * Docs: Update whats-new-in-v7-4.md (#30882) * Dashboard: Ignore changes to dashboard when the user session expires (#30897) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902) * test: add support for timeout to be passed in for addDatasource (#30736) * increase page size and make sure the cache supports query params (#30892) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) * OAuth: custom username docs (#28400) * Panels: Remove value mapping of values that have been formatted #26763 (#30868) * Alerting: Fixes alert panel header icon not showing (#30840) * AlertingNG: Edit Alert Definition (#30676) * Logging: sourcemap support for frontend stacktraces (#30590) * Added 'Restart Grafana' topic. (#30844) * Docs: Org, Team, and User Admin (#30756) * bump grabpl version to 0.5.36 (#30874) * Plugins: Requests validator (#30445) * Docs: Update whats-new-in-v7-4.md (#30876) * Docs: Add server view folder (#30849) * Fixed image name and path (#30871) * Grafana-ui: fixes closing modals with escape key (#30745) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861) * Chart/Tooltip: refactored style declaration (#30824) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853) * Grafana-ui: fixes no data message in Table component (#30821) * grafana/ui: Update pagination component for large number of pages (#30151) * Alerting: Customise OK notification priorities for Pushover notifier (#30169) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) * Chore: Remove panelTime.html, closes #30097 (#30842) * Docs: Time series panel, bar alignment docs (#30780) * Chore: add more docs annotations (#30847) * Transforms: allow boolean in field calculations (#30802) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) * Update prometheus.md with image link fix (#30833) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) * Update license-expiration.md (#30839) * Explore rewrite (#30804) * Prometheus: Set type of labels to string (#30831) * GrafanaUI: Add a way to persistently close InfoBox (#30716) * Fix typo in transformer registry (#30712) * Elasticsearch: Display errors with text responses (#30122) * CDN: Fixes cdn path when Grafana is under sub path (#30822) * TraceViewer: Fix lazy loading (#30700) * FormField: migrated sass styling to emotion (#30392) * AlertingNG: change API permissions (#30781) * Variables: Clears drop down state when leaving dashboard (#30810) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) * Add missing callback dependency (#30797) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343) * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778) * Add width for Variable Editors (#30791) * Chore: Remove warning when calling resource (#30752) * Auth: Use SigV4 lib from grafana-aws-sdk (#30713) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) * GraphNG: add bar alignment option (#30499) * Expressions: Measure total transformation requests and elapsed time (#30514) * Menu: Mark menu components as internal (#30740) * TableInputCSV: migrated styles from sass to emotion (#30554) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772) * CDN: Adds support for serving assets over a CDN (#30691) * PanelEdit: Trigger refresh when changing data source (#30744) * Chore: remove __debug_bin (#30725) * BarChart: add alpha bar chart panel (#30323) * Docs: Time series panel (#30690) * Backend Plugins: Convert test data source to use SDK contracts (#29916) * Docs: Update whats-new-in-v7-4.md (#30747) * Add link to Elasticsearch docs. (#30748) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) * TagsInput: Make placeholder configurable (#30718) * Docs: Add config settings for fonts in reporting (#30421) * Add menu.yaml to .gitignore (#30743) * bump cypress to 6.3.0 (#30644) * Datasource: Use json-iterator configuration compatible with standard library (#30732) * AlertingNG: Update UX to use new PageToolbar component (#30680) * Docs: Add usage insights export feature (#30376) * skip symlinks to directories when generating plugin manifest (#30721) * PluginCiE2E: Upgrade base images (#30696) * Variables: Fixes so text format will show All instead of custom all (#30730) * PanelLibrary: better handling of deleted panels (#30709) * Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724) * Added 'curated dashboards' information and broke down, rearranged topics. (#30659) * Transform: improve the 'outer join' performance/behavior (#30407) * Add alt text to plugin logos (#30710) * Deleted menu.yaml file (#30717) * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000) * Added entry for web server. (#30715) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) * Use connected GraphNG in Explore (#30707) * Fix documentation for streaming data sources (#30704) * PanelLibrary: changes casing of responses and adds meta property (#30668) * Influx: Show all datapoints for dynamically windowed flux query (#30688) * Trace: trace to logs design update (#30637) * DeployImage: Switch base images to Debian (#30684) * Chore: remove CSP debug logging line (#30689) * Docs: 7.4 documentation for expressions (#30524) * PanelEdit: Get rid of last remaining usage of navbar-button (#30682) * Grafana-UI: Fix setting default value for MultiSelect (#30671) * CustomScrollbar: migrated styles from sass to emotion (#30506) * DashboardSettings & PanelEdit: Use new PageToolbar (#30675) * Explore: Fix jumpy live tailing (#30650) * ci(npm-publish): add missing github package token to env vars (#30665) * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588) * AlertingNG: pause/unpause definitions via the API (#30627) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666) * Variables: Fixes display value when using capture groups in regex (#30636) * Docs: Update _index.md (#30655) * Docs: Auditing updates (#30433) * Docs: add hidden_users configuration field (#30435) * Docs: Define TLS/SSL terminology (#30533) * Docs: Fix expressions enabled description (#30589) * Docs: Update ES screenshots (#30598) * Licensing Docs: Adding license restrictions docs (#30216) * Update documentation-style-guide.md (#30611) * Docs: Update queries.md (#30616) * chore(grafana-ui): bump storybook to 6.1.15 (#30642) * DashboardSettings: fixes vertical scrolling (#30640) * Usage Stats: Remove unused method for getting user stats (#30074) * Grafana/UI: Unit picker should not set a category as unit (#30638) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) * AlertingNG: List saved Alert definitions in Alert Rule list (#30603) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) * Grafana/UI: Add disable prop to Segment (#30539) * Variables: Fixes so queries work for numbers values too (#30602) * Admin: Fixes so form values are filled in from backend (#30544) * Docs: Add new override info and add whats new 7.4 links (#30615) * TestData: Improve what's new in v7.4 (#30612) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) * NodeGraph: Add docs (#30504) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570) * Update styling.md guide (#30594) * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583) * Chore(deps): Bump github.com/prometheus/client_golang (#30585) * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587) * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584) * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572) * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474) * Add documentation for Exemplars (#30317) * OldGraph: Fix height issue in Firefox (#30565) * XY Chart: fix editor error with empty frame (no fields) (#30573) * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510) * XY Chart: share legend config with timeseries (#30559) * configuration.md: Document Content Security Policy options (#30413) * DataFrame: cache frame/field index in field state (#30529) * List + before -; rm old Git ref; reformat. (#30543) * Expressions: Add option to disable feature (#30541) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) * Postgres: Convert tests to stdlib (#30536) * Storybook: Migrate card story to use controls (#30535) * AlertingNG: Enable UI to Save Alert Definitions (#30394) * Postgres: Be consistent about TLS/SSL terminology (#30532) * Loki: Append refId to logs uid (#30418) * Postgres: Fix indentation (#30531) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) * updates for e2e docker image (#30465) * GraphNG: uPlot 1.6.2 (#30521) * Docs: Update whats-new-in-v7-4.md (#30520) * Prettier: ignore build and devenv dirs (#30501) * Chore: Upgrade grabpl version (#30486) * Explore: Update styling of buttons (#30493) * Cloud Monitoring: Fix legend naming with display name override (#30440) * GraphNG: Disable Plot logging by default (#30390) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) * Docs: include Makefile option for local assets (#30455) * Footer: Fixes layout issue in footer (#30443) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) * Docs: fix typo in what's new doc (#30489) * Chore: adds wait to e2e test (#30488) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480) * Chore: fix spelling mistake (#30473) * Chore: Restrict internal imports from other packages (#30453) * Docs: What's new fixes and improvements (#30469) * Timeseries: only migrage point size when configured (#30461) * Alerting: Hides threshold handle for percentual thresholds (#30431) * Graph: Fixes so only users with correct permissions can add annotations (#30419) * Chore: update latest version to 7.4.0-beta1 (#30452) * Docs: Add whats new 7.4 links (#30463) * Update whats-new-in-v7-4.md (#30460) * docs: 7.4 what's new (Add expressions note) (#30446) * Chore: Upgrade build pipeline tool (#30456) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) * Expressions: Fix button icon (#30444) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449) * Docs: Fix img link for alert notification template (#30436) * grafana/ui: Fix internal import from grafana/data (#30439) * prevent field config from being overwritten (#30437) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) * Dashboard: Remove template variables option from ShareModal (#30395) * Added doc content for variables inspector code change by Hugo (#30408) * Docs: update license expiration behavior for reporting (#30420) * Chore: use old version format in package.json (#30430) * Chore: upgrade NPM security vulnerabilities (#30397) * 'Release: Updated versions in package to 7.5.0-pre.0' (#30428) * contribute: Add backend and configuration guidelines for PRs (#30426) * Chore: Update what's new URL (#30424) - Update to version 7.4.5 - CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to team-sync. (Enterprise) (bsc#1183811, bsc#1183809) - CVE-2021-28148: Usage insights requires signed in users. (Enterprise) (bsc#1183813) - CVE-2021-27962: Do not allow editors to incorrectly bypass permissions on the default data source. (Enterprise) (bsc#1184371) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3021-1 Released: Mon Sep 13 10:32:31 2021 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1181291,1183561,1184517,1185246,1186348,1188979,1189173 This update for ceph fixes the following issues: - cls/rgw: look for plane entries in non-ascii plain namespace too (bsc#1184517) - rgw: check object locks in multi-object delete (bsc#1185246) - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - mgr/cephadm: pass --container-init to 'cephadm deploy' if specified (bsc#1188979) - mgr/dashboard: Downstream branding: Adapt latest upstream changes to branded navigation component (bsc#1189173) - qa/tasks/salt_manager: allow gatherlogs for files in subdir - qa/tasks/ceph_salt: gather /var/log/ceph/cephadm.out - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - Revert 'cephadm: default container_init to False' (bsc#1188979) - mgr/cephadm: alias rgw-nfs -> nfs (bsc#1181291) - mgr/cephadm: on ssh connection error, advice chmod 0600 (bsc#1183561) - Update _constraints: only honor physical memory, not 'any memory' (e.g. swap). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) From sle-updates at lists.suse.com Wed Sep 15 10:06:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 12:06:47 +0200 (CEST) Subject: SUSE-CU-2021:314-1: Recommended update of ses/7/ceph/ceph Message-ID: <20210915100647.60FABFE11@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:314-1 Container Tags : ses/7/ceph/ceph:15.2.13.79 , ses/7/ceph/ceph:15.2.13.79.5.6 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus Container Release : 5.6 Severity : moderate Type : recommended References : 1177695 ----------------------------------------------------------------- The container ses/7/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2593-1 Released: Mon Aug 2 15:40:22 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1177695 This update for suse-module-tools provides the following fix: - modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695) From sle-updates at lists.suse.com Wed Sep 15 10:07:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 12:07:13 +0200 (CEST) Subject: SUSE-CU-2021:315-1: Security update of ses/7/ceph/ceph Message-ID: <20210915100713.65A38FE11@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:315-1 Container Tags : ses/7/ceph/ceph:15.2.14.84 , ses/7/ceph/ceph:15.2.14.84.6.1 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus Container Release : 6.1 Severity : critical Type : security References : 1172505 1181291 1183561 1183818 1184517 1184614 1185246 1185748 1186348 1188571 1188979 1189173 1189206 1189465 1189465 1189520 1189521 1189521 1189534 1189554 1189683 CVE-2020-12049 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container ses/7/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2816-1 Released: Mon Aug 23 14:16:58 2021 Summary: Optional update for python-kubernetes Type: optional Severity: low References: This patch provides the python3-kubernetes package to the following modules: - Container Module for SUSE Linux Enterprise 15 SP2 - Container Module for SUSE Linux Enterprise 15 SP3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2863-1 Released: Mon Aug 30 08:18:50 2021 Summary: Recommended update for python-dbus-python Type: recommended Severity: moderate References: 1183818 This update for python-dbus-python fixes the following issues: - Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818) - update to 1.2.16: * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present. - Support builds with more than one python3 flavor - Clean duplicate python flavor variables for configure - Version update to version 1.2.14: * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions. * Disable -Winline. * Add clearer license information using SPDX-License-Identifier. * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx. * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag * Silence '-Wcast-function-type' with gcc 8. * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall. * Consistently save and restore the exception indicator when called from C code. - Add missing dependency for pkg-config files - Version update to version 1.2.8: * Python 2.7 required or 3.4 respectively * Upstream dropped epydoc completely - Add dbus-1-python3 package - Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to - When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon - New package: dbus-1-python-devel ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2895-1 Released: Tue Aug 31 19:40:50 2021 Summary: Recommended update for unixODBC Type: recommended Severity: moderate References: This update for unixODBC fixes the following issues: - ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004) - Fix incorrect permission for documentation files. - Update requires and baselibs for new libodbc2. - Employ shared library packaging guideline: new subpacakge libodbc2. - Update to 2.3.9: * Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h - Update to 2.3.8: * Add configure support for editline * SQLDriversW was ignoring user config * SQLDataSources Fix termination character * Fix for pooling seg fault * Make calling SQLSetStmtAttrW call the W function in the driver is its there * Try and fix race condition clearing system odbc.ini file * Remove trailing space from isql/iusql SQL * When setting connection attributes set before connect also check if the W entry poins can be used * Try calling the W error functions first if available in the driver * Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle * iconv handles was being lost when reusing pooled connection * Catch null copy in iniPropertyInsert * Fix a few leaks - Update to 2.3.7: * Fix for pkg-config file update on no linux platforms * Add W entry for GUI work * Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W * Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString * SQLBrowseConnect/W allow disconnecting a started browse session after error * Add --with-stats-ftok-name configure option to allow the selection of a file name used to generate the IPC id when collecting stats. Default is the system odbc.ini file * Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle * bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys * Connection pooling: Fix liveness check for Unicode drivers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3021-1 Released: Mon Sep 13 10:32:31 2021 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1181291,1183561,1184517,1185246,1186348,1188979,1189173 This update for ceph fixes the following issues: - cls/rgw: look for plane entries in non-ascii plain namespace too (bsc#1184517) - rgw: check object locks in multi-object delete (bsc#1185246) - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - mgr/cephadm: pass --container-init to 'cephadm deploy' if specified (bsc#1188979) - mgr/dashboard: Downstream branding: Adapt latest upstream changes to branded navigation component (bsc#1189173) - qa/tasks/salt_manager: allow gatherlogs for files in subdir - qa/tasks/ceph_salt: gather /var/log/ceph/cephadm.out - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - Revert 'cephadm: default container_init to False' (bsc#1188979) - mgr/cephadm: alias rgw-nfs -> nfs (bsc#1181291) - mgr/cephadm: on ssh connection error, advice chmod 0600 (bsc#1183561) - Update _constraints: only honor physical memory, not 'any memory' (e.g. swap). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3034-1 Released: Tue Sep 14 13:49:23 2021 Summary: Recommended update for python-pytz Type: recommended Severity: moderate References: 1185748 This update for python-pytz fixes the following issues: - Add %pyunittest shim for platforms where it is missing. - Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748) - update to 2021.1: * update to IANA 2021a timezone release - update to 2020.5: * update to IANA 2020e timezone release - update to 2020.4: * update to IANA 2020d timezone release - update to version 2020.1: * Test against Python 3.8 and Python 3.9 * Bump version numbers to 2020.1/2020a * use .rst extension name * Make FixedOffset part of public API - Update to 2019.3 * IANA 2019c - Add versioned dependency on timezone database to ensure the correct data is installed - Add a symlink to the system timezone database - update to 2019.2 * IANA 2019b * Defer generating case-insensitive lookups From sle-updates at lists.suse.com Wed Sep 15 10:09:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 12:09:20 +0200 (CEST) Subject: SUSE-CU-2021:316-1: Security update of ses/7/prometheus-webhook-snmp Message-ID: <20210915100920.73D04FE11@maintenance.suse.de> SUSE Container Update Advisory: ses/7/prometheus-webhook-snmp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:316-1 Container Tags : ses/7/prometheus-webhook-snmp:1.4 , ses/7/prometheus-webhook-snmp:1.4.1.315 , ses/7/prometheus-webhook-snmp:latest , ses/7/prometheus-webhook-snmp:sle15.2.octopus Container Release : 1.315 Severity : critical Type : security References : 1102408 1138715 1138746 1176389 1177120 1182421 1182422 1184614 1184994 1185748 1188063 1188127 1188217 1188218 1188219 1188220 1188571 1189206 1189465 1189465 1189520 1189521 1189521 1189534 1189554 1189683 CVE-2020-26137 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33910 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container ses/7/prometheus-webhook-snmp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2817-1 Released: Mon Aug 23 15:05:36 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Type: security Severity: moderate References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3034-1 Released: Tue Sep 14 13:49:23 2021 Summary: Recommended update for python-pytz Type: recommended Severity: moderate References: 1185748 This update for python-pytz fixes the following issues: - Add %pyunittest shim for platforms where it is missing. - Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748) - update to 2021.1: * update to IANA 2021a timezone release - update to 2020.5: * update to IANA 2020e timezone release - update to 2020.4: * update to IANA 2020d timezone release - update to version 2020.1: * Test against Python 3.8 and Python 3.9 * Bump version numbers to 2020.1/2020a * use .rst extension name * Make FixedOffset part of public API - Update to 2019.3 * IANA 2019c - Add versioned dependency on timezone database to ensure the correct data is installed - Add a symlink to the system timezone database - update to 2019.2 * IANA 2019b * Defer generating case-insensitive lookups From sle-updates at lists.suse.com Wed Sep 15 10:15:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 12:15:48 +0200 (CEST) Subject: SUSE-CU-2021:317-1: Security update of ses/7/rook/ceph Message-ID: <20210915101548.38EE0FE11@maintenance.suse.de> SUSE Container Update Advisory: ses/7/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:317-1 Container Tags : ses/7/rook/ceph:1.5.12 , ses/7/rook/ceph:1.5.12.4 , ses/7/rook/ceph:1.5.12.4.1.1756 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus Container Release : 1.1756 Severity : important Type : security References : 1177695 1184994 1187091 1188063 1188127 1188217 1188218 1188219 1188220 1188571 1189683 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33910 CVE-2021-36222 ----------------------------------------------------------------- The container ses/7/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2456-1 Released: Thu Jul 22 15:28:39 2021 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1187091 This update for pam-config fixes the following issues: - Add 'revoke' to the option list for 'pam_keyinit'. - Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2593-1 Released: Mon Aug 2 15:40:22 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1177695 This update for suse-module-tools provides the following fix: - modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] From sle-updates at lists.suse.com Wed Sep 15 13:22:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 15:22:08 +0200 (CEST) Subject: SUSE-SU-2021:3044-1: critical: Security update for ghostscript Message-ID: <20210915132208.46734FCC9@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3044-1 Rating: critical References: #1184123 #1190381 Cross-References: CVE-2021-3781 CVSS scores: CVE-2021-3781 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381) Also a hardening fix was added: - Link as position independent executable (bsc#1184123) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-3044=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-3044=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-3044=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3044=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3044=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3044=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3044=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3044=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3044=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3044=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3044=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3044=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3044=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3044=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3044=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3044=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3044=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Manager Proxy 4.0 (x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 - SUSE CaaS Platform 4.0 (x86_64): ghostscript-9.52-155.1 ghostscript-debuginfo-9.52-155.1 ghostscript-debugsource-9.52-155.1 ghostscript-devel-9.52-155.1 ghostscript-x11-9.52-155.1 ghostscript-x11-debuginfo-9.52-155.1 libspectre-debugsource-0.2.8-3.12.1 libspectre-devel-0.2.8-3.12.1 libspectre1-0.2.8-3.12.1 libspectre1-debuginfo-0.2.8-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-3781.html https://bugzilla.suse.com/1184123 https://bugzilla.suse.com/1190381 From sle-updates at lists.suse.com Wed Sep 15 13:23:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 15:23:33 +0200 (CEST) Subject: SUSE-RU-2021:3043-1: moderate: Recommended update for nvme-cli Message-ID: <20210915132333.9F4A7FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3043-1 Rating: moderate References: #1186719 #1187287 #1187858 #1187860 #1187890 #1189046 #1189195 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: nvme-cli was updated to fix the following issues: - Do not print error message when opening controller (bsc#1186719) - Fix failures during 'nvme list' (bsc#1186719) - Only connect to matching controllers (bsc#1186719) - Skip connect if transport type doesn't match (bsc#1187287 bsc#1187860) - Ignore non live controllers when scanning subsystems (bsc#1186719 bsc#1187287) - Remove UUID validation heuristic (bsc#1187890) - Do not segfault when controller is not available (bsc#1189046) - Use correct default port for discovery (bsc#1189195 bsc#1187858) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3043=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.13-3.7.1 nvme-cli-debuginfo-1.13-3.7.1 nvme-cli-debugsource-1.13-3.7.1 References: https://bugzilla.suse.com/1186719 https://bugzilla.suse.com/1187287 https://bugzilla.suse.com/1187858 https://bugzilla.suse.com/1187860 https://bugzilla.suse.com/1187890 https://bugzilla.suse.com/1189046 https://bugzilla.suse.com/1189195 From sle-updates at lists.suse.com Wed Sep 15 13:25:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 15:25:29 +0200 (CEST) Subject: SUSE-RU-2021:3041-1: important: Create update the package in the update channels Message-ID: <20210915132529.386BEFCC9@maintenance.suse.de> SUSE Recommended Update: Create update the package in the update channels ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3041-1 Rating: important References: #1189738 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Create update to release base-container-licenses to fix bsc#1189738 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3041=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3041=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 i586 ppc64le s390x x86_64): container-suseconnect-2.3.0-1.14.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 i586 ppc64le s390x x86_64): container-suseconnect-2.3.0-1.14.3 References: https://bugzilla.suse.com/1189738 From sle-updates at lists.suse.com Wed Sep 15 13:26:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 15:26:39 +0200 (CEST) Subject: SUSE-RU-2021:3045-1: important: Recommended update for golang-github-vpenso-prometheus_slurm_exporter Message-ID: <20210915132639.43632FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-vpenso-prometheus_slurm_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3045-1 Rating: important References: #1188619 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-vpenso-prometheus_slurm_exporter fixes the following issues: - Update to version 0.19 - GPUs accounting has to be activated explicitly via cmd line option. - Export detailed usage info for every node (CPU, Memory). - With the present version of Slurm (20.11), GPU accounting in the prometheus-slurm-exporter will cause the exporter to terminate, thus it must not be enabled for the time being. (bsc#1188619) - Do not ship sources. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2021-3045=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): golang-github-vpenso-prometheus_slurm_exporter-0.19-3.3.1 References: https://bugzilla.suse.com/1188619 From sle-updates at lists.suse.com Wed Sep 15 13:27:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 15:27:49 +0200 (CEST) Subject: SUSE-RU-2021:3042-1: moderate: Recommended update for nvme-cli Message-ID: <20210915132749.DF48CFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3042-1 Rating: moderate References: #1186719 #1187287 #1187858 #1187860 #1187890 #1189046 #1189195 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: nvme-cli was updated to fix the following issues: - Do not print error message when opening controller (bsc#1186719) - Fix failures during 'nvme list' (bsc#1186719) - Only connect to matching controllers (bsc#1186719) - Skip connect if transport type doesn't match (bsc#1187287 bsc#1187860) - Ignore non live controllers when scanning subsystems (bsc#1186719 bsc#1187287) - Remove UUID validation heuristic (bsc#1187890) - Do not segfault when controller is not available (bsc#1189046) - Use correct default port for discovery (bsc#1189195 bsc#1187858) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3042=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3042=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): nvme-cli-1.10-4.15.1 nvme-cli-debuginfo-1.10-4.15.1 nvme-cli-debugsource-1.10-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): nvme-cli-1.10-4.15.1 nvme-cli-debuginfo-1.10-4.15.1 nvme-cli-debugsource-1.10-4.15.1 References: https://bugzilla.suse.com/1186719 https://bugzilla.suse.com/1187287 https://bugzilla.suse.com/1187858 https://bugzilla.suse.com/1187860 https://bugzilla.suse.com/1187890 https://bugzilla.suse.com/1189046 https://bugzilla.suse.com/1189195 From sle-updates at lists.suse.com Wed Sep 15 19:18:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 21:18:21 +0200 (CEST) Subject: SUSE-RU-2021:3048-1: moderate: Recommended update for libyui Message-ID: <20210915191821.620D5FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libyui ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3048-1 Rating: moderate References: #1174390 #1184363 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libyui fixes the following issues: - Fixed sometimes patch category could be missing in the Online Update screen (bsc#1174390) - Obsolete older documentation packages in favour of updated ones (bsc#1184363) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3048=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3048=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3048=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): libyui-ncurses-rest-api-debugsource-4.1.4-3.3.1 libyui-ncurses-rest-api-devel-4.1.4-3.3.1 libyui-ncurses-rest-api15-4.1.4-3.3.1 libyui-ncurses-rest-api15-debuginfo-4.1.4-3.3.1 libyui-qt-rest-api-debugsource-4.1.4-3.3.1 libyui-qt-rest-api-devel-4.1.4-3.3.1 libyui-qt-rest-api15-4.1.4-3.3.1 libyui-qt-rest-api15-debuginfo-4.1.4-3.3.1 libyui-rest-api-debugsource-4.1.4-3.3.1 libyui-rest-api-devel-4.1.4-3.3.1 libyui-rest-api15-4.1.4-3.3.1 libyui-rest-api15-debuginfo-4.1.4-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libyui-qt-pkg-debugsource-4.1.4-3.3.1 libyui-qt-pkg-devel-4.1.4-3.3.1 libyui-qt-pkg15-4.1.4-3.3.1 libyui-qt-pkg15-debuginfo-4.1.4-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libyui-debugsource-4.1.4-3.3.1 libyui-devel-4.1.4-3.3.1 libyui-ncurses-debugsource-4.1.4-3.3.1 libyui-ncurses-devel-4.1.4-3.3.1 libyui-ncurses-pkg-debugsource-4.1.4-3.3.1 libyui-ncurses-pkg-devel-4.1.4-3.3.1 libyui-ncurses-pkg15-4.1.4-3.3.1 libyui-ncurses-pkg15-debuginfo-4.1.4-3.3.1 libyui-ncurses-tools-4.1.4-3.3.1 libyui-ncurses15-4.1.4-3.3.1 libyui-ncurses15-debuginfo-4.1.4-3.3.1 libyui-qt-debugsource-4.1.4-3.3.1 libyui-qt-devel-4.1.4-3.3.1 libyui-qt-graph-debugsource-4.1.4-3.3.1 libyui-qt-graph-devel-4.1.4-3.3.1 libyui-qt-graph15-4.1.4-3.3.1 libyui-qt-graph15-debuginfo-4.1.4-3.3.1 libyui-qt15-4.1.4-3.3.1 libyui-qt15-debuginfo-4.1.4-3.3.1 libyui15-4.1.4-3.3.1 libyui15-debuginfo-4.1.4-3.3.1 References: https://bugzilla.suse.com/1174390 https://bugzilla.suse.com/1184363 From sle-updates at lists.suse.com Wed Sep 15 19:21:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 21:21:44 +0200 (CEST) Subject: SUSE-RU-2021:3046-1: moderate: Recommended update for grub2 Message-ID: <20210915192144.17821FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3046-1 Rating: moderate References: #1167756 #1186975 #1187565 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix ocasional boot failure after kdump procedure when using XFS (bsc#1186975) - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) - Fix boot failure as journaled data not drained due to abrupt power off after grub-install (bsc#1167756) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3046=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grub2-2.02-121.9.2 grub2-debuginfo-2.02-121.9.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): grub2-debugsource-2.02-121.9.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64): grub2-arm64-efi-2.02-121.9.2 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): grub2-powerpc-ieee1275-2.02-121.9.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): grub2-i386-pc-2.02-121.9.2 grub2-x86_64-efi-2.02-121.9.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): grub2-snapper-plugin-2.02-121.9.2 grub2-systemd-sleep-plugin-2.02-121.9.2 grub2-x86_64-xen-2.02-121.9.2 - SUSE Linux Enterprise Server 12-SP5 (s390x): grub2-s390x-emu-2.02-121.9.2 References: https://bugzilla.suse.com/1167756 https://bugzilla.suse.com/1186975 https://bugzilla.suse.com/1187565 From sle-updates at lists.suse.com Wed Sep 15 19:25:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Sep 2021 21:25:34 +0200 (CEST) Subject: SUSE-RU-2021:3047-1: Recommended update for release-notes-sles-for-sap Message-ID: <20210915192534.DE80CFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3047-1 Rating: low References: #1187664 #1188301 #1188304 #1188305 #1188446 #933411 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - Added note about sapstartsrv-resource-agents (bsc#1188304) - Added note about SAPHanaSR-ScaleOut (bsc#1188301) - Added note about ClusterTools2 (bsc#1188446) - Updated links (bsc#1187664) - Removed mention of SES (bsc#1188305) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-3047=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): release-notes-sles-for-sap-15.3.20210902-3.6.1 References: https://bugzilla.suse.com/1187664 https://bugzilla.suse.com/1188301 https://bugzilla.suse.com/1188304 https://bugzilla.suse.com/1188305 https://bugzilla.suse.com/1188446 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Thu Sep 16 04:16:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 06:16:34 +0200 (CEST) Subject: SUSE-SU-2021:3049-1: important: Includes a kubernetes update to 1.18.20 including a backport for CVE-2021-25741 Message-ID: <20210916041634.4062EFCC9@maintenance.suse.de> SUSE Security Update: Includes a kubernetes update to 1.18.20 including a backport for CVE-2021-25741 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3049-1 Rating: important References: #1182185 #1189416 Cross-References: CVE-2021-25741 CVE-2021-3121 CVSS scores: CVE-2021-25741 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3121 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2021-3121 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: == Kubernetes bsc#1189416 kubernetes issue is a backport of the upstream security fix (CVE-2021-25741): https://github.com/kubernetes/kubernetes/pull/104253 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.5 (aarch64 x86_64): caasp-release-4.5.5-1.19.3 kubernetes-1.18-kubeadm-1.18.20-4.11.3 kubernetes-1.18-kubelet-1.18.20-4.11.3 skuba-2.1.15-3.15.13.2 - SUSE CaaS Platform 4.5 (noarch): release-notes-caasp-4.5.20210907-3.22.3 skuba-update-2.1.15-3.15.13.2 References: https://www.suse.com/security/cve/CVE-2021-25741.html https://www.suse.com/security/cve/CVE-2021-3121.html https://bugzilla.suse.com/1182185 https://bugzilla.suse.com/1189416 From sle-updates at lists.suse.com Thu Sep 16 06:23:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 08:23:25 +0200 (CEST) Subject: SUSE-CU-2021:318-1: Security update of caasp/v4.5/kube-apiserver Message-ID: <20210916062325.D532FFCC9@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:318-1 Container Tags : caasp/v4.5/kube-apiserver:v1.18.10 , caasp/v4.5/kube-apiserver:v1.18.10-rev4 , caasp/v4.5/kube-apiserver:v1.18.10-rev4-build5.8.72 Container Release : 5.8.72 Severity : critical Type : security References : 1029961 1040589 1047218 1047218 1099521 1106014 1153687 1154935 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268 1164719 1167471 1172091 1172115 1172234 1172236 1172240 1172308 1173641 1175448 1175449 1178561 1178577 1178624 1178675 1180851 1181874 1182016 1182372 1182604 1182936 1183268 1183589 1183628 1184326 1184399 1184614 1184761 1184967 1184994 1184997 1184997 1185046 1185221 1185239 1185325 1185331 1185540 1185807 1185958 1186015 1186049 1186114 1186447 1186503 1186579 1187060 1187210 1187212 1187292 1187400 1188063 1188217 1188218 1188219 1188220 1188571 1189206 1189465 1189465 1189520 1189521 1189521 1189534 1189554 1189683 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-24370 CVE-2020-24371 CVE-2020-9327 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3541 CVE-2021-3580 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container caasp/v4.5/kube-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1833-1 Released: Wed Jun 2 15:32:28 2021 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1153687,1180851,1181874,1182372,1182936,1183268,1183589,1183628,1184997,1185239 This update for zypper fixes the following issues: zypper was upgraded to 1.14.44: - man page: Recommend the needs-rebooting command to test whether a system reboot is suggested. - patch: Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) - Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) libzypp was upgraded from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1879-1 Released: Tue Jun 8 09:16:09 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1184326,1184399,1184997,1185325 This update for libzypp, zypper fixes the following issues: libzypp was updated to 17.26.0: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name '.*-kmp(-.*)?' but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. zypper was updated to 1.14.45: - Fix service detection with cgroupv2 (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1161268,1172308 This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2229-1 Released: Thu Jul 1 20:40:37 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521,1185221 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) - Adjust the sles-release changelog to include an entry for the previous release that was reverting a broken change. (bsc#1185221) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available'' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low References: 1047218,1186579 This update for gnutls does not fix any user visible issues. It is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) From sle-updates at lists.suse.com Thu Sep 16 06:24:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 08:24:25 +0200 (CEST) Subject: SUSE-CU-2021:319-1: Security update of caasp/v4.5/kube-controller-manager Message-ID: <20210916062425.7FDF1FCC9@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-controller-manager ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:319-1 Container Tags : caasp/v4.5/kube-controller-manager:v1.18.10 , caasp/v4.5/kube-controller-manager:v1.18.10-rev4 , caasp/v4.5/kube-controller-manager:v1.18.10-rev4-build5.8.55 Container Release : 5.8.55 Severity : critical Type : security References : 1029961 1040589 1047218 1047218 1099521 1106014 1153687 1154935 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268 1164719 1167471 1172091 1172115 1172234 1172236 1172240 1172308 1172505 1173641 1174526 1175448 1175449 1176248 1178561 1178577 1178624 1178675 1180196 1180851 1181291 1181874 1182016 1182372 1182604 1182936 1183268 1183561 1183589 1183628 1184124 1184326 1184399 1184517 1184614 1184761 1184967 1184994 1184997 1184997 1185046 1185221 1185239 1185246 1185325 1185331 1185540 1185619 1185807 1185958 1186015 1186020 1186021 1186049 1186114 1186348 1186447 1186503 1186561 1186579 1187060 1187091 1187105 1187210 1187212 1187292 1187400 1188063 1188217 1188218 1188219 1188220 1188571 1188979 1189173 1189206 1189465 1189465 1189520 1189521 1189521 1189534 1189554 1189683 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-12049 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-24370 CVE-2020-24371 CVE-2020-35512 CVE-2020-9327 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3509 CVE-2021-3524 CVE-2021-3531 CVE-2021-3541 CVE-2021-3580 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container caasp/v4.5/kube-controller-manager was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1773-1 Released: Wed May 26 17:22:21 2021 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issues: - Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1833-1 Released: Wed Jun 2 15:32:28 2021 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1153687,1180851,1181874,1182372,1182936,1183268,1183589,1183628,1184997,1185239 This update for zypper fixes the following issues: zypper was upgraded to 1.14.44: - man page: Recommend the needs-rebooting command to test whether a system reboot is suggested. - patch: Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) - Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) libzypp was upgraded from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1834-1 Released: Wed Jun 2 15:37:04 2021 Summary: Security update for ceph Type: security Severity: important References: 1185619,1186020,1186021,CVE-2021-3509,CVE-2021-3524,CVE-2021-3531 This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - (CVE-2021-3509) fix cookie injection issue (bsc#1186021) - (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020) - (CVE-2021-3524) sanitize \r in s3 CORSConfiguration???s ExposeHeader (bsc#1185619) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1879-1 Released: Tue Jun 8 09:16:09 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1184326,1184399,1184997,1185325 This update for libzypp, zypper fixes the following issues: libzypp was updated to 17.26.0: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name '.*-kmp(-.*)?' but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. zypper was updated to 1.14.45: - Fix service detection with cgroupv2 (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1161268,1172308 This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2093-1 Released: Mon Jun 21 13:31:37 2021 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1174526 This update for ceph fixes the following issues: - updated ceph to upstream version 15.2.13: * mgr/dashboard: allow getting fresh inventory data from the orchestrator (bsc#1174526) The whole upstream changelog can be found here: https://ceph.io/releases/v15-2-13-octopus-released/ ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2178-1 Released: Mon Jun 28 15:56:15 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1186561 This update for systemd-presets-common-SUSE fixes the following issues: When installing the systemd-presets-common-SUSE package for the first time in a new system, it might happen that some services are installed before systemd so the %systemd_pre/post macros would not work. This is handled by enabling all preset services in this package's %posttrans section but it wasn't enabling user services, just system services. Now it enables also the user services installed before this package (bsc#1186561) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2210-1 Released: Wed Jun 30 13:00:09 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184124 This update for lvm2 fixes the following issues: - Link test as position independent executable and update packages with non-PIE binaries. (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2229-1 Released: Thu Jul 1 20:40:37 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521,1185221 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) - Adjust the sles-release changelog to include an entry for the previous release that was reverting a broken change. (bsc#1185221) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2233-1 Released: Fri Jul 2 12:49:43 2021 Summary: Recommended update for rdma-core Type: recommended Severity: moderate References: 1176248,1180196 This update for rdma-core fixes the following issues: Update to v31.0 (jsc#SLE-15657, jsc#SLE-15731, jsc#SLE-15743, jsc#SLE-15810, jsc#ECO-3504) - Keep `rxe_cfg` binary available for SUSE Linux Enterprise 15-SP2 (bsc#1176248) - Make sure `srp_daemon` is loaded at boot if enabled (bsc#1180196) - Fix support of older providers with newer `rdma-core` internal ABI ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available'' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low References: 1047218,1186579 This update for gnutls does not fix any user visible issues. It is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2292-1 Released: Mon Jul 12 08:25:20 2021 Summary: Security update for dbus-1 Type: security Severity: important References: 1187105,CVE-2020-35512 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2456-1 Released: Thu Jul 22 15:28:39 2021 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1187091 This update for pam-config fixes the following issues: - Add 'revoke' to the option list for 'pam_keyinit'. - Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3015-1 Released: Sat Sep 11 13:49:16 2021 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1181291,1183561,1184517,1185246,1186348,1188979,1189173 This update for ceph fixes the following issues: - cls/rgw: look for plane entries in non-ascii plain namespace too (bsc#1184517) - rgw: check object locks in multi-object delete (bsc#1185246) - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - mgr/cephadm: pass --container-init to 'cephadm deploy' if specified (bsc#1188979) - mgr/dashboard: Downstream branding: Adapt latest upstream changes to branded navigation component (bsc#1189173) - qa/tasks/salt_manager: allow gatherlogs for files in subdir - qa/tasks/ceph_salt: gather /var/log/ceph/cephadm.out - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - Revert 'cephadm: default container_init to False' (bsc#1188979) - mgr/cephadm: alias rgw-nfs -> nfs (bsc#1181291) - mgr/cephadm: on ssh connection error, advice chmod 0600 (bsc#1183561) - Update _constraints: only honor physical memory, not 'any memory' (e.g. swap). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) From sle-updates at lists.suse.com Thu Sep 16 06:25:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 08:25:20 +0200 (CEST) Subject: SUSE-CU-2021:320-1: Security update of caasp/v4.5/kube-proxy Message-ID: <20210916062520.DC289FCC9@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-proxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:320-1 Container Tags : caasp/v4.5/kube-proxy:v1.18.10 , caasp/v4.5/kube-proxy:v1.18.10-rev4 , caasp/v4.5/kube-proxy:v1.18.10-rev4-build5.8.53 Container Release : 5.8.53 Severity : critical Type : security References : 1029961 1040589 1047218 1047218 1099521 1106014 1153687 1154935 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268 1164719 1167471 1172091 1172115 1172234 1172236 1172240 1172308 1172505 1173641 1175448 1175449 1178561 1178577 1178624 1178675 1180851 1181874 1182016 1182372 1182604 1182936 1183268 1183589 1183628 1184124 1184326 1184399 1184614 1184761 1184967 1184994 1184997 1184997 1185046 1185221 1185239 1185325 1185331 1185540 1185807 1185958 1186015 1186049 1186114 1186447 1186503 1186561 1186579 1187060 1187091 1187105 1187210 1187212 1187292 1187400 1188063 1188217 1188218 1188219 1188220 1188571 1189206 1189465 1189465 1189520 1189521 1189521 1189534 1189554 1189683 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-12049 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-24370 CVE-2020-24371 CVE-2020-35512 CVE-2020-9327 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3541 CVE-2021-3580 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container caasp/v4.5/kube-proxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1833-1 Released: Wed Jun 2 15:32:28 2021 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1153687,1180851,1181874,1182372,1182936,1183268,1183589,1183628,1184997,1185239 This update for zypper fixes the following issues: zypper was upgraded to 1.14.44: - man page: Recommend the needs-rebooting command to test whether a system reboot is suggested. - patch: Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) - Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) libzypp was upgraded from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1879-1 Released: Tue Jun 8 09:16:09 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1184326,1184399,1184997,1185325 This update for libzypp, zypper fixes the following issues: libzypp was updated to 17.26.0: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name '.*-kmp(-.*)?' but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. zypper was updated to 1.14.45: - Fix service detection with cgroupv2 (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1161268,1172308 This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2178-1 Released: Mon Jun 28 15:56:15 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1186561 This update for systemd-presets-common-SUSE fixes the following issues: When installing the systemd-presets-common-SUSE package for the first time in a new system, it might happen that some services are installed before systemd so the %systemd_pre/post macros would not work. This is handled by enabling all preset services in this package's %posttrans section but it wasn't enabling user services, just system services. Now it enables also the user services installed before this package (bsc#1186561) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2210-1 Released: Wed Jun 30 13:00:09 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184124 This update for lvm2 fixes the following issues: - Link test as position independent executable and update packages with non-PIE binaries. (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2229-1 Released: Thu Jul 1 20:40:37 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521,1185221 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) - Adjust the sles-release changelog to include an entry for the previous release that was reverting a broken change. (bsc#1185221) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available'' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low References: 1047218,1186579 This update for gnutls does not fix any user visible issues. It is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2292-1 Released: Mon Jul 12 08:25:20 2021 Summary: Security update for dbus-1 Type: security Severity: important References: 1187105,CVE-2020-35512 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2456-1 Released: Thu Jul 22 15:28:39 2021 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1187091 This update for pam-config fixes the following issues: - Add 'revoke' to the option list for 'pam_keyinit'. - Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) From sle-updates at lists.suse.com Thu Sep 16 06:26:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 08:26:12 +0200 (CEST) Subject: SUSE-CU-2021:321-1: Security update of caasp/v4.5/kube-scheduler Message-ID: <20210916062612.A0C13FCC9@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-scheduler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:321-1 Container Tags : caasp/v4.5/kube-scheduler:v1.18.10 , caasp/v4.5/kube-scheduler:v1.18.10-rev4 , caasp/v4.5/kube-scheduler:v1.18.10-rev4-build5.8.71 Container Release : 5.8.71 Severity : critical Type : security References : 1029961 1040589 1047218 1047218 1099521 1106014 1153687 1154935 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268 1164719 1167471 1172091 1172115 1172234 1172236 1172240 1172308 1173641 1175448 1175449 1178561 1178577 1178624 1178675 1180851 1181874 1182016 1182372 1182604 1182936 1183268 1183589 1183628 1184326 1184399 1184614 1184761 1184967 1184994 1184997 1184997 1185046 1185221 1185239 1185325 1185331 1185540 1185807 1185958 1186015 1186049 1186114 1186447 1186503 1186579 1187060 1187210 1187212 1187292 1187400 1188063 1188217 1188218 1188219 1188220 1188571 1189206 1189465 1189465 1189520 1189521 1189521 1189534 1189554 1189683 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-24370 CVE-2020-24371 CVE-2020-9327 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3541 CVE-2021-3580 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container caasp/v4.5/kube-scheduler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1833-1 Released: Wed Jun 2 15:32:28 2021 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1153687,1180851,1181874,1182372,1182936,1183268,1183589,1183628,1184997,1185239 This update for zypper fixes the following issues: zypper was upgraded to 1.14.44: - man page: Recommend the needs-rebooting command to test whether a system reboot is suggested. - patch: Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) - Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) libzypp was upgraded from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1879-1 Released: Tue Jun 8 09:16:09 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1184326,1184399,1184997,1185325 This update for libzypp, zypper fixes the following issues: libzypp was updated to 17.26.0: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name '.*-kmp(-.*)?' but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. zypper was updated to 1.14.45: - Fix service detection with cgroupv2 (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1161268,1172308 This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2229-1 Released: Thu Jul 1 20:40:37 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521,1185221 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) - Adjust the sles-release changelog to include an entry for the previous release that was reverting a broken change. (bsc#1185221) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available'' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low References: 1047218,1186579 This update for gnutls does not fix any user visible issues. It is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) From sle-updates at lists.suse.com Thu Sep 16 10:19:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 12:19:31 +0200 (CEST) Subject: SUSE-RU-2021:3051-1: moderate: Recommended update for lvm2 Message-ID: <20210916101931.4880EFE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3051-1 Rating: moderate References: #1188202 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lvm2 fixes the following issues: - Update from version 2.02.180 to 2.02.188 (bsc#1188202) - Fix problem with unbound variable usage within fsadm. - Avoid removing LVs on error path of lvconvert during creation volumes. - Fix crashing lvdisplay when thin volume was waiting for merge. - Support option '--errorwhenfull' when converting volume to thin-pool. - Improve thin-performance profile support conversion to thin-pool. - Support resize of cached volumes. - Allocation prints better error when metadata cannot fit on a single PV. - Pvmove can better resolve full thin-pool tree move. - Limit pool metadata spare to 16GiB. - Improves conversion and allocation of pool metadata. - Support thin pool metadata 15.88GiB, adds 64MiB, thin_pool_crop_metadata=0. - Enhance lvdisplay to report raid available/partial. - Enhance error handling for fsadm and handle correct fsck result. - Stop logging rename errors from persistent filter. - Dmeventd lvm plugin ignores higher reserved_stack lvm.conf values. - Support using BLKZEROOUT for clearing devices. - Support interruption when wipping LVs. - Add configure '--enable-editline' support as an alternative to readline. - Zero pool metadata on allocation (disable with allocation/zero_metadata=0). - Failure in zeroing or wiping will fail command (bypass with -Zn, -Wn). - Fix support for 'lvconvert --repair' used by foreign apps (i.e. Docker). - Support interruption for bcache waiting. - Fix bcache when device has too many failing writes. - Fix bcache waiting for IO completion with failing disks. - Configure use own python path name order to prefer using python3. - Enhance reporting and error handling when creating thin volumes. - Use revert_lv() on reload error path after vg_revert(). - Improve estimation of needed extents when creating thin-pool. - Use extra 1% when resizing thin-pool metadata LV with --use-policy. - Enhance '--use-policy' percentage rounding. - Switch code base to use flexible array syntax. - Preserve uint32_t for seqno handling. - Switch from mmap to plain read when loading regular files. - Fix running out of free buffers for async writing for larger writes. - Fix conversion to raid from striped lagging type. - Fix conversion to 'mirrored' mirror log with larger regionsize. - Avoid running cache input arg validation when creating vdo pool. - Prevent raid reshaping of stacked volumes. - Ensure minimum required region size on striped RaidLV creation. - Fix resize of thin-pool with data and metadata of different segtype. - Fix splitting mirror leg in cluster. - Fix activation order when removing merged snapshot. - Add support for DM_DEVICE_GET_TARGET_VERSION into device_mapper. - Add lvextend-raid.sh to check on RaidLV extensions synchronization. - Fix lvmetad shutdown and avoid lenghty timeouts when rebooting system. - Prevent creating VGs with PVs with different logical block sizes. - Pvmove runs in exclusively activating mode for exclusively active LVs. - Activate thin-pool layered volume as 'read-only' device. - Ignore crypto devices with UUID signature CRYPT-SUBDEV. - Enhance validation for thin and cache pool conversion and swapping. - Fixed activation on boot - lvm2 no longer activates incomplete VGs. - Improve internal removal of cached devices. - Synchronize with udev when dropping snapshot. - Add missing device synchronization point before removing pvmove node. - Correctly set read_ahead for LVs when pvmove is finished. - Fix metadata writes from corrupting with large physical block size. - Report no_discard_passdown for cache LVs with lvs -o+kernel_discards. - Prevent shared active mirror LVs with lvmlockd. - Fix change of monitoring in clustered volumes. - Improve -lXXX%VG modifier which improves cache segment estimation. - Add synchronization with udev before removing cached devices. - Fix missing growth of _pmspare volume when extending _tmeta volume. - Automatically grow thin metadata, when thin data gets too big. - Add support for vgsplit with cached devices. - Fix signal delivery checking race in libdaemon (lvmetad). - Add missing Before=shutdown.target to LVM2 services to fix shutdown ordering. - Fix (de)activation of RaidLVs with visible SubLVs - Change scan_lvs default to 0 so LVs are not scanned for PVs. - Add scan_lvs config setting to control if lvm scans LVs for PVs. - Fix missing proper initialization of pv_list struct when adding pv. - Avoid disabling lvmetad when repair does nothing. - Fix component detection for md version 0.90. - Use sync io if async io_setup fails, or use_aio=0 is set in config. - Avoid opening devices to get block size by using existing open fd. - Fix possible write race between last metadata block and the first extent. - Fix filtering of md 1.0 devices so they are not seen as duplicate PVs. - Fix lvconvert striped/raid0/raid0_meta -> raid6 regression. - Add After=rbdmap.service to {lvm2-activation-net,blk-availability}.service. - Fix pvs with lvmetad to avoid too many open files from filter reads. - Fix pvscan --cache to avoid too many open files from filter reads. - Reduce max concurrent aios to avoid EMFILE with many devices. - Fix lvconvert conversion attempts to linear. - Fix lvconvert raid0/raid0_meta -> striped regression. - Fix lvconvert --splitmirror for mirror type (2.02.178). - Do not pair cache policy and cache metadata format. - Fix mirrors honoring read_only_volume_list. - Reject conversions on raid1 LVs with split tracked SubLVs. - Reject conversions on raid1 split tracked SubLVs. - Fix dmstats list failing when no regions exist. - Reject conversions of LVs under snapshot. - Limit suggested options on incorrect option for lvconvert subcommand. - Add dm_tree_node_add_thin_pool_target_v1 with crop_metadata support. - Add support for VDO in blkdeactivate script. - Try to remove all created devices on dm preload tree error path. - Fix dm_list iterators with gcc 10 optimization (-ftree-pta). - Dmeventd handles timer without looping on short intervals. - Add support for DM_DEVICE_GET_TARGET_VERSION. - Add debug of dmsetup udevcomplete with hexa print DM_COOKIE_COMPLETED. - Fix versioning of dm_stats_create_region and dm_stats_create_region. - Parsing of cache status understand no_discard_passdown. - Ensure migration_threshold for cache is at least 8 chunks. - Enhance ioctl flattening and add parameters only when needed. - Add DM_DEVICE_ARM_POLL for API completeness matching kernel. - Do not add parameters for RESUME with DM_DEVICE_CREATE dm task. - Fix dmstats report printing no output. - Add hot fix to avoiding locking collision when monitoring thin-pools. - Add vdo plugin for monitoring VDO devices. - Relevant changes for 'lvm.conf' - [value change] global/cache_check_executable: "autodetect" to "/usr/sbin/cache_check" - [value change] global/cache_dump_executable = "autodetect" to "/usr/sbin/cache_dump" - [value change] global/cache_repair_executable: "autodetect" to "/usr/sbin/cache_repair" - [value change] global/cache_check_options: [ "-q" ] to [ "-q", "--clear-needs-check-flag" ] - [value change] dmeventd/executable: "" to "/usr/sbin/dmeventd" - [item add] devices/scan_lvs = 0. - [item add] allocation/thin_pool_crop_metadata = 0 - [item add] allocation/zero_metadata = 1 - [item add] global/fsadm_executable = "/usr/sbin/fsadm" - [item add] global/io_memory_size = 8192 - [item add] log/debug_classes: add "io" - [item add] dmeventd/raid_library = "libdevmapper-event-lvm2raid.so" - [item add] add section tags - [no support] global/fallback_to_lvm1 - [no support] global/format - [no support] detect_internal_vg_cache_corruption = 0 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3051=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3051=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-3051=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-devel-1.02.172-12.3.1 lvm2-debuginfo-2.02.188-12.3.1 lvm2-debugsource-2.02.188-12.3.1 lvm2-devel-2.02.188-12.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.172-12.3.1 device-mapper-debuginfo-1.02.172-12.3.1 lvm2-2.02.188-12.3.1 lvm2-debuginfo-2.02.188-12.3.1 lvm2-debugsource-2.02.188-12.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): device-mapper-32bit-1.02.172-12.3.1 device-mapper-debuginfo-32bit-1.02.172-12.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): lvm2-clvm-2.02.188-12.3.1 lvm2-clvm-debuginfo-2.02.188-12.3.1 lvm2-cmirrord-2.02.188-12.3.1 lvm2-cmirrord-debuginfo-2.02.188-12.3.1 lvm2-debuginfo-2.02.188-12.3.1 lvm2-debugsource-2.02.188-12.3.1 References: https://bugzilla.suse.com/1188202 From sle-updates at lists.suse.com Thu Sep 16 13:19:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 15:19:54 +0200 (CEST) Subject: SUSE-SU-2021:3073-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP5) Message-ID: <20210916131954.B0F4DFE11@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3073-1 Rating: important References: #1189278 #1189418 #1189420 Cross-References: CVE-2021-3653 CVE-2021-3656 CVE-2021-38198 CVSS scores: CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_80 fixes several issues. The following security issues were fixed: - CVE-2021-3653: Fixed missing validation of the KVM `int_ctl` VMCB field that would have allowed a malicious L1 guest to enable AVIC support for the L2 guest (bsc#1189420). - CVE-2021-3656: Fixed KVM nSVM nested VMLOAD/VMSAVE interception (bsc#1189418). - CVE-2021-38198: Fixed KVM MMU to use the correct inherited permissions to get shadow page (bsc#1189278). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3109=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-3110=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-3111=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-3112=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-3113=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-3114=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3093=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3094=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3095=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3096=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3097=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3098=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3099=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3100=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3101=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3102=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3103=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3104=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3105=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3106=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3107=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-3108=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-3081=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3082=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3083=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3084=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3085=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3086=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3087=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3088=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3089=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3090=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3091=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-3092=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-3075=1 SUSE-SLE-Module-Live-Patching-15-2021-3076=1 SUSE-SLE-Module-Live-Patching-15-2021-3077=1 SUSE-SLE-Module-Live-Patching-15-2021-3078=1 SUSE-SLE-Module-Live-Patching-15-2021-3079=1 SUSE-SLE-Module-Live-Patching-15-2021-3080=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-3061=1 SUSE-SLE-Live-Patching-12-SP5-2021-3062=1 SUSE-SLE-Live-Patching-12-SP5-2021-3063=1 SUSE-SLE-Live-Patching-12-SP5-2021-3064=1 SUSE-SLE-Live-Patching-12-SP5-2021-3065=1 SUSE-SLE-Live-Patching-12-SP5-2021-3066=1 SUSE-SLE-Live-Patching-12-SP5-2021-3067=1 SUSE-SLE-Live-Patching-12-SP5-2021-3068=1 SUSE-SLE-Live-Patching-12-SP5-2021-3069=1 SUSE-SLE-Live-Patching-12-SP5-2021-3070=1 SUSE-SLE-Live-Patching-12-SP5-2021-3071=1 SUSE-SLE-Live-Patching-12-SP5-2021-3072=1 SUSE-SLE-Live-Patching-12-SP5-2021-3073=1 SUSE-SLE-Live-Patching-12-SP5-2021-3074=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-3054=1 SUSE-SLE-Live-Patching-12-SP4-2021-3055=1 SUSE-SLE-Live-Patching-12-SP4-2021-3056=1 SUSE-SLE-Live-Patching-12-SP4-2021-3057=1 SUSE-SLE-Live-Patching-12-SP4-2021-3058=1 SUSE-SLE-Live-Patching-12-SP4-2021-3059=1 SUSE-SLE-Live-Patching-12-SP4-2021-3060=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-57-default-6-3.2 kernel-livepatch-5_3_18-57-default-debuginfo-6-3.2 kernel-livepatch-5_3_18-59_10-default-4-2.3 kernel-livepatch-5_3_18-59_10-default-debuginfo-4-2.3 kernel-livepatch-5_3_18-59_13-default-4-2.3 kernel-livepatch-5_3_18-59_13-default-debuginfo-4-2.3 kernel-livepatch-5_3_18-59_16-default-3-2.3 kernel-livepatch-5_3_18-59_19-default-2-2.3 kernel-livepatch-5_3_18-59_5-default-4-2.3 kernel-livepatch-5_3_18-59_5-default-debuginfo-4-2.3 kernel-livepatch-SLE15-SP3_Update_0-debugsource-6-3.2 kernel-livepatch-SLE15-SP3_Update_1-debugsource-4-2.3 kernel-livepatch-SLE15-SP3_Update_2-debugsource-4-2.3 kernel-livepatch-SLE15-SP3_Update_3-debugsource-4-2.3 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_15-default-14-2.3 kernel-livepatch-5_3_18-24_15-default-debuginfo-14-2.3 kernel-livepatch-5_3_18-24_24-default-14-2.3 kernel-livepatch-5_3_18-24_24-default-debuginfo-14-2.3 kernel-livepatch-5_3_18-24_29-default-12-2.3 kernel-livepatch-5_3_18-24_29-default-debuginfo-12-2.3 kernel-livepatch-5_3_18-24_34-default-12-2.3 kernel-livepatch-5_3_18-24_34-default-debuginfo-12-2.3 kernel-livepatch-5_3_18-24_37-default-12-2.3 kernel-livepatch-5_3_18-24_37-default-debuginfo-12-2.3 kernel-livepatch-5_3_18-24_43-default-11-2.3 kernel-livepatch-5_3_18-24_43-default-debuginfo-11-2.3 kernel-livepatch-5_3_18-24_46-default-11-2.3 kernel-livepatch-5_3_18-24_46-default-debuginfo-11-2.3 kernel-livepatch-5_3_18-24_49-default-10-2.3 kernel-livepatch-5_3_18-24_49-default-debuginfo-10-2.3 kernel-livepatch-5_3_18-24_52-default-9-2.3 kernel-livepatch-5_3_18-24_52-default-debuginfo-9-2.3 kernel-livepatch-5_3_18-24_53_4-default-4-2.3 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-4-2.3 kernel-livepatch-5_3_18-24_61-default-6-2.3 kernel-livepatch-5_3_18-24_61-default-debuginfo-6-2.3 kernel-livepatch-5_3_18-24_64-default-6-2.3 kernel-livepatch-5_3_18-24_64-default-debuginfo-6-2.3 kernel-livepatch-5_3_18-24_67-default-4-2.3 kernel-livepatch-5_3_18-24_67-default-debuginfo-4-2.3 kernel-livepatch-5_3_18-24_70-default-4-2.3 kernel-livepatch-5_3_18-24_70-default-debuginfo-4-2.3 kernel-livepatch-5_3_18-24_75-default-3-2.3 kernel-livepatch-5_3_18-24_75-default-debuginfo-3-2.3 kernel-livepatch-5_3_18-24_78-default-2-2.3 kernel-livepatch-5_3_18-24_78-default-debuginfo-2-2.3 kernel-livepatch-SLE15-SP2_Update_10-debugsource-10-2.3 kernel-livepatch-SLE15-SP2_Update_11-debugsource-9-2.3 kernel-livepatch-SLE15-SP2_Update_12-debugsource-6-2.3 kernel-livepatch-SLE15-SP2_Update_13-debugsource-6-2.3 kernel-livepatch-SLE15-SP2_Update_14-debugsource-4-2.3 kernel-livepatch-SLE15-SP2_Update_15-debugsource-4-2.3 kernel-livepatch-SLE15-SP2_Update_16-debugsource-4-2.3 kernel-livepatch-SLE15-SP2_Update_17-debugsource-3-2.3 kernel-livepatch-SLE15-SP2_Update_18-debugsource-2-2.3 kernel-livepatch-SLE15-SP2_Update_3-debugsource-14-2.3 kernel-livepatch-SLE15-SP2_Update_4-debugsource-14-2.3 kernel-livepatch-SLE15-SP2_Update_5-debugsource-12-2.3 kernel-livepatch-SLE15-SP2_Update_6-debugsource-12-2.3 kernel-livepatch-SLE15-SP2_Update_7-debugsource-12-2.3 kernel-livepatch-SLE15-SP2_Update_8-debugsource-11-2.3 kernel-livepatch-SLE15-SP2_Update_9-debugsource-11-2.3 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_56-default-14-2.2 kernel-livepatch-4_12_14-197_61-default-13-2.2 kernel-livepatch-4_12_14-197_64-default-12-2.2 kernel-livepatch-4_12_14-197_67-default-12-2.2 kernel-livepatch-4_12_14-197_72-default-11-2.2 kernel-livepatch-4_12_14-197_75-default-11-2.2 kernel-livepatch-4_12_14-197_78-default-11-2.2 kernel-livepatch-4_12_14-197_83-default-10-2.2 kernel-livepatch-4_12_14-197_86-default-9-2.2 kernel-livepatch-4_12_14-197_89-default-6-2.2 kernel-livepatch-4_12_14-197_92-default-5-2.2 kernel-livepatch-4_12_14-197_99-default-3-2.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_58-default-14-2.2 kernel-livepatch-4_12_14-150_58-default-debuginfo-14-2.2 kernel-livepatch-4_12_14-150_63-default-12-2.2 kernel-livepatch-4_12_14-150_63-default-debuginfo-12-2.2 kernel-livepatch-4_12_14-150_66-default-10-2.3 kernel-livepatch-4_12_14-150_66-default-debuginfo-10-2.3 kernel-livepatch-4_12_14-150_69-default-9-2.2 kernel-livepatch-4_12_14-150_69-default-debuginfo-9-2.2 kernel-livepatch-4_12_14-150_72-default-6-2.2 kernel-livepatch-4_12_14-150_72-default-debuginfo-6-2.2 kernel-livepatch-4_12_14-150_75-default-3-2.2 kernel-livepatch-4_12_14-150_75-default-debuginfo-3-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_37-default-16-2.2 kgraft-patch-4_12_14-122_41-default-15-2.2 kgraft-patch-4_12_14-122_46-default-13-2.2 kgraft-patch-4_12_14-122_51-default-13-2.2 kgraft-patch-4_12_14-122_54-default-11-2.2 kgraft-patch-4_12_14-122_57-default-11-2.2 kgraft-patch-4_12_14-122_60-default-10-2.2 kgraft-patch-4_12_14-122_63-default-9-2.2 kgraft-patch-4_12_14-122_66-default-7-2.2 kgraft-patch-4_12_14-122_71-default-6-2.2 kgraft-patch-4_12_14-122_74-default-4-2.2 kgraft-patch-4_12_14-122_77-default-4-2.2 kgraft-patch-4_12_14-122_80-default-3-2.2 kgraft-patch-4_12_14-122_83-default-2-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_60-default-14-2.2 kgraft-patch-4_12_14-95_65-default-11-2.2 kgraft-patch-4_12_14-95_68-default-10-2.2 kgraft-patch-4_12_14-95_71-default-9-2.2 kgraft-patch-4_12_14-95_74-default-6-2.2 kgraft-patch-4_12_14-95_77-default-5-2.2 kgraft-patch-4_12_14-95_80-default-3-2.2 References: https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-38198.html https://bugzilla.suse.com/1189278 https://bugzilla.suse.com/1189418 https://bugzilla.suse.com/1189420 From sle-updates at lists.suse.com Thu Sep 16 13:27:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 15:27:38 +0200 (CEST) Subject: SUSE-RU-2021:3053-1: Recommended update for sle-module-python2-release Message-ID: <20210916132738.7C622FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-python2-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3053-1 Rating: low References: MSC-132 MSC-166 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for sle-module-python2-release provides the following fix: - Adjusted the EOL date for the Python 2 module. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-3053=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): sle-module-python2-release-15.2-51.1 References: From sle-updates at lists.suse.com Thu Sep 16 13:30:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 15:30:33 +0200 (CEST) Subject: SUSE-RU-2021:3052-1: moderate: Recommended update for lshw Message-ID: <20210916133034.01986FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for lshw ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3052-1 Rating: moderate References: SLE-19399 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for lshw fixes the following issues: - Update to version B.02.19.2+git.20210619 (jsc#SLE-19399) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3052=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3052=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le x86_64): lshw-B.02.19.2+git.20210619-3.9.1 lshw-debuginfo-B.02.19.2+git.20210619-3.9.1 lshw-debugsource-B.02.19.2+git.20210619-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): lshw-lang-B.02.19.2+git.20210619-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le x86_64): lshw-B.02.19.2+git.20210619-3.9.1 lshw-debuginfo-B.02.19.2+git.20210619-3.9.1 lshw-debugsource-B.02.19.2+git.20210619-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): lshw-lang-B.02.19.2+git.20210619-3.9.1 References: From sle-updates at lists.suse.com Thu Sep 16 16:17:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 18:17:32 +0200 (CEST) Subject: SUSE-RU-2021:3115-1: moderate: Recommended update for mozilla-nspr, mozilla-nss Message-ID: <20210916161732.63AC5FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3115-1 Rating: moderate References: #1029961 #1174697 #1176206 #1176934 #1179382 #1188891 Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports("vsx") with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the ???Staat der Nederlanden Root CA - G3??? root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008???. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt "cachedCertTable" * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_rele ase_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting "all" as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add "certSIGN Root CA G2" root certificate. * bmo#1645174 - Add Microsec's "e-Szigno Root CA 2017" root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for "O=Government Root Certification Authority; C=TW" root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove "LuxTrust Global Root 2" root certificate. * bmo#1639987 - Remove "Staat der Nederlanden Root CA - G2" root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3115=1 - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-3115=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-3115=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-3115=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3115=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3115=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3115=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3115=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3115=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3115=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3115=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3115=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3115=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3115=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3115=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3115=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3115=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3115=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Manager Server 4.0 (x86_64): libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libfreebl3-3.68-3.56.1 libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Manager Proxy 4.0 (x86_64): libfreebl3-3.68-3.56.1 libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libfreebl3-3.68-3.56.1 libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 - SUSE Enterprise Storage 6 (x86_64): libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 - SUSE CaaS Platform 4.0 (x86_64): libfreebl3-3.68-3.56.1 libfreebl3-32bit-3.68-3.56.1 libfreebl3-32bit-debuginfo-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libfreebl3-hmac-32bit-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-32bit-3.68-3.56.1 libsoftokn3-32bit-debuginfo-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 libsoftokn3-hmac-32bit-3.68-3.56.1 mozilla-nspr-32bit-4.32-3.20.1 mozilla-nspr-32bit-debuginfo-4.32-3.20.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nspr-devel-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-32bit-3.68-3.56.1 mozilla-nss-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-32bit-3.68-3.56.1 mozilla-nss-certs-32bit-debuginfo-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-devel-3.68-3.56.1 mozilla-nss-sysinit-3.68-3.56.1 mozilla-nss-sysinit-debuginfo-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1174697 https://bugzilla.suse.com/1176206 https://bugzilla.suse.com/1176934 https://bugzilla.suse.com/1179382 https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Thu Sep 16 16:19:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 18:19:33 +0200 (CEST) Subject: SUSE-SU-2021:3117-1: moderate: Security update for Mesa Message-ID: <20210916161933.0AD8FFCC9@maintenance.suse.de> SUSE Security Update: Security update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3117-1 Rating: moderate References: #1156015 Cross-References: CVE-2019-5068 CVSS scores: CVE-2019-5068 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2019-5068 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3117=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3117=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x): libxatracker-devel-1.0.0-104.9.49 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): Mesa-11.2.1-104.9.49 Mesa-32bit-11.2.1-104.9.49 Mesa-debuginfo-11.2.1-104.9.49 Mesa-debuginfo-32bit-11.2.1-104.9.49 Mesa-debugsource-11.2.1-104.9.49 Mesa-libEGL1-11.2.1-104.9.49 Mesa-libEGL1-32bit-11.2.1-104.9.49 Mesa-libEGL1-debuginfo-11.2.1-104.9.49 Mesa-libEGL1-debuginfo-32bit-11.2.1-104.9.49 Mesa-libGL1-11.2.1-104.9.49 Mesa-libGL1-32bit-11.2.1-104.9.49 Mesa-libGL1-debuginfo-11.2.1-104.9.49 Mesa-libGL1-debuginfo-32bit-11.2.1-104.9.49 Mesa-libGLESv2-2-11.2.1-104.9.49 Mesa-libGLESv2-2-debuginfo-11.2.1-104.9.49 Mesa-libglapi0-11.2.1-104.9.49 Mesa-libglapi0-32bit-11.2.1-104.9.49 Mesa-libglapi0-debuginfo-11.2.1-104.9.49 Mesa-libglapi0-debuginfo-32bit-11.2.1-104.9.49 libgbm1-11.2.1-104.9.49 libgbm1-32bit-11.2.1-104.9.49 libgbm1-debuginfo-11.2.1-104.9.49 libgbm1-debuginfo-32bit-11.2.1-104.9.49 libxatracker2-1.0.0-104.9.49 libxatracker2-debuginfo-1.0.0-104.9.49 References: https://www.suse.com/security/cve/CVE-2019-5068.html https://bugzilla.suse.com/1156015 From sle-updates at lists.suse.com Thu Sep 16 16:20:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Sep 2021 18:20:52 +0200 (CEST) Subject: SUSE-RU-2021:3116-1: moderate: Recommended update for mozilla-nspr, mozilla-nss Message-ID: <20210916162052.B2FA9FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3116-1 Rating: moderate References: #1029961 #1174697 #1176206 #1176934 #1179382 #1188891 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports("vsx") with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the ???Staat der Nederlanden Root CA - G3??? root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008???. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt "cachedCertTable" * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_rele ase_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting "all" as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add "certSIGN Root CA G2" root certificate. * bmo#1645174 - Add Microsec's "e-Szigno Root CA 2017" root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for "O=Government Root Certification Authority; C=TW" root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove "LuxTrust Global Root 2" root certificate. * bmo#1639987 - Remove "Staat der Nederlanden Root CA - G2" root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3116=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3116=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3116=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3116=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3116=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3116=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3116=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3116=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3116=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3116=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3116=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3116=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3116=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.68-58.54.1 libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nspr-devel-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-devel-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libfreebl3-3.68-58.54.1 libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nspr-devel-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-devel-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.68-58.54.1 libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nspr-devel-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-devel-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 - SUSE OpenStack Cloud 8 (x86_64): libfreebl3-3.68-58.54.1 libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nspr-devel-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-devel-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nspr-devel-4.32-19.18.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-devel-3.68-58.54.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nspr-devel-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-devel-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libfreebl3-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nspr-devel-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-devel-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nspr-devel-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-devel-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nspr-devel-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-devel-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nspr-devel-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-devel-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.68-58.54.1 libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.68-58.54.1 libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 - HPE Helion Openstack 8 (x86_64): libfreebl3-3.68-58.54.1 libfreebl3-32bit-3.68-58.54.1 libfreebl3-debuginfo-3.68-58.54.1 libfreebl3-debuginfo-32bit-3.68-58.54.1 libfreebl3-hmac-3.68-58.54.1 libfreebl3-hmac-32bit-3.68-58.54.1 libsoftokn3-3.68-58.54.1 libsoftokn3-32bit-3.68-58.54.1 libsoftokn3-debuginfo-3.68-58.54.1 libsoftokn3-debuginfo-32bit-3.68-58.54.1 libsoftokn3-hmac-3.68-58.54.1 libsoftokn3-hmac-32bit-3.68-58.54.1 mozilla-nspr-32bit-4.32-19.18.1 mozilla-nspr-4.32-19.18.1 mozilla-nspr-debuginfo-32bit-4.32-19.18.1 mozilla-nspr-debuginfo-4.32-19.18.1 mozilla-nspr-debugsource-4.32-19.18.1 mozilla-nspr-devel-4.32-19.18.1 mozilla-nss-3.68-58.54.1 mozilla-nss-32bit-3.68-58.54.1 mozilla-nss-certs-3.68-58.54.1 mozilla-nss-certs-32bit-3.68-58.54.1 mozilla-nss-certs-debuginfo-3.68-58.54.1 mozilla-nss-certs-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debuginfo-3.68-58.54.1 mozilla-nss-debuginfo-32bit-3.68-58.54.1 mozilla-nss-debugsource-3.68-58.54.1 mozilla-nss-devel-3.68-58.54.1 mozilla-nss-sysinit-3.68-58.54.1 mozilla-nss-sysinit-32bit-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-3.68-58.54.1 mozilla-nss-sysinit-debuginfo-32bit-3.68-58.54.1 mozilla-nss-tools-3.68-58.54.1 mozilla-nss-tools-debuginfo-3.68-58.54.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1174697 https://bugzilla.suse.com/1176206 https://bugzilla.suse.com/1176934 https://bugzilla.suse.com/1179382 https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Thu Sep 16 22:18:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 00:18:47 +0200 (CEST) Subject: SUSE-SU-2021:3123-1: moderate: Security update for libcroco Message-ID: <20210916221847.D9891FCC9@maintenance.suse.de> SUSE Security Update: Security update for libcroco ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3123-1 Rating: moderate References: #1171685 Cross-References: CVE-2020-12825 CVSS scores: CVE-2020-12825 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2020-12825 (SUSE): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3123=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3123=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3123=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libcroco-0_6-3-0.6.13-3.3.1 libcroco-0_6-3-debuginfo-0.6.13-3.3.1 libcroco-debuginfo-0.6.13-3.3.1 libcroco-debugsource-0.6.13-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libcroco-0.6.13-3.3.1 libcroco-0_6-3-0.6.13-3.3.1 libcroco-0_6-3-debuginfo-0.6.13-3.3.1 libcroco-debuginfo-0.6.13-3.3.1 libcroco-debugsource-0.6.13-3.3.1 libcroco-devel-0.6.13-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libcroco-0.6.13-3.3.1 libcroco-0_6-3-0.6.13-3.3.1 libcroco-0_6-3-debuginfo-0.6.13-3.3.1 libcroco-debuginfo-0.6.13-3.3.1 libcroco-debugsource-0.6.13-3.3.1 libcroco-devel-0.6.13-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcroco-0_6-3-32bit-0.6.13-3.3.1 libcroco-0_6-3-32bit-debuginfo-0.6.13-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-12825.html https://bugzilla.suse.com/1171685 From sle-updates at lists.suse.com Thu Sep 16 22:20:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 00:20:08 +0200 (CEST) Subject: SUSE-SU-2021:3119-1: moderate: Security update for postgresql12 Message-ID: <20210916222008.B9AD0FCC9@maintenance.suse.de> SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3119-1 Rating: moderate References: #1179945 #1185952 #1187751 #1189748 Cross-References: CVE-2021-3677 CVSS scores: CVE-2021-3677 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for postgresql12 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748). - Fixed build with llvm12 on s390x (bsc#1185952). - Re-enabled icu for PostgreSQL 10 (bsc#1179945). - Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751). - llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3119=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3119=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-debugsource-12.8-3.18.2 postgresql12-devel-12.8-3.18.2 postgresql12-devel-debuginfo-12.8-3.18.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql12-server-devel-12.8-3.18.2 postgresql12-server-devel-debuginfo-12.8-3.18.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-12.8-3.18.2 postgresql12-contrib-12.8-3.18.2 postgresql12-contrib-debuginfo-12.8-3.18.2 postgresql12-debuginfo-12.8-3.18.2 postgresql12-debugsource-12.8-3.18.2 postgresql12-plperl-12.8-3.18.2 postgresql12-plperl-debuginfo-12.8-3.18.2 postgresql12-plpython-12.8-3.18.2 postgresql12-plpython-debuginfo-12.8-3.18.2 postgresql12-pltcl-12.8-3.18.2 postgresql12-pltcl-debuginfo-12.8-3.18.2 postgresql12-server-12.8-3.18.2 postgresql12-server-debuginfo-12.8-3.18.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql12-docs-12.8-3.18.2 References: https://www.suse.com/security/cve/CVE-2021-3677.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1185952 https://bugzilla.suse.com/1187751 https://bugzilla.suse.com/1189748 From sle-updates at lists.suse.com Thu Sep 16 22:21:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 00:21:49 +0200 (CEST) Subject: SUSE-SU-2021:14800-1: moderate: Security update for libcroco Message-ID: <20210916222149.A3A65FCC9@maintenance.suse.de> SUSE Security Update: Security update for libcroco ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14800-1 Rating: moderate References: #1171685 Cross-References: CVE-2020-12825 CVSS scores: CVE-2020-12825 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2020-12825 (SUSE): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libcroco-14800=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libcroco-14800=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libcroco-14800=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libcroco-14800=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libcroco-0_6-3-0.6.1-122.9.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libcroco-0_6-3-32bit-0.6.1-122.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libcroco-0_6-3-0.6.1-122.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libcroco-debuginfo-0.6.1-122.9.1 libcroco-debugsource-0.6.1-122.9.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libcroco-debuginfo-0.6.1-122.9.1 libcroco-debugsource-0.6.1-122.9.1 References: https://www.suse.com/security/cve/CVE-2020-12825.html https://bugzilla.suse.com/1171685 From sle-updates at lists.suse.com Thu Sep 16 22:23:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 00:23:04 +0200 (CEST) Subject: SUSE-SU-2021:3120-1: moderate: Security update for postgresql13 Message-ID: <20210916222304.D7A41FCC9@maintenance.suse.de> SUSE Security Update: Security update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3120-1 Rating: moderate References: #1179945 #1185952 #1187751 #1189748 Cross-References: CVE-2021-3677 CVSS scores: CVE-2021-3677 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for postgresql13 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748). - Fixed build with llvm12 on s390x (bsc#1185952). - Re-enabled icu for PostgreSQL 10 (bsc#1179945). - Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751). - llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3120=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3120=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql13-debugsource-13.4-3.12.2 postgresql13-devel-13.4-3.12.2 postgresql13-devel-debuginfo-13.4-3.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql13-server-devel-13.4-3.12.2 postgresql13-server-devel-debuginfo-13.4-3.12.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libecpg6-13.4-3.12.2 libecpg6-debuginfo-13.4-3.12.2 libpq5-13.4-3.12.2 libpq5-debuginfo-13.4-3.12.2 postgresql13-13.4-3.12.2 postgresql13-contrib-13.4-3.12.2 postgresql13-contrib-debuginfo-13.4-3.12.2 postgresql13-debuginfo-13.4-3.12.2 postgresql13-debugsource-13.4-3.12.2 postgresql13-plperl-13.4-3.12.2 postgresql13-plperl-debuginfo-13.4-3.12.2 postgresql13-plpython-13.4-3.12.2 postgresql13-plpython-debuginfo-13.4-3.12.2 postgresql13-pltcl-13.4-3.12.2 postgresql13-pltcl-debuginfo-13.4-3.12.2 postgresql13-server-13.4-3.12.2 postgresql13-server-debuginfo-13.4-3.12.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpq5-32bit-13.4-3.12.2 libpq5-debuginfo-32bit-13.4-3.12.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql13-docs-13.4-3.12.2 References: https://www.suse.com/security/cve/CVE-2021-3677.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1185952 https://bugzilla.suse.com/1187751 https://bugzilla.suse.com/1189748 From sle-updates at lists.suse.com Thu Sep 16 22:24:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 00:24:46 +0200 (CEST) Subject: SUSE-SU-2021:3125-1: moderate: Security update for gtk-vnc Message-ID: <20210916222446.90A9DFCC9@maintenance.suse.de> SUSE Security Update: Security update for gtk-vnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3125-1 Rating: moderate References: #1024266 #1024268 #1046782 #1188292 Cross-References: CVE-2017-5884 CVE-2017-5885 CVSS scores: CVE-2017-5884 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-5885 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for gtk-vnc fixes the following issues: - CVE-2017-5885: Correctly validate color map range indexes (bsc#1024268). - CVE-2017-5884: Fix bounds checking for RRE, hextile & copyrect encodings (bsc#1024266). - Fix crash when opening connection from a GSocketAddress (bsc#1046782). - Fix possible crash on connection failure (bsc#1188292). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3125=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3125=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3125=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3125=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3125=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3125=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3125=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3125=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3125=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3125=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3125=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3125=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3125=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3125=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 - SUSE OpenStack Cloud 9 (x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 - SUSE OpenStack Cloud 8 (x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): gtk-vnc-lang-0.6.0-11.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc-devel-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 gtk-vnc2-devel-0.6.0-11.3.1 libgvncpulse-1_0-0-0.6.0-11.3.1 libgvncpulse-1_0-0-debuginfo-0.6.0-11.3.1 typelib-1_0-GVncPulse-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-1_0-0.6.0-11.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 - HPE Helion Openstack 8 (x86_64): gtk-vnc-debugsource-0.6.0-11.3.1 gtk-vnc2-debugsource-0.6.0-11.3.1 libgtk-vnc-1_0-0-0.6.0-11.3.1 libgtk-vnc-1_0-0-debuginfo-0.6.0-11.3.1 libgtk-vnc-2_0-0-0.6.0-11.3.1 libgtk-vnc-2_0-0-debuginfo-0.6.0-11.3.1 libgvnc-1_0-0-0.6.0-11.3.1 libgvnc-1_0-0-debuginfo-0.6.0-11.3.1 python-gtk-vnc-0.6.0-11.3.1 python-gtk-vnc-debuginfo-0.6.0-11.3.1 typelib-1_0-GVnc-1_0-0.6.0-11.3.1 typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1 References: https://www.suse.com/security/cve/CVE-2017-5884.html https://www.suse.com/security/cve/CVE-2017-5885.html https://bugzilla.suse.com/1024266 https://bugzilla.suse.com/1024268 https://bugzilla.suse.com/1046782 https://bugzilla.suse.com/1188292 From sle-updates at lists.suse.com Thu Sep 16 22:26:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 00:26:38 +0200 (CEST) Subject: SUSE-SU-2021:3124-1: moderate: Security update for transfig Message-ID: <20210916222638.1FD60FCC9@maintenance.suse.de> SUSE Security Update: Security update for transfig ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3124-1 Rating: moderate References: #1136882 #1159130 #1159293 #1161698 #1186329 #1189325 #1189343 #1189345 #1189346 Cross-References: CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-3561 CVSS scores: CVE-2019-19555 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-19555 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2019-19746 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-19746 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2019-19797 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-19797 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2020-21680 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-21681 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-21682 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-21683 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3561 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3561 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for transfig fixes the following issues: Update to version 3.2.8, including fixes for - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2020-21683: Fixed buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325). - CVE-2020-21682: Fixed buffer overflow in the set_fill component in genge.c (bsc#1189346). - CVE-2020-21681: Fixed buffer overflow in the set_color component in genge.c (bsc#1189345). - CVE-2020-21680: Fixed stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343). - CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3124=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3124=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3124=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3124=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3124=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3124=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3124=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3124=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3124=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3124=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3124=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3124=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 - SUSE OpenStack Cloud 9 (x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 - SUSE OpenStack Cloud 8 (x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 - HPE Helion Openstack 8 (x86_64): transfig-3.2.8a-2.17.1 transfig-debuginfo-3.2.8a-2.17.1 transfig-debugsource-3.2.8a-2.17.1 References: https://www.suse.com/security/cve/CVE-2019-19555.html https://www.suse.com/security/cve/CVE-2019-19746.html https://www.suse.com/security/cve/CVE-2019-19797.html https://www.suse.com/security/cve/CVE-2020-21680.html https://www.suse.com/security/cve/CVE-2020-21681.html https://www.suse.com/security/cve/CVE-2020-21682.html https://www.suse.com/security/cve/CVE-2020-21683.html https://www.suse.com/security/cve/CVE-2021-3561.html https://bugzilla.suse.com/1136882 https://bugzilla.suse.com/1159130 https://bugzilla.suse.com/1159293 https://bugzilla.suse.com/1161698 https://bugzilla.suse.com/1186329 https://bugzilla.suse.com/1189325 https://bugzilla.suse.com/1189343 https://bugzilla.suse.com/1189345 https://bugzilla.suse.com/1189346 From sle-updates at lists.suse.com Thu Sep 16 22:28:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 00:28:58 +0200 (CEST) Subject: SUSE-SU-2021:3121-1: important: Security update for crmsh Message-ID: <20210916222858.15295FCC9@maintenance.suse.de> SUSE Security Update: Security update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3121-1 Rating: important References: #1179999 #1189641 Cross-References: CVE-2020-35459 CVSS scores: CVE-2020-35459 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35459 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for crmsh fixes the following issues: - CVE-2020-35459: Fixed usage of utils.mkdirp instead of system mkdir command (bsc#1179999). - Fixed usage to collect ra trace files (bsc#1189641). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-3121=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-3121=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.1+git.1630047134.803a70f2-2.65.1 crmsh-scripts-4.1.1+git.1630047134.803a70f2-2.65.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.1+git.1630047134.803a70f2-2.65.1 crmsh-scripts-4.1.1+git.1630047134.803a70f2-2.65.1 References: https://www.suse.com/security/cve/CVE-2020-35459.html https://bugzilla.suse.com/1179999 https://bugzilla.suse.com/1189641 From sle-updates at lists.suse.com Fri Sep 17 06:24:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 08:24:54 +0200 (CEST) Subject: SUSE-CU-2021:322-1: Security update of caasp/v4.5/kube-apiserver Message-ID: <20210917062454.5D020FCC9@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:322-1 Container Tags : caasp/v4.5/kube-apiserver:v1.18.20 , caasp/v4.5/kube-apiserver:v1.18.20-rev4 , caasp/v4.5/kube-apiserver:v1.18.20-rev4-build5.10.1 Container Release : 5.10.1 Severity : important Type : security References : 1182185 1189416 CVE-2021-25741 CVE-2021-3121 ----------------------------------------------------------------- The container caasp/v4.5/kube-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3049-1 Released: Thu Sep 16 01:03:10 2021 Summary: Includes a kubernetes update to 1.18.20 including a backport for CVE-2021-25741 Type: security Severity: important References: 1182185,1189416,CVE-2021-25741,CVE-2021-3121 == Kubernetes bsc#1189416 kubernetes issue is a backport of the upstream security fix (CVE-2021-25741): https://github.com/kubernetes/kubernetes/pull/104253 From sle-updates at lists.suse.com Fri Sep 17 06:26:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 08:26:46 +0200 (CEST) Subject: SUSE-CU-2021:325-1: Security update of caasp/v4.5/kube-controller-manager Message-ID: <20210917062646.04DE2FCC9@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-controller-manager ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:325-1 Container Tags : caasp/v4.5/kube-controller-manager:v1.18.20 , caasp/v4.5/kube-controller-manager:v1.18.20-rev4 , caasp/v4.5/kube-controller-manager:v1.18.20-rev4-build5.10.2 Container Release : 5.10.2 Severity : important Type : security References : 1182185 1189416 CVE-2021-25741 CVE-2021-3121 ----------------------------------------------------------------- The container caasp/v4.5/kube-controller-manager was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3049-1 Released: Thu Sep 16 01:03:10 2021 Summary: Includes a kubernetes update to 1.18.20 including a backport for CVE-2021-25741 Type: security Severity: important References: 1182185,1189416,CVE-2021-25741,CVE-2021-3121 == Kubernetes bsc#1189416 kubernetes issue is a backport of the upstream security fix (CVE-2021-25741): https://github.com/kubernetes/kubernetes/pull/104253 From sle-updates at lists.suse.com Fri Sep 17 06:28:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 08:28:33 +0200 (CEST) Subject: SUSE-CU-2021:328-1: Security update of caasp/v4.5/kube-proxy Message-ID: <20210917062833.890E0FCC9@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-proxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:328-1 Container Tags : caasp/v4.5/kube-proxy:v1.18.20 , caasp/v4.5/kube-proxy:v1.18.20-rev4 , caasp/v4.5/kube-proxy:v1.18.20-rev4-build5.10.1 Container Release : 5.10.1 Severity : important Type : security References : 1182185 1189416 CVE-2021-25741 CVE-2021-3121 ----------------------------------------------------------------- The container caasp/v4.5/kube-proxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3049-1 Released: Thu Sep 16 01:03:10 2021 Summary: Includes a kubernetes update to 1.18.20 including a backport for CVE-2021-25741 Type: security Severity: important References: 1182185,1189416,CVE-2021-25741,CVE-2021-3121 == Kubernetes bsc#1189416 kubernetes issue is a backport of the upstream security fix (CVE-2021-25741): https://github.com/kubernetes/kubernetes/pull/104253 From sle-updates at lists.suse.com Fri Sep 17 06:29:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 08:29:51 +0200 (CEST) Subject: SUSE-CU-2021:330-1: Security update of caasp/v4.5/kube-scheduler Message-ID: <20210917062951.D10BDFCC9@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/kube-scheduler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:330-1 Container Tags : caasp/v4.5/kube-scheduler:v1.18.20 , caasp/v4.5/kube-scheduler:v1.18.20-rev4 , caasp/v4.5/kube-scheduler:v1.18.20-rev4-build5.10.1 Container Release : 5.10.1 Severity : important Type : security References : 1182185 1189416 CVE-2021-25741 CVE-2021-3121 ----------------------------------------------------------------- The container caasp/v4.5/kube-scheduler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3049-1 Released: Thu Sep 16 01:03:10 2021 Summary: Includes a kubernetes update to 1.18.20 including a backport for CVE-2021-25741 Type: security Severity: important References: 1182185,1189416,CVE-2021-25741,CVE-2021-3121 == Kubernetes bsc#1189416 kubernetes issue is a backport of the upstream security fix (CVE-2021-25741): https://github.com/kubernetes/kubernetes/pull/104253 From sle-updates at lists.suse.com Fri Sep 17 13:16:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 15:16:24 +0200 (CEST) Subject: SUSE-RU-2021:3127-1: moderate: Recommended update for gimp Message-ID: <20210917131624.82DB4FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for gimp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3127-1 Rating: moderate References: #1178726 #1180362 #1180770 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for gimp fixes the following issues: - Recurse directories when looking for python plugins (bsc#1180362) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3127=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3127=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gimp-plugins-python-2.10.12-3.6.2 gimp-plugins-python-debuginfo-2.10.12-3.6.2 - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): gimp-lang-2.10.12-3.6.2 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): gimp-2.10.12-3.6.2 gimp-debuginfo-2.10.12-3.6.2 gimp-debugsource-2.10.12-3.6.2 gimp-devel-2.10.12-3.6.2 gimp-devel-debuginfo-2.10.12-3.6.2 gimp-plugins-python-2.10.12-3.6.2 gimp-plugins-python-debuginfo-2.10.12-3.6.2 libgimp-2_0-0-2.10.12-3.6.2 libgimp-2_0-0-debuginfo-2.10.12-3.6.2 libgimpui-2_0-0-2.10.12-3.6.2 libgimpui-2_0-0-debuginfo-2.10.12-3.6.2 References: https://bugzilla.suse.com/1178726 https://bugzilla.suse.com/1180362 https://bugzilla.suse.com/1180770 From sle-updates at lists.suse.com Fri Sep 17 13:19:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 15:19:08 +0200 (CEST) Subject: SUSE-RU-2021:3126-1: moderate: Recommended update for at Message-ID: <20210917131908.85E94FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for at ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3126-1 Rating: moderate References: #1058557 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for at fixes the following issue: - Increase TasksMax limit from systemd default 512 to 4915 (bsc#1058557) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3126=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): at-3.1.14-8.9.1 at-debuginfo-3.1.14-8.9.1 at-debugsource-3.1.14-8.9.1 References: https://bugzilla.suse.com/1058557 From sle-updates at lists.suse.com Fri Sep 17 19:17:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 21:17:28 +0200 (CEST) Subject: SUSE-RU-2021:3132-1: moderate: Recommended update for google-guest-oslogin Message-ID: <20210917191728.B1029FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-oslogin ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3132-1 Rating: moderate References: #1188992 #1189041 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-guest-oslogin contains the following fixes: - Update to version 20210728.00 (bsc#1188992, bsc#1189041) * JSON object cleanup (#65) - Update to version 20210707.00 * throw exceptions in cache_refresh (#64) - from version 20210702.00 * Use IP address for calling the metadata server. (#63) - Update to version 20210618.00 * flush each group member write (#62) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-3132=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-3132=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-3132=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): google-guest-oslogin-20210728.00-1.21.1 google-guest-oslogin-debuginfo-20210728.00-1.21.1 google-guest-oslogin-debugsource-20210728.00-1.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): google-guest-oslogin-20210728.00-1.21.1 google-guest-oslogin-debuginfo-20210728.00-1.21.1 google-guest-oslogin-debugsource-20210728.00-1.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-guest-oslogin-20210728.00-1.21.1 google-guest-oslogin-debuginfo-20210728.00-1.21.1 google-guest-oslogin-debugsource-20210728.00-1.21.1 References: https://bugzilla.suse.com/1188992 https://bugzilla.suse.com/1189041 From sle-updates at lists.suse.com Fri Sep 17 19:21:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 21:21:10 +0200 (CEST) Subject: SUSE-RU-2021:3128-1: moderate: Recommended update for rpmlint Message-ID: <20210917192110.16AD5FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpmlint ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3128-1 Rating: moderate References: #1169494 #1189106 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rpmlint fixes the following issues: - Backport whitelisting of oddjob (bsc#1189106, bsc#1169494). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3128=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3128=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): rpmlint-1.10-7.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): rpmlint-1.10-7.25.1 References: https://bugzilla.suse.com/1169494 https://bugzilla.suse.com/1189106 From sle-updates at lists.suse.com Fri Sep 17 19:24:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 21:24:46 +0200 (CEST) Subject: SUSE-RU-2021:3136-1: moderate: Recommended update for SUSEConnect Message-ID: <20210917192446.A5E01FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3136-1 Rating: moderate References: #1185611 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSEConnect fixes the following issues: - Disallow registering via SUSEConnect if the system is managed by SUSE Manager. - Add subscription name to output of 'SUSEConnect --status'. - Send payload of GET requests as part of the url, not in the body. (bsc#1185611) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3136=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3136=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3136=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): SUSEConnect-0.3.31-13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.31-13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.31-13.1 References: https://bugzilla.suse.com/1185611 From sle-updates at lists.suse.com Fri Sep 17 19:28:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 21:28:12 +0200 (CEST) Subject: SUSE-RU-2021:3135-1: important: Recommended update for yast2-country Message-ID: <20210917192812.309B3FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-country ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3135-1 Rating: important References: #1188406 #1189461 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-country fixes the following issues: - AutoYaST: allow empty /profile/timezone/timezone setting meaning to keep the UTC default. (bsc#1188406) - Move the keyboards database to 'lib/' to make the module compatible with the 'self-update' mechanism. (bsc#1189461) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3135=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-3135=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-country-4.2.23-3.11.1 yast2-country-data-4.2.23-3.11.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-country-4.2.23-3.11.1 yast2-country-data-4.2.23-3.11.1 References: https://bugzilla.suse.com/1188406 https://bugzilla.suse.com/1189461 From sle-updates at lists.suse.com Fri Sep 17 19:29:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 21:29:32 +0200 (CEST) Subject: SUSE-RU-2021:3130-1: moderate: Recommended update for sssd Message-ID: <20210917192932.BB8AAFE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3130-1 Rating: moderate References: #1190021 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Fixes a segfault with newer libcares2 versions when the library fails to parse a dns name. (bsc#1190021) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3130=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-23.14.1 libipa_hbac0-1.16.1-23.14.1 libipa_hbac0-debuginfo-1.16.1-23.14.1 libsss_certmap-devel-1.16.1-23.14.1 libsss_certmap0-1.16.1-23.14.1 libsss_certmap0-debuginfo-1.16.1-23.14.1 libsss_idmap-devel-1.16.1-23.14.1 libsss_idmap0-1.16.1-23.14.1 libsss_idmap0-debuginfo-1.16.1-23.14.1 libsss_nss_idmap-devel-1.16.1-23.14.1 libsss_nss_idmap0-1.16.1-23.14.1 libsss_nss_idmap0-debuginfo-1.16.1-23.14.1 libsss_simpleifp-devel-1.16.1-23.14.1 libsss_simpleifp0-1.16.1-23.14.1 libsss_simpleifp0-debuginfo-1.16.1-23.14.1 python3-sssd-config-1.16.1-23.14.1 python3-sssd-config-debuginfo-1.16.1-23.14.1 sssd-1.16.1-23.14.1 sssd-ad-1.16.1-23.14.1 sssd-ad-debuginfo-1.16.1-23.14.1 sssd-common-1.16.1-23.14.1 sssd-common-debuginfo-1.16.1-23.14.1 sssd-dbus-1.16.1-23.14.1 sssd-dbus-debuginfo-1.16.1-23.14.1 sssd-debugsource-1.16.1-23.14.1 sssd-ipa-1.16.1-23.14.1 sssd-ipa-debuginfo-1.16.1-23.14.1 sssd-krb5-1.16.1-23.14.1 sssd-krb5-common-1.16.1-23.14.1 sssd-krb5-common-debuginfo-1.16.1-23.14.1 sssd-krb5-debuginfo-1.16.1-23.14.1 sssd-ldap-1.16.1-23.14.1 sssd-ldap-debuginfo-1.16.1-23.14.1 sssd-proxy-1.16.1-23.14.1 sssd-proxy-debuginfo-1.16.1-23.14.1 sssd-tools-1.16.1-23.14.1 sssd-tools-debuginfo-1.16.1-23.14.1 sssd-winbind-idmap-1.16.1-23.14.1 sssd-winbind-idmap-debuginfo-1.16.1-23.14.1 References: https://bugzilla.suse.com/1190021 From sle-updates at lists.suse.com Fri Sep 17 19:30:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 21:30:47 +0200 (CEST) Subject: SUSE-RU-2021:3131-1: moderate: Recommended update for xorg-x11-fonts Message-ID: <20210917193047.3C372FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-fonts ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3131-1 Rating: moderate References: #1174895 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-fonts fixes the following issues: - Convert the 'helv*.otb' and 'cour*.otb' files in a different way, generating all available font sizes. (bsc#1174895) - As part of the above fix, don't remove the "Regular" suffix from the full name of fonts in 'convertfont.py' This update for fonttosfnt fixes the following issues: - Fix more metric calculations (bsc#1174895): Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3131=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3131=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3131=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3131=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): fonttosfnt-1.1.0-3.3.1 fonttosfnt-debuginfo-1.1.0-3.3.1 fonttosfnt-debugsource-1.1.0-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): fonttosfnt-1.1.0-3.3.1 fonttosfnt-debuginfo-1.1.0-3.3.1 fonttosfnt-debugsource-1.1.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): xorg-x11-fonts-7.6-13.6.1 xorg-x11-fonts-converted-7.6-13.6.5 xorg-x11-fonts-core-7.6-13.6.1 xorg-x11-fonts-legacy-7.6-13.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): xorg-x11-fonts-7.6-13.6.1 xorg-x11-fonts-converted-7.6-13.6.5 xorg-x11-fonts-core-7.6-13.6.1 xorg-x11-fonts-legacy-7.6-13.6.1 References: https://bugzilla.suse.com/1174895 From sle-updates at lists.suse.com Fri Sep 17 19:32:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 21:32:04 +0200 (CEST) Subject: SUSE-RU-2021:3133-1: moderate: Recommended update for grub2, efibootmgr Message-ID: <20210917193204.3D9D3FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2, efibootmgr ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3133-1 Rating: moderate References: #1186565 #1186975 #1187565 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2, efibootmgr provides the following fixes: - Ship package grub2-arm64-efi and the required efibootmgr also to ppc64le, s390x and x86_64 (bsc#1186565) - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) - Fix ocasional boot failure after kdump procedure when using XFS (bsc#1186975) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3133=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3133=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3133=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3133=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): efibootmgr-14-4.3.2 efibootmgr-debuginfo-14-4.3.2 efibootmgr-debugsource-14-4.3.2 grub2-2.04-9.49.3 grub2-debuginfo-2.04-9.49.3 grub2-debugsource-2.04-9.49.3 - SUSE MicroOS 5.0 (noarch): grub2-arm64-efi-2.04-9.49.3 grub2-i386-pc-2.04-9.49.3 grub2-snapper-plugin-2.04-9.49.3 grub2-x86_64-efi-2.04-9.49.3 grub2-x86_64-xen-2.04-9.49.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): grub2-x86_64-xen-2.04-9.49.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): efibootmgr-14-4.3.2 efibootmgr-debuginfo-14-4.3.2 efibootmgr-debugsource-14-4.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): efibootmgr-14-4.3.2 efibootmgr-debuginfo-14-4.3.2 efibootmgr-debugsource-14-4.3.2 grub2-2.04-9.49.3 grub2-debuginfo-2.04-9.49.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.04-9.49.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): grub2-arm64-efi-2.04-9.49.3 grub2-i386-pc-2.04-9.49.3 grub2-powerpc-ieee1275-2.04-9.49.3 grub2-snapper-plugin-2.04-9.49.3 grub2-systemd-sleep-plugin-2.04-9.49.3 grub2-x86_64-efi-2.04-9.49.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): grub2-s390x-emu-2.04-9.49.3 References: https://bugzilla.suse.com/1186565 https://bugzilla.suse.com/1186975 https://bugzilla.suse.com/1187565 From sle-updates at lists.suse.com Fri Sep 17 19:34:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 21:34:43 +0200 (CEST) Subject: SUSE-RU-2021:3129-1: moderate: Recommended update for polkit-default-privs Message-ID: <20210917193443.80EC2FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3129-1 Rating: moderate References: #1177974 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for polkit-default-privs fixes the following issues: - malcontent: loosen restrictive ReadOwn actions to prevent spurious auth requests - whitelisting of GNOME malcontent parental controls (bsc#1177974) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3129=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3129=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-18.2.1 rpmlint-mini-debuginfo-1.10-18.2.1 rpmlint-mini-debugsource-1.10-18.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): polkit-default-privs-13.2+20210813.1c5fb05-3.3.1 References: https://bugzilla.suse.com/1177974 From sle-updates at lists.suse.com Fri Sep 17 19:37:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 21:37:00 +0200 (CEST) Subject: SUSE-RU-2021:3134-1: moderate: Recommended update for google-guest-oslogin Message-ID: <20210917193700.B04FBFE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-oslogin ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3134-1 Rating: moderate References: #1188992 #1189041 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-guest-oslogin contains the following fixes: - Update to version 20210728.00 (bsc#1188992, bsc#1189041) * JSON object cleanup (#65) - Update to version 20210707.00 * throw exceptions in cache_refresh (#64) - from version 20210702.00 * Use IP address for calling the metadata server. (#63) - Update to version 20210618.00 * flush each group member write (#62) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-3134=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-guest-oslogin-20210728.00-1.20.1 google-guest-oslogin-debuginfo-20210728.00-1.20.1 google-guest-oslogin-debugsource-20210728.00-1.20.1 References: https://bugzilla.suse.com/1188992 https://bugzilla.suse.com/1189041 From sle-updates at lists.suse.com Fri Sep 17 19:40:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 21:40:49 +0200 (CEST) Subject: SUSE-RU-2021:3138-1: moderate: Recommended update for mdadm Message-ID: <20210917194049.83B08FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3138-1 Rating: moderate References: #1180661 #1182642 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - Remove Spare drives line from details for external metadata. (bsc#1180661, bsc#1182642) - Arrays with external metadata do not have spare disks directly assigned to volumes; spare disks belong to containers and are moved to arrays when the array is degraded/reshaping. Thus, the display of zero spare disks in volume details is incorrect and can be confusing. - Don't associate spares with other arrays during RAID Examine. (bsc#1180661, bsc#1182642) - Spares in imsm belong to containers, not volumes, and must go into a separate container when assembling the RAID. Remove association spares with other arrays and make Examine print separate containers for spares. Auto assemble without config file already works like this. So make creating a config file and assembling from it consistent with auto assemble. With this change, 'mdadm -Es' will add this line to output if spares are found: 'ARRAY metadata=imsm UUID=00000000:00000000:00000000:00000000' Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3138=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): mdadm-4.1-24.6.1 mdadm-debuginfo-4.1-24.6.1 mdadm-debugsource-4.1-24.6.1 References: https://bugzilla.suse.com/1180661 https://bugzilla.suse.com/1182642 From sle-updates at lists.suse.com Fri Sep 17 19:43:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Sep 2021 21:43:16 +0200 (CEST) Subject: SUSE-RU-2021:3137-1: moderate: Recommended update for mdadm Message-ID: <20210917194316.50F20FE11@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3137-1 Rating: moderate References: #1180661 #1181619 #1182642 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - Remove Spare drives line from details for external metadata. (bsc#1180661, bsc#1182642) - Don't associate spares with other arrays during RAID Examine. (bsc#1180661, bsc#1182642) - Make 'Grow add device' more robust and report details if the 'dev_roles' array is corrupt. (bsc#1181619) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3137=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mdadm-4.1-4.20.1 mdadm-debuginfo-4.1-4.20.1 mdadm-debugsource-4.1-4.20.1 References: https://bugzilla.suse.com/1180661 https://bugzilla.suse.com/1181619 https://bugzilla.suse.com/1182642 From sle-updates at lists.suse.com Sat Sep 18 01:18:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Sep 2021 03:18:11 +0200 (CEST) Subject: SUSE-RU-2021:3139-1: moderate: Recommended update for openhpi Message-ID: <20210918011811.F018EFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openhpi ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3139-1 Rating: moderate References: #1185173 #1190042 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openhpi fixes the following issues: - Use /run not /var/run for PID file creation (bsc#1185173) - Remove group rights on config file (bsc#1190042) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3139=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3139=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libopenhpi4-3.8.0-3.6.1 libopenhpi4-debuginfo-3.8.0-3.6.1 openhpi-3.8.0-3.6.1 openhpi-clients-3.8.0-3.6.1 openhpi-clients-debuginfo-3.8.0-3.6.1 openhpi-daemon-3.8.0-3.6.1 openhpi-daemon-debuginfo-3.8.0-3.6.1 openhpi-debuginfo-3.8.0-3.6.1 openhpi-debugsource-3.8.0-3.6.1 openhpi-devel-3.8.0-3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libopenhpi4-3.8.0-3.6.1 libopenhpi4-debuginfo-3.8.0-3.6.1 openhpi-3.8.0-3.6.1 openhpi-clients-3.8.0-3.6.1 openhpi-clients-debuginfo-3.8.0-3.6.1 openhpi-daemon-3.8.0-3.6.1 openhpi-daemon-debuginfo-3.8.0-3.6.1 openhpi-debuginfo-3.8.0-3.6.1 openhpi-debugsource-3.8.0-3.6.1 openhpi-devel-3.8.0-3.6.1 References: https://bugzilla.suse.com/1185173 https://bugzilla.suse.com/1190042 From sle-updates at lists.suse.com Sat Sep 18 16:16:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Sep 2021 18:16:42 +0200 (CEST) Subject: SUSE-SU-2021:3141-1: moderate: Security update for xen Message-ID: <20210918161642.D50B0FE12@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3141-1 Rating: moderate References: #1027519 #1189632 Cross-References: CVE-2021-28701 CVSS scores: CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3141=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3141=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3141=1 Package List: - SUSE MicroOS 5.0 (x86_64): xen-debugsource-4.13.3_04-3.37.1 xen-libs-4.13.3_04-3.37.1 xen-libs-debuginfo-4.13.3_04-3.37.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.3_04-3.37.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): xen-4.13.3_04-3.37.1 xen-debugsource-4.13.3_04-3.37.1 xen-devel-4.13.3_04-3.37.1 xen-tools-4.13.3_04-3.37.1 xen-tools-debuginfo-4.13.3_04-3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): xen-debugsource-4.13.3_04-3.37.1 xen-libs-4.13.3_04-3.37.1 xen-libs-debuginfo-4.13.3_04-3.37.1 xen-tools-domU-4.13.3_04-3.37.1 xen-tools-domU-debuginfo-4.13.3_04-3.37.1 References: https://www.suse.com/security/cve/CVE-2021-28701.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1189632 From sle-updates at lists.suse.com Sat Sep 18 16:17:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Sep 2021 18:17:57 +0200 (CEST) Subject: SUSE-SU-2021:3140-1: moderate: Security update for xen Message-ID: <20210918161757.59B22FE12@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3140-1 Rating: moderate References: #1027519 #1189632 Cross-References: CVE-2021-28701 CVSS scores: CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3140=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3140=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.2_06-3.12.1 xen-debugsource-4.14.2_06-3.12.1 xen-devel-4.14.2_06-3.12.1 xen-tools-4.14.2_06-3.12.1 xen-tools-debuginfo-4.14.2_06-3.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.2_06-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.2_06-3.12.1 xen-libs-4.14.2_06-3.12.1 xen-libs-debuginfo-4.14.2_06-3.12.1 xen-tools-domU-4.14.2_06-3.12.1 xen-tools-domU-debuginfo-4.14.2_06-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-28701.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1189632 From sle-updates at lists.suse.com Sat Sep 18 19:16:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Sep 2021 21:16:32 +0200 (CEST) Subject: SUSE-SU-2021:14802-1: Security update for openssl Message-ID: <20210918191632.A7D11FE12@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14802-1 Rating: low References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssl-14802=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-14802=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-14802=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-14802=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.106.43.1 libopenssl0_9_8-hmac-0.9.8j-0.106.43.1 openssl-0.9.8j-0.106.43.1 openssl-doc-0.9.8j-0.106.43.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.43.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.43.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libopenssl-devel-0.9.8j-0.106.43.1 libopenssl0_9_8-0.9.8j-0.106.43.1 libopenssl0_9_8-hmac-0.9.8j-0.106.43.1 openssl-0.9.8j-0.106.43.1 openssl-doc-0.9.8j-0.106.43.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.43.1 openssl-debugsource-0.9.8j-0.106.43.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.43.1 openssl-debugsource-0.9.8j-0.106.43.1 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Sat Sep 18 19:17:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Sep 2021 21:17:47 +0200 (CEST) Subject: SUSE-SU-2021:14801-1: Security update for openssl1 Message-ID: <20210918191747.DFA53FE12@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14801-1 Rating: low References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-14801=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl1-14801=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.39.1 libopenssl1_0_0-1.0.1g-0.58.39.1 openssl1-1.0.1g-0.58.39.1 openssl1-doc-1.0.1g-0.58.39.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.39.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.39.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl1-debuginfo-1.0.1g-0.58.39.1 openssl1-debugsource-1.0.1g-0.58.39.1 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Mon Sep 20 10:16:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 12:16:58 +0200 (CEST) Subject: SUSE-SU-2021:3144-1: Security update for openssl Message-ID: <20210920101658.C1E97FE12@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3144-1 Rating: low References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3144=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3144=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3144=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3144=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3144=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3144=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3144=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openssl-doc-1.0.2j-60.72.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libopenssl-devel-1.0.2j-60.72.2 libopenssl1_0_0-1.0.2j-60.72.2 libopenssl1_0_0-32bit-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.72.2 libopenssl1_0_0-hmac-1.0.2j-60.72.2 libopenssl1_0_0-hmac-32bit-1.0.2j-60.72.2 openssl-1.0.2j-60.72.2 openssl-debuginfo-1.0.2j-60.72.2 openssl-debugsource-1.0.2j-60.72.2 - SUSE OpenStack Cloud 8 (noarch): openssl-doc-1.0.2j-60.72.2 - SUSE OpenStack Cloud 8 (x86_64): libopenssl-devel-1.0.2j-60.72.2 libopenssl1_0_0-1.0.2j-60.72.2 libopenssl1_0_0-32bit-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.72.2 libopenssl1_0_0-hmac-1.0.2j-60.72.2 libopenssl1_0_0-hmac-32bit-1.0.2j-60.72.2 openssl-1.0.2j-60.72.2 openssl-debuginfo-1.0.2j-60.72.2 openssl-debugsource-1.0.2j-60.72.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.72.2 libopenssl1_0_0-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-1.0.2j-60.72.2 libopenssl1_0_0-hmac-1.0.2j-60.72.2 openssl-1.0.2j-60.72.2 openssl-debuginfo-1.0.2j-60.72.2 openssl-debugsource-1.0.2j-60.72.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.72.2 libopenssl1_0_0-hmac-32bit-1.0.2j-60.72.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): openssl-doc-1.0.2j-60.72.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.72.2 libopenssl1_0_0-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-1.0.2j-60.72.2 libopenssl1_0_0-hmac-1.0.2j-60.72.2 openssl-1.0.2j-60.72.2 openssl-debuginfo-1.0.2j-60.72.2 openssl-debugsource-1.0.2j-60.72.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.72.2 libopenssl1_0_0-hmac-32bit-1.0.2j-60.72.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): openssl-doc-1.0.2j-60.72.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): openssl-doc-1.0.2j-60.72.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libopenssl-devel-1.0.2j-60.72.2 libopenssl1_0_0-1.0.2j-60.72.2 libopenssl1_0_0-32bit-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.72.2 libopenssl1_0_0-hmac-1.0.2j-60.72.2 libopenssl1_0_0-hmac-32bit-1.0.2j-60.72.2 openssl-1.0.2j-60.72.2 openssl-debuginfo-1.0.2j-60.72.2 openssl-debugsource-1.0.2j-60.72.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.72.2 libopenssl1_0_0-1.0.2j-60.72.2 libopenssl1_0_0-32bit-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.72.2 libopenssl1_0_0-hmac-1.0.2j-60.72.2 libopenssl1_0_0-hmac-32bit-1.0.2j-60.72.2 openssl-1.0.2j-60.72.2 openssl-debuginfo-1.0.2j-60.72.2 openssl-debugsource-1.0.2j-60.72.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.72.2 - HPE Helion Openstack 8 (x86_64): libopenssl-devel-1.0.2j-60.72.2 libopenssl1_0_0-1.0.2j-60.72.2 libopenssl1_0_0-32bit-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-1.0.2j-60.72.2 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.72.2 libopenssl1_0_0-hmac-1.0.2j-60.72.2 libopenssl1_0_0-hmac-32bit-1.0.2j-60.72.2 openssl-1.0.2j-60.72.2 openssl-debuginfo-1.0.2j-60.72.2 openssl-debugsource-1.0.2j-60.72.2 - HPE Helion Openstack 8 (noarch): openssl-doc-1.0.2j-60.72.2 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Mon Sep 20 13:16:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 15:16:50 +0200 (CEST) Subject: SUSE-OU-2021:3146-1: Optional update for kubevirt Message-ID: <20210920131650.606BDFCC9@maintenance.suse.de> SUSE Optional Update: Optional update for kubevirt ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:3146-1 Rating: low References: MSC-204 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP3 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: Initial release of Kubevirt for SUSE Linux Enterprise 15 SP3. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-3146=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64): kubevirt-manifests-0.45.0-8.4.3 kubevirt-virtctl-0.45.0-8.4.3 kubevirt-virtctl-debuginfo-0.45.0-8.4.3 References: From sle-updates at lists.suse.com Mon Sep 20 13:17:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 15:17:51 +0200 (CEST) Subject: SUSE-OU-2021:3145-1: Optional update for containerized-data-importer Message-ID: <20210920131751.14E2DFCC9@maintenance.suse.de> SUSE Optional Update: Optional update for containerized-data-importer ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:3145-1 Rating: low References: MSC-204 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP3 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: Initial release of Containerized Data Importer (CDI) for SUSE Linux Enterprise 15 SP3. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-3145=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64): containerized-data-importer-manifests-1.37.1-8.3.1 References: From sle-updates at lists.suse.com Mon Sep 20 13:18:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 15:18:52 +0200 (CEST) Subject: SUSE-RU-2021:3147-1: important: Create update the package in the update channels Message-ID: <20210920131852.34FADFCC9@maintenance.suse.de> SUSE Recommended Update: Create update the package in the update channels ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3147-1 Rating: important References: #1189738 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Create update to release base-container-licenses to fix bsc#1189738 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3147=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3147=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kubic-locale-archive-2.22-4.5.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): kubic-locale-archive-2.22-4.5.3 References: https://bugzilla.suse.com/1189738 From sle-updates at lists.suse.com Mon Sep 20 19:17:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:17:03 +0200 (CEST) Subject: SUSE-FU-2021:3168-1: moderate: Feature update for SUSE Manager 4.2.2 Proxy and Server Message-ID: <20210920191703.38F86FCC9@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager 4.2.2 Proxy and Server ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3168-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has 0 feature fixes can now be installed. Description: This update provides the following package to SUSE Manager 4.2.2 Proxy python-pyvmomi: - python-pyvmomi is added to SUSE Manager Proxy as L3 supported. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3168=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-3168=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-3168=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): python3-pyvmomi-6.7.3-3.2.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): python3-pyvmomi-6.7.3-3.2.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): python3-pyvmomi-6.7.3-3.2.1 References: From sle-updates at lists.suse.com Mon Sep 20 19:18:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:18:04 +0200 (CEST) Subject: SUSE-RU-2021:14803-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210920191804.36EB3FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14803-1 Rating: moderate References: #1168327 #1181223 #1188042 #1188259 #1188647 #1189040 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Fix failing tests for 'CMDRunRedirect' - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) spacecmd: - Update translation strings - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202109-14803=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64): librpm8-4.14.1+dfsg1-2.1~uyuni1 librpmbuild8-4.14.1+dfsg1-2.1~uyuni1 librpmio8-4.14.1+dfsg1-2.1~uyuni1 librpmsign8-4.14.1+dfsg1-2.1~uyuni1 python3-rpm-4.14.1+dfsg1-2.1~uyuni1 rpm-common-4.14.1+dfsg1-2.1~uyuni1 - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+95.1 salt-minion-3002.2+ds-1+95.1 spacecmd-4.2.12-32.1 References: https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188259 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1189040 From sle-updates at lists.suse.com Mon Sep 20 19:19:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:19:47 +0200 (CEST) Subject: SUSE-RU-2021:3160-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210920191947.5FD14FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3160-1 Rating: moderate References: #1181223 #1188042 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: mgr-daemon: - Update translation strings spacecmd: - Update translation strings - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) spacewalk-client-tools: - Update translation strings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-3160=1 Package List: - SUSE Manager Tools 12 (noarch): mgr-daemon-4.2.8-1.29.1 python2-spacewalk-check-4.2.13-52.56.1 python2-spacewalk-client-setup-4.2.13-52.56.1 python2-spacewalk-client-tools-4.2.13-52.56.1 spacecmd-4.2.12-38.88.1 spacewalk-check-4.2.13-52.56.1 spacewalk-client-setup-4.2.13-52.56.1 spacewalk-client-tools-4.2.13-52.56.1 References: https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1188042 From sle-updates at lists.suse.com Mon Sep 20 19:21:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:21:06 +0200 (CEST) Subject: SUSE-RU-2021:3164-1: moderate: Recommended update for salt Message-ID: <20210920192106.EB6DFFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3164-1 Rating: moderate References: #1168327 #1188259 #1188647 #1189040 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Don't pass 'shell="/sbin/nologin"' to 'onlyif/unless' checks (bsc#1188259) - Add missing 'aarch64' to rpm package architectures - Fix failing tests for 'CMDRunRedirect' - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3164=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3164=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3164=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3164=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3164=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3164=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python3-salt-3002.2-45.1 salt-3002.2-45.1 salt-api-3002.2-45.1 salt-cloud-3002.2-45.1 salt-doc-3002.2-45.1 salt-master-3002.2-45.1 salt-minion-3002.2-45.1 salt-proxy-3002.2-45.1 salt-ssh-3002.2-45.1 salt-standalone-formulas-configuration-3002.2-45.1 salt-syndic-3002.2-45.1 salt-transactional-update-3002.2-45.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3002.2-45.1 salt-fish-completion-3002.2-45.1 salt-zsh-completion-3002.2-45.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-45.1 salt-3002.2-45.1 salt-api-3002.2-45.1 salt-cloud-3002.2-45.1 salt-doc-3002.2-45.1 salt-master-3002.2-45.1 salt-minion-3002.2-45.1 salt-proxy-3002.2-45.1 salt-ssh-3002.2-45.1 salt-standalone-formulas-configuration-3002.2-45.1 salt-syndic-3002.2-45.1 salt-transactional-update-3002.2-45.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3002.2-45.1 salt-fish-completion-3002.2-45.1 salt-zsh-completion-3002.2-45.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python3-salt-3002.2-45.1 salt-3002.2-45.1 salt-api-3002.2-45.1 salt-cloud-3002.2-45.1 salt-doc-3002.2-45.1 salt-master-3002.2-45.1 salt-minion-3002.2-45.1 salt-proxy-3002.2-45.1 salt-ssh-3002.2-45.1 salt-standalone-formulas-configuration-3002.2-45.1 salt-syndic-3002.2-45.1 salt-transactional-update-3002.2-45.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): salt-bash-completion-3002.2-45.1 salt-fish-completion-3002.2-45.1 salt-zsh-completion-3002.2-45.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python3-salt-3002.2-45.1 salt-3002.2-45.1 salt-api-3002.2-45.1 salt-cloud-3002.2-45.1 salt-doc-3002.2-45.1 salt-master-3002.2-45.1 salt-minion-3002.2-45.1 salt-proxy-3002.2-45.1 salt-ssh-3002.2-45.1 salt-standalone-formulas-configuration-3002.2-45.1 salt-syndic-3002.2-45.1 salt-transactional-update-3002.2-45.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3002.2-45.1 salt-fish-completion-3002.2-45.1 salt-zsh-completion-3002.2-45.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python3-salt-3002.2-45.1 salt-3002.2-45.1 salt-api-3002.2-45.1 salt-cloud-3002.2-45.1 salt-doc-3002.2-45.1 salt-master-3002.2-45.1 salt-minion-3002.2-45.1 salt-proxy-3002.2-45.1 salt-ssh-3002.2-45.1 salt-standalone-formulas-configuration-3002.2-45.1 salt-syndic-3002.2-45.1 salt-transactional-update-3002.2-45.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): salt-bash-completion-3002.2-45.1 salt-fish-completion-3002.2-45.1 salt-zsh-completion-3002.2-45.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-salt-3002.2-45.1 salt-3002.2-45.1 salt-api-3002.2-45.1 salt-cloud-3002.2-45.1 salt-doc-3002.2-45.1 salt-master-3002.2-45.1 salt-minion-3002.2-45.1 salt-proxy-3002.2-45.1 salt-ssh-3002.2-45.1 salt-standalone-formulas-configuration-3002.2-45.1 salt-syndic-3002.2-45.1 salt-transactional-update-3002.2-45.1 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3002.2-45.1 salt-fish-completion-3002.2-45.1 salt-zsh-completion-3002.2-45.1 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3002.2-45.1 salt-fish-completion-3002.2-45.1 salt-zsh-completion-3002.2-45.1 - SUSE CaaS Platform 4.0 (x86_64): python3-salt-3002.2-45.1 salt-3002.2-45.1 salt-api-3002.2-45.1 salt-cloud-3002.2-45.1 salt-doc-3002.2-45.1 salt-master-3002.2-45.1 salt-minion-3002.2-45.1 salt-proxy-3002.2-45.1 salt-ssh-3002.2-45.1 salt-standalone-formulas-configuration-3002.2-45.1 salt-syndic-3002.2-45.1 salt-transactional-update-3002.2-45.1 References: https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1188259 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1189040 From sle-updates at lists.suse.com Mon Sep 20 19:22:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:22:41 +0200 (CEST) Subject: SUSE-FU-2021:3169-1: moderate: Feature update for SUSE Manager 4.2.2 Proxy and Server Message-ID: <20210920192241.CF91FFCC9@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager 4.2.2 Proxy and Server ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3169-1 Rating: moderate References: Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 0 feature fixes can now be installed. Description: This update provides the following packages to SUSE Manager 4.2.2 Proxy and Server: ansible: - ansible and ansible-doc are added to SUSE Manager Proxy as L2 supported golang-github-prometheus-alertmanager: - golang-github-prometheus-alertmanager is added to SUSE Manager Proxy as L3 supported python-python-memcached: - python-python-memcached is added to SUSE Manager Proxy as L3 supported python-redis: - python-redis is added to SUSE Manager Proxy as L3 supported system-user-prometheus: - system-user-prometheus is added to SUSE Manager Proxy as L3 supported Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-3169=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-3169=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3169=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.21.0-3.11.1 - SUSE Manager Tools 15 (noarch): ansible-2.9.21-1.7.1 ansible-doc-2.9.21-1.7.1 python3-python-memcached-1.59-3.7.1 python3-redis-3.4.1-3.5.1 system-user-prometheus-1.0.0-3.10.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.21.0-3.11.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): ansible-2.9.21-1.7.1 ansible-doc-2.9.21-1.7.1 ansible-test-2.9.21-1.7.1 python3-python-memcached-1.59-3.7.1 python3-redis-3.4.1-3.5.1 system-user-prometheus-1.0.0-3.10.1 - SUSE Enterprise Storage 6 (noarch): system-user-prometheus-1.0.0-3.10.1 References: From sle-updates at lists.suse.com Mon Sep 20 19:23:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:23:44 +0200 (CEST) Subject: SUSE-RU-2021:14805-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210920192344.2AF9CFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14805-1 Rating: moderate References: #1168327 #1181223 #1188042 #1188259 #1188647 #1189040 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Fix failing tests for 'CMDRunRedirect' - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) spacecmd: - Update translation strings - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202109-14805=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (amd64): librpm8-4.14.2.1+dfsg1-1build2 librpmbuild8-4.14.2.1+dfsg1-1build2 librpmio8-4.14.2.1+dfsg1-1build2 librpmsign8-4.14.2.1+dfsg1-1build2 python3-rpm-4.14.2.1+dfsg1-1build2 rpm-common-4.14.2.1+dfsg1-1build2 - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+2.54.1 salt-minion-3002.2+ds-1+2.54.1 spacecmd-4.2.12-2.30.1 References: https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188259 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1189040 From sle-updates at lists.suse.com Mon Sep 20 19:26:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:26:26 +0200 (CEST) Subject: SUSE-RU-2021:3156-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210920192626.16F7DFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3156-1 Rating: moderate References: #1168327 #1181223 #1188042 #1188259 #1188647 #1189040 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Fix failing tests for 'CMDRunRedirect' - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) spacecmd: - Update translation strings - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2021-3156=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+2.33.1 salt-minion-3002.2+ds-1+2.33.1 spacecmd-4.2.12-2.15.1 References: https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188259 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1189040 From sle-updates at lists.suse.com Mon Sep 20 19:28:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:28:12 +0200 (CEST) Subject: SUSE-RU-2021:3161-1: moderate: Recommended update for salt Message-ID: <20210920192812.5F594FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3161-1 Rating: moderate References: #1168327 #1188259 #1188647 #1189040 Affected Products: SUSE Linux Enterprise Module for Transactional Server 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Don't pass 'shell="/sbin/nologin"' to 'onlyif/unless' checks (bsc#1188259) - Add missing 'aarch64' to rpm package architectures - Fix failing tests for 'CMDRunRedirect' - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2021-3161=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3161=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3161=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3002.2-50.1.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): salt-api-3002.2-50.1.12.1 salt-cloud-3002.2-50.1.12.1 salt-master-3002.2-50.1.12.1 salt-proxy-3002.2-50.1.12.1 salt-ssh-3002.2-50.1.12.1 salt-standalone-formulas-configuration-3002.2-50.1.12.1 salt-syndic-3002.2-50.1.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): salt-fish-completion-3002.2-50.1.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-50.1.12.1 salt-3002.2-50.1.12.1 salt-doc-3002.2-50.1.12.1 salt-minion-3002.2-50.1.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): salt-bash-completion-3002.2-50.1.12.1 salt-zsh-completion-3002.2-50.1.12.1 References: https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1188259 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1189040 From sle-updates at lists.suse.com Mon Sep 20 19:29:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:29:43 +0200 (CEST) Subject: SUSE-RU-2021:3170-1: moderate: Recommended update for SUSE Manager Proxy 4.2 Message-ID: <20210920192943.487BEFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3170-1 Rating: moderate References: #1181223 #1186026 #1188042 #1189011 #1189263 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: mgr-daemon: - Update translation strings spacecmd: - Update translation strings - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) spacewalk-backend: - Update translation strings - Fix typo "verfication" instead of "verification" spacewalk-certs-tools: - Prepare the bootstrap script generator for Rocky Linux 8 spacewalk-client-tools: - Update translation strings spacewalk-proxy-installer: - Add new refresh_pattern to the squid.conf to fix a case where the repodata was invalid due to being cached (bsc#1186026) spacewalk-web: - Don't capitalize acronyms - Update translation strings - 'AppStreams with defaults' filter template in CLM - Add a link to OS image store dir in image list page - Link to CLM filter creation from system details page - Expose UEFI parameters in the VM creation/editing pages - Add virt-tuner templates to VM creation - Fix cleanup always being executed on delete system (bsc#1189011) - Add support for Kiwi options - Fix virtualization guests to handle null HostInfo - Compare lowercase CPU arch with libvirt domain capabilities - Refresh JWT virtual console token before it expires - Handle virtual machines running on pacemaker cluster susemanager-build-keys: - Add Debian 11 - Add Rocky Linux 8 susemanager-tftpsync-recv: - Adapt configure-tftpsync.sh to work on machines with multiple IP's (bsc#1189263) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-3170=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): mgr-daemon-4.2.8-2.3.2 python3-spacewalk-certs-tools-4.2.12-3.6.2 python3-spacewalk-check-4.2.13-4.6.3 python3-spacewalk-client-setup-4.2.13-4.6.3 python3-spacewalk-client-tools-4.2.13-4.6.3 spacecmd-4.2.12-4.6.2 spacewalk-backend-4.2.16-4.6.3 spacewalk-base-minimal-4.2.21-3.6.3 spacewalk-base-minimal-config-4.2.21-3.6.3 spacewalk-certs-tools-4.2.12-3.6.2 spacewalk-check-4.2.13-4.6.3 spacewalk-client-setup-4.2.13-4.6.3 spacewalk-client-tools-4.2.13-4.6.3 spacewalk-proxy-installer-4.2.6-3.6.2 susemanager-build-keys-15.3.5-3.3.1 susemanager-build-keys-web-15.3.5-3.3.1 susemanager-tftpsync-recv-4.2.4-3.3.2 References: https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1186026 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1189011 https://bugzilla.suse.com/1189263 From sle-updates at lists.suse.com Mon Sep 20 19:32:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:32:21 +0200 (CEST) Subject: SUSE-SU-2021:3151-1: critical: Security update for cobbler Message-ID: <20210920193221.5B615FCC9@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3151-1 Rating: critical References: #1189458 Cross-References: CVE-2021-40323 CVE-2021-40324 CVE-2021-40325 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for cobbler fixes the following issues: Security issues fixed: - CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458) - CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458) - CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458) - Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to cobbler may be rejected Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-3151=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1 References: https://www.suse.com/security/cve/CVE-2021-40323.html https://www.suse.com/security/cve/CVE-2021-40324.html https://www.suse.com/security/cve/CVE-2021-40325.html https://bugzilla.suse.com/1189458 From sle-updates at lists.suse.com Mon Sep 20 19:36:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:36:16 +0200 (CEST) Subject: SUSE-SU-2021:3170-1: critical: Security update for SUSE Manager Server 4.2 Message-ID: <20210920193616.29D55FCC9@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3170-1 Rating: critical References: #1171483 #1173143 #1181223 #1186281 #1186339 #1187335 #1187549 #1188032 #1188042 #1188136 #1188163 #1188193 #1188260 #1188393 #1188400 #1188503 #1188505 #1188551 #1188641 #1188647 #1188656 #1188853 #1188855 #1189011 #1189040 #1189167 #1189419 #1189458 Cross-References: CVE-2021-40323 CVE-2021-40324 CVE-2021-40325 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 25 fixes is now available. Description: This update fixes the following issues: branch-network-formula: - Use kernel parameters from PXE formula also for local boot cobbler - security issues fixed: - CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458) - CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458) - CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458) - Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to cobbler may be rejected: cpu-mitigations-formula: - Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions openvpn-formula: - Changed package to noarch. prometheus-exporters-formula: - Fix formula data migration with missing exporter configuration (bsc#1188136) py26-compat-salt: - Fix error handling in openscap module (bsc#1188647) - Define license macro as doc in spec file if not existing py27-compat-salt: - Add missing aarch64 to rpm package architectures - Consolidate some state requisites (bsc#1188641) - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing saltboot-formula: - Use kernel parameters from PXE formula also for local boot spacecmd: - Update translation strings - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) spacewalk-backend: - Update translation strings - Fix typo "verfication" instead of "verification" spacewalk-certs-tools: - Prepare the bootstrap script generator for Rocky Linux 8 spacewalk-client-tools: - Update translation strings spacewalk-java: - Show AppStreams tab just for modular channels - Fix Json null comparison in virtual network info parsing (bsc#1189167) - Update translation strings - 'AppStreams with defaults' filter template in CLM - Add a link to OS image store dir in image list page - Do not log XMLRPC fault exceptions as errors (bsc#1188853) - XMLRPC: Add call for listing application monitoring endpoints - AppStreams tab for modular channels - Link to CLM filter creation from system details page - Allow getting all archived actions via XMLRPC without display limit (bsc#1181223) - Fix NPE when no redhat info could be fetched - Java enablement for Rocky Linux 8 - Delete ActionChains when the last action is a Reboot and it completes (bsc#1188163) - Properly handle virtual networks without defined bridge (bsc#1189167) - Mark SSH minion actions when they're picked up (bsc#1188505) - Add UEFI support for VM creation / editing - Add virt-tuner templates to VM creation - Fix cleanup always being executed on delete system (bsc#1189011) - Warning in Overview page for SLE Micro system (bsc#1188551) - Add support for Kiwi options - Ensure XMLRPC returns 'issue_date' in ISO format when listing erratas (bsc#1188260) - Fix NullPointerException in HardwareMapper.getUpdatedGuestMemory - Fix entitlements not being updated during system transfer (bsc#1188032) - Simplify the VM creation action in DB - Get CPU data for AArch64 - Handle virtual machines running on pacemaker cluster - Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393) - Add Beijing timezone to selectable timezones (bsc#1188193) - Fix updating primary net interface on hardware refresh (bsc#1188400) - Fix issues when removing archived actions using XMLRPC api (bsc#1181223) - Readable error when "mgr-sync add channel" is called with a no-existing label (bsc#1173143) spacewalk-setup: - Enable logging for salt SSH - Increase max size for uploaded files to Salt master spacewalk-utils: - Add Rocky Linux 8 repositories spacewalk-web: - Don't capitalize acronyms - Update translation strings - 'AppStreams with defaults' filter template in CLM - Add a link to OS image store dir in image list page - Link to CLM filter creation from system details page - Expose UEFI parameters in the VM creation/editing pages - Add virt-tuner templates to VM creation - Fix cleanup always being executed on delete system (bsc#1189011) - Add support for Kiwi options - Fix virtualization guests to handle null HostInfo - Compare lowercase CPU arch with libvirt domain capabilities - Refresh JWT virtual console token before it expires - Handle virtual machines running on pacemaker cluster susemanager: - Abort migration if data_directory is defined at the PostgreSQL configuration file - Update translation strings - Add bootstrap repository definitions for Rocky Linux 8 susemanager-build-keys: - Add Debian 11 - Add Rocky Linux 8 susemanager-doc-indexes: - Added SUSE Linux Enterprise 15 Service Pack 3 to clients list - Add information about pam service name limitations - Add SUSE Linux Enterprise Micro to supported features table - Add SUSE Linux Enterprise Micro client to support matrix page - Replaced remaining occurrences of "Service Pack Migration" to "Product Migration" - Reworded the Advanced virtual guest management description for clarity in Client Configuration Guide - Added missing Rocky instructions to the Client Configuration Guide - Updated setup section in the Installation Guide about troubleshooting freely available products - Added channel synchronization warning in the product migration chapter of the Client Configuration Guide - Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656) - In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855) - Additional information added for Inter Server Sync v2 on limitations and configuration - Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration chapter of the Administration Guide (bsc#1189419) - Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335) - Corrected the package name for PAM authentication (bsc#1171483) - Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other clients in alphabetical order for better user experience - In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch Server - Added a warning on Ansible hardware requirements to the Retail Guide - Improved warning on over-writing images in public cloud in the Client Configuration Guide - Reference Guide: removed underscores in page titles and nav bar links. - Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549) - Documented KIWI options and profile selection in Administration Guide - Added note about autoinstallation kernel options and Azure clients - Added general information about SUSE Manager registration code that you can obtain from a "SUSE Manager Lifecycle Management+" subscription - Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section - In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch Server - Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339) - Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide - Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle clients susemanager-docs_en: - Added SUSE Linux Enterprise 15 Service Pack 3 to clients list - Add information about pam service name limitations - Add SUSE Linux Enterprise Micro to supported features table - Add SUSE Linux Enterprise Micro client to support matrix page - Replaced remaining occurrences of "Service Pack Migration" to "Product Migration" - Reworded the Advanced virtual guest management description for clarity in Client Configuration Guide - Added missing Rocky instructions to the Client Configuration Guide - Updated setup section in the Installation Guide about troubleshooting freely available products - Added channel synchronization warning in the product migration chapter of the Client Configuration Guide - Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656) - In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855) - Additional information added for Inter Server Sync v2 on limitations and configuration - Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration chapter of the Administration Guide (bsc#1189419) - Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335) - Corrected the package name for PAM authentication (bsc#1171483) - Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other clients in alphabetical order for better user experience - In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch Server - Added a warning on Ansible hardware requirements to the Retail Guide - Improved warning on over-writing images in public cloud in the Client Configuration Guide - Reference Guide: removed underscores in page titles and nav bar links. - Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549) - Documented KIWI options and profile selection in Administration Guide - Added note about autoinstallation kernel options and Azure clients - Added general information about SUSE Manager registration code that you can obtain from a "SUSE Manager Lifecycle Management+" subscription - Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section - In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch Server - Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339) - Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide - Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle clients susemanager-schema: - Add Rocky Linux 8 key and vendor - Fix wrongly assigned entitlements due to system transfer (bsc#1188032) - Force a one-off VACUUM ANALYZE - Add Kiwi commandline options to Kiwi profile - Upgrade scripts idempotency fixes - Simplify the VM creation action in DB - Handle virtual machines running on pacemaker cluster - Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393) - Add Beijing timezone to selectable timezones (bsc#1188193) susemanager-sls: - Add Rocky Linux 8 support - Enable logrotate configuration for Salt SSH minion logs - Add UEFI support for VM creation - Add virt-tuner templates to VM creation - Handle more ocsf2 setups in virt_utils module - Add missing symlinks to generate the "certs" state for SLE Micro 5.0 and openSUSE MicroOS minions (bsc#1188503) - Add findutils to Kiwi bootstrap packages - Remove systemid file on salt client cleanup - Add support for Kiwi options - Skip 'update-ca-certificates' run if the certs are updated automatically - Use lscpu to provide more CPU grains for all architectures - Fix deleting stopped virtual network (bsc#1186281) - Handle virtual machines running on pacemaker cluster susemanager-sync-data: - Support Rocky Linux 8 x86_64 - Add channel family for MicroOS Z - Set OES 2018 SP3 to released How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3170=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): inter-server-sync-0.0.5-8.3.2 inter-server-sync-debuginfo-0.0.5-8.3.2 susemanager-4.2.22-3.6.1 susemanager-tools-4.2.22-3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): branch-network-formula-0.1.1628156312.dbd0dec-3.3.1 cobbler-3.1.2-5.8.1 cpu-mitigations-formula-0.4.0-3.3.1 openvpn-formula-0.1.2-3.3.1 prometheus-exporters-formula-1.0.3-3.6.1 py26-compat-salt-2016.11.10-11.28.6.1 py27-compat-salt-3000.3-7.7.8.1 python3-spacewalk-certs-tools-4.2.12-3.6.2 python3-spacewalk-client-tools-4.2.13-4.6.3 saltboot-formula-0.1.1628156312.dbd0dec-3.3.1 spacecmd-4.2.12-4.6.2 spacewalk-backend-4.2.16-4.6.3 spacewalk-backend-app-4.2.16-4.6.3 spacewalk-backend-applet-4.2.16-4.6.3 spacewalk-backend-config-files-4.2.16-4.6.3 spacewalk-backend-config-files-common-4.2.16-4.6.3 spacewalk-backend-config-files-tool-4.2.16-4.6.3 spacewalk-backend-iss-4.2.16-4.6.3 spacewalk-backend-iss-export-4.2.16-4.6.3 spacewalk-backend-package-push-server-4.2.16-4.6.3 spacewalk-backend-server-4.2.16-4.6.3 spacewalk-backend-sql-4.2.16-4.6.3 spacewalk-backend-sql-postgresql-4.2.16-4.6.3 spacewalk-backend-tools-4.2.16-4.6.3 spacewalk-backend-xml-export-libs-4.2.16-4.6.3 spacewalk-backend-xmlrpc-4.2.16-4.6.3 spacewalk-base-4.2.21-3.6.3 spacewalk-base-minimal-4.2.21-3.6.3 spacewalk-base-minimal-config-4.2.21-3.6.3 spacewalk-certs-tools-4.2.12-3.6.2 spacewalk-client-tools-4.2.13-4.6.3 spacewalk-html-4.2.21-3.6.3 spacewalk-java-4.2.28-3.11.5 spacewalk-java-config-4.2.28-3.11.5 spacewalk-java-lib-4.2.28-3.11.5 spacewalk-java-postgresql-4.2.28-3.11.5 spacewalk-setup-4.2.8-3.6.1 spacewalk-taskomatic-4.2.28-3.11.5 spacewalk-utils-4.2.13-3.6.1 spacewalk-utils-extras-4.2.13-3.6.1 susemanager-build-keys-15.3.5-3.3.1 susemanager-build-keys-web-15.3.5-3.3.1 susemanager-doc-indexes-4.2-12.8.1 susemanager-docs_en-4.2-12.8.1 susemanager-docs_en-pdf-4.2-12.8.1 susemanager-schema-4.2.17-3.6.2 susemanager-sls-4.2.16-3.6.1 susemanager-sync-data-4.2.8-3.6.1 susemanager-web-libs-4.2.21-3.6.3 uyuni-config-modules-4.2.16-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-40323.html https://www.suse.com/security/cve/CVE-2021-40324.html https://www.suse.com/security/cve/CVE-2021-40325.html https://bugzilla.suse.com/1171483 https://bugzilla.suse.com/1173143 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1186281 https://bugzilla.suse.com/1186339 https://bugzilla.suse.com/1187335 https://bugzilla.suse.com/1187549 https://bugzilla.suse.com/1188032 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188136 https://bugzilla.suse.com/1188163 https://bugzilla.suse.com/1188193 https://bugzilla.suse.com/1188260 https://bugzilla.suse.com/1188393 https://bugzilla.suse.com/1188400 https://bugzilla.suse.com/1188503 https://bugzilla.suse.com/1188505 https://bugzilla.suse.com/1188551 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188656 https://bugzilla.suse.com/1188853 https://bugzilla.suse.com/1188855 https://bugzilla.suse.com/1189011 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189167 https://bugzilla.suse.com/1189419 https://bugzilla.suse.com/1189458 From sle-updates at lists.suse.com Mon Sep 20 19:40:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:40:41 +0200 (CEST) Subject: SUSE-RU-2021:3153-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210920194041.7090EFE12@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3153-1 Rating: moderate References: #1168327 #1181223 #1188042 #1188641 #1188647 #1189040 #1189043 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix python-MarkupSafe dependency (bsc#1189043) - Add missing aarch64 to rpm package architectures - Consolidate some state requisites (bsc#1188641) - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) spacecmd: - Update translation strings - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-x86_64-2021-3153=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.29.1 salt-minion-3000+ds-1+2.29.1 spacecmd-4.2.12-2.16.1 References: https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189043 From sle-updates at lists.suse.com Mon Sep 20 19:43:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:43:34 +0200 (CEST) Subject: SUSE-RU-2021:3159-1: moderate: Recommended update for Salt Message-ID: <20210920194334.3CE41FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3159-1 Rating: moderate References: #1168327 #1188641 #1188647 #1189040 #1189043 Affected Products: SUSE Manager Tools 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix python-MarkupSafe dependency (bsc#1189043) - Add missing aarch64 to rpm package architectures - Consolidate some state requisites (bsc#1188641) - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-3159=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2021-3159=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-46.148.2 python3-salt-3000-46.148.2 salt-3000-46.148.2 salt-doc-3000-46.148.2 salt-minion-3000-46.148.2 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-46.148.2 salt-3000-46.148.2 salt-api-3000-46.148.2 salt-cloud-3000-46.148.2 salt-doc-3000-46.148.2 salt-master-3000-46.148.2 salt-minion-3000-46.148.2 salt-proxy-3000-46.148.2 salt-ssh-3000-46.148.2 salt-standalone-formulas-configuration-3000-46.148.2 salt-syndic-3000-46.148.2 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-3000-46.148.2 salt-zsh-completion-3000-46.148.2 References: https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189043 From sle-updates at lists.suse.com Mon Sep 20 19:45:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:45:07 +0200 (CEST) Subject: SUSE-RU-2021:3149-1: moderate: Recommended update for release-notes-caasp Message-ID: <20210920194507.1EC9EFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-caasp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3149-1 Rating: moderate References: #1190565 Affected Products: SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-caasp fixes the following issues: - Update release notes (bsc#1190565) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.5 (noarch): release-notes-caasp-4.5.20210916-3.25.1 References: https://bugzilla.suse.com/1190565 From sle-updates at lists.suse.com Mon Sep 20 19:47:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:47:43 +0200 (CEST) Subject: SUSE-RU-2021:3171-1: important: Recommended update for java-11-openjdk Message-ID: <20210920194743.BDE5CFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3171-1 Rating: important References: #1189201 #1190252 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for java-11-openjdk fixes the following issues: - Implement FIPS support in OpenJDK - Fix build with 'glibc-2.34' (bsc#1189201) - Add support for 'riscv64' (zero VM) - Make NSS the default security provider. (bsc#1190252) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3171=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3171=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3171=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3171=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3171=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3171=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3171=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3171=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3171=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3171=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3171=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3171=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3171=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3171=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-jmods-11.0.12.0-3.62.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): java-11-openjdk-javadoc-11.0.12.0-3.62.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): java-11-openjdk-jmods-11.0.12.0-3.62.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): java-11-openjdk-javadoc-11.0.12.0-3.62.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 - SUSE CaaS Platform 4.0 (x86_64): java-11-openjdk-11.0.12.0-3.62.1 java-11-openjdk-debuginfo-11.0.12.0-3.62.1 java-11-openjdk-debugsource-11.0.12.0-3.62.1 java-11-openjdk-demo-11.0.12.0-3.62.1 java-11-openjdk-devel-11.0.12.0-3.62.1 java-11-openjdk-headless-11.0.12.0-3.62.1 References: https://bugzilla.suse.com/1189201 https://bugzilla.suse.com/1190252 From sle-updates at lists.suse.com Mon Sep 20 19:49:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:49:05 +0200 (CEST) Subject: SUSE-RU-2021:3148-1: moderate: Recommended update for kiwi Message-ID: <20210920194905.51E96FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3148-1 Rating: moderate References: #1189623 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kiwi fixes the following issue: - Remove -hfs flag from genisoimage call for big ISOs (bsc#1189623) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3148=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3148=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kiwi-instsource-7.04.53-2.21.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kiwi-7.04.53-2.21.1 kiwi-desc-oemboot-7.04.53-2.21.1 kiwi-desc-vmxboot-7.04.53-2.21.1 kiwi-templates-7.04.53-2.21.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): kiwi-desc-netboot-7.04.53-2.21.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kiwi-desc-isoboot-7.04.53-2.21.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kiwi-doc-7.04.53-2.21.1 References: https://bugzilla.suse.com/1189623 From sle-updates at lists.suse.com Mon Sep 20 19:50:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:50:13 +0200 (CEST) Subject: SUSE-RU-2021:3167-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210920195013.3F9B1FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3167-1 Rating: moderate References: #1170823 #1181223 #1188042 #1188846 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: dracut-saltboot: - Fix dependencies of python libs (bsc#1188846) koan: - Only recommend 'virt-install' to unbreak scenarios where it is not available in the enabled modules of the system - The xend functionality is not expected to work since this the underlying tool was removed - Python 2 compatibility was fully removed - Add support for EFI reinstallation of a client (bsc#1170823) mgr-daemon: - Update translation strings spacecmd: - Update translation strings - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for 'schedule_deletearchived' on 'spacecmd' (bsc#1181223) - Use correct API endpoint in 'list_proxies' (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) spacewalk-client-tools: - Update translation strings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-3167=1 Package List: - SUSE Manager Tools 15 (noarch): dracut-saltboot-0.1.1628156312.dbd0dec-1.30.1 koan-3.0.1-4.20.1 mgr-daemon-4.2.8-1.29.1 python3-spacewalk-check-4.2.13-3.47.2 python3-spacewalk-client-setup-4.2.13-3.47.2 python3-spacewalk-client-tools-4.2.13-3.47.2 spacecmd-4.2.12-3.65.1 spacewalk-check-4.2.13-3.47.2 spacewalk-client-setup-4.2.13-3.47.2 spacewalk-client-tools-4.2.13-3.47.2 References: https://bugzilla.suse.com/1170823 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188846 From sle-updates at lists.suse.com Mon Sep 20 19:51:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:51:42 +0200 (CEST) Subject: SUSE-FU-2021:3166-1: moderate: Feature update for SUSE Manager 4.2.2 Proxy Message-ID: <20210920195142.75543FCC9@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager 4.2.2 Proxy ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3166-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 0 feature fixes can now be installed. Description: This update provides the following package to SUSE Manager 4.2.2 Proxy golang-github-prometheus-prometheus: - golang-github-prometheus-prometheus is added to SUSE Manager Proxy as L3 supported. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-3166=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3166=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.27.1-3.10.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-prometheus-2.27.1-3.10.1 References: From sle-updates at lists.suse.com Mon Sep 20 19:52:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:52:41 +0200 (CEST) Subject: SUSE-RU-2021:3162-1: Recommended update for SUSE Manager 4.2.2 Release Notes Message-ID: <20210920195241.5C2DEFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.2.2 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3162-1 Rating: low References: #1171483 #1173143 #1181223 #1186026 #1186281 #1186339 #1187335 #1187549 #1188032 #1188042 #1188136 #1188163 #1188193 #1188260 #1188393 #1188400 #1188503 #1188505 #1188551 #1188641 #1188647 #1188656 #1188853 #1188855 #1189011 #1189040 #1189167 #1189263 #1189419 #1189458 Affected Products: SUSE Manager Server 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 27 fixes is now available. Description: This update for SUSE Manager 4.2.2 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.2.2 * SUSE Manager is now able to manage Rocky Linux 8 clients * Tech Preview: Inter-Server Sync V2 * Bugs mentioned bsc#1171483, bsc#1173143, bsc#1181223, bsc#1186281, bsc#1186339, bsc#1187335, bsc#1187549, bsc#1188032, bsc#1188042, bsc#1188136, bsc#1188163, bsc#1188193, bsc#1188260, bsc#1188393, bsc#1188400, bsc#1188503, bsc#1188505, bsc#1188551, bsc#1188641, bsc#1188647, bsc#1188656, bsc#1188853, bsc#1188855, bsc#1189011, bsc#1189040, bsc#1189167, bsc#1189419, bsc#1189458, - CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458) - CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458) - CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458) - Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to cobbler may be rejected. Release notes for SUSE Manager proxy: - Update to 4.2.2 * Bugs mentioned bsc#1181223, bsc#1186026, bsc#1188042, bsc#1189011, bsc#1189263 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2021-3162=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2021-3162=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2021-3162=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): release-notes-susemanager-4.2.2-3.12.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): release-notes-susemanager-proxy-4.2.2-3.12.1 - SUSE Manager Proxy 4.2 (x86_64): release-notes-susemanager-proxy-4.2.2-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-40323.html https://www.suse.com/security/cve/CVE-2021-40324.html https://www.suse.com/security/cve/CVE-2021-40325.html https://bugzilla.suse.com/1171483 https://bugzilla.suse.com/1173143 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1186026 https://bugzilla.suse.com/1186281 https://bugzilla.suse.com/1186339 https://bugzilla.suse.com/1187335 https://bugzilla.suse.com/1187549 https://bugzilla.suse.com/1188032 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188136 https://bugzilla.suse.com/1188163 https://bugzilla.suse.com/1188193 https://bugzilla.suse.com/1188260 https://bugzilla.suse.com/1188393 https://bugzilla.suse.com/1188400 https://bugzilla.suse.com/1188503 https://bugzilla.suse.com/1188505 https://bugzilla.suse.com/1188551 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188656 https://bugzilla.suse.com/1188853 https://bugzilla.suse.com/1188855 https://bugzilla.suse.com/1189011 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189167 https://bugzilla.suse.com/1189263 https://bugzilla.suse.com/1189419 https://bugzilla.suse.com/1189458 From sle-updates at lists.suse.com Mon Sep 20 19:57:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:57:20 +0200 (CEST) Subject: SUSE-RU-2021:3157-1: moderate: Recommended update for Salt Message-ID: <20210920195720.E92CBFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3157-1 Rating: moderate References: #1168327 #1188259 #1188647 #1189040 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Fix failing tests for 'CMDRunRedirect' - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3157=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3157=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3157=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3157=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python3-salt-3002.2-8.41.14.1 salt-3002.2-8.41.14.1 salt-api-3002.2-8.41.14.1 salt-cloud-3002.2-8.41.14.1 salt-doc-3002.2-8.41.14.1 salt-master-3002.2-8.41.14.1 salt-minion-3002.2-8.41.14.1 salt-proxy-3002.2-8.41.14.1 salt-ssh-3002.2-8.41.14.1 salt-standalone-formulas-configuration-3002.2-8.41.14.1 salt-syndic-3002.2-8.41.14.1 salt-transactional-update-3002.2-8.41.14.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3002.2-8.41.14.1 salt-fish-completion-3002.2-8.41.14.1 salt-zsh-completion-3002.2-8.41.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python3-salt-3002.2-8.41.14.1 salt-3002.2-8.41.14.1 salt-api-3002.2-8.41.14.1 salt-cloud-3002.2-8.41.14.1 salt-doc-3002.2-8.41.14.1 salt-master-3002.2-8.41.14.1 salt-minion-3002.2-8.41.14.1 salt-proxy-3002.2-8.41.14.1 salt-ssh-3002.2-8.41.14.1 salt-standalone-formulas-configuration-3002.2-8.41.14.1 salt-syndic-3002.2-8.41.14.1 salt-transactional-update-3002.2-8.41.14.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3002.2-8.41.14.1 salt-fish-completion-3002.2-8.41.14.1 salt-zsh-completion-3002.2-8.41.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python3-salt-3002.2-8.41.14.1 salt-3002.2-8.41.14.1 salt-api-3002.2-8.41.14.1 salt-cloud-3002.2-8.41.14.1 salt-doc-3002.2-8.41.14.1 salt-master-3002.2-8.41.14.1 salt-minion-3002.2-8.41.14.1 salt-proxy-3002.2-8.41.14.1 salt-ssh-3002.2-8.41.14.1 salt-standalone-formulas-configuration-3002.2-8.41.14.1 salt-syndic-3002.2-8.41.14.1 salt-transactional-update-3002.2-8.41.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3002.2-8.41.14.1 salt-fish-completion-3002.2-8.41.14.1 salt-zsh-completion-3002.2-8.41.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python3-salt-3002.2-8.41.14.1 salt-3002.2-8.41.14.1 salt-api-3002.2-8.41.14.1 salt-cloud-3002.2-8.41.14.1 salt-doc-3002.2-8.41.14.1 salt-master-3002.2-8.41.14.1 salt-minion-3002.2-8.41.14.1 salt-proxy-3002.2-8.41.14.1 salt-ssh-3002.2-8.41.14.1 salt-standalone-formulas-configuration-3002.2-8.41.14.1 salt-syndic-3002.2-8.41.14.1 salt-transactional-update-3002.2-8.41.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3002.2-8.41.14.1 salt-fish-completion-3002.2-8.41.14.1 salt-zsh-completion-3002.2-8.41.14.1 References: https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1188259 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1189040 From sle-updates at lists.suse.com Mon Sep 20 19:58:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 21:58:48 +0200 (CEST) Subject: SUSE-RU-2021:14806-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20210920195848.AAF4CFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14806-1 Rating: moderate References: #1181223 #1188042 #1188647 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: mgr-daemon: - Update translation strings salt: - Fix error handling in openscap module (bsc#1188647) spacecmd: - Update translation strings - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) spacewalk-client-tools: - Update translation strings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-202109-14806=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-202109-14806=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-daemon-4.2.8-5.29.1 python2-spacewalk-check-4.2.13-27.56.1 python2-spacewalk-client-setup-4.2.13-27.56.1 python2-spacewalk-client-tools-4.2.13-27.56.1 salt-2016.11.10-43.81.1 salt-doc-2016.11.10-43.81.1 salt-minion-2016.11.10-43.81.1 spacecmd-4.2.12-18.90.1 spacewalk-check-4.2.13-27.56.1 spacewalk-client-setup-4.2.13-27.56.1 spacewalk-client-tools-4.2.13-27.56.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-daemon-4.2.8-5.29.1 python2-spacewalk-check-4.2.13-27.56.1 python2-spacewalk-client-setup-4.2.13-27.56.1 python2-spacewalk-client-tools-4.2.13-27.56.1 salt-2016.11.10-43.81.1 salt-doc-2016.11.10-43.81.1 salt-minion-2016.11.10-43.81.1 spacecmd-4.2.12-18.90.1 spacewalk-check-4.2.13-27.56.1 spacewalk-client-setup-4.2.13-27.56.1 spacewalk-client-tools-4.2.13-27.56.1 References: https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188647 From sle-updates at lists.suse.com Mon Sep 20 20:00:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Sep 2021 22:00:13 +0200 (CEST) Subject: SUSE-RU-2021:3163-1: moderate: Recommended update for salt Message-ID: <20210920200013.6C932FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3163-1 Rating: moderate References: #1168327 #1188259 #1188647 #1189040 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Transactional Server 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Don't pass 'shell="/sbin/nologin"' to 'onlyif/unless' checks (bsc#1188259) - Add missing 'aarch64' to rpm package architectures - Fix failing tests for 'CMDRunRedirect' - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3163=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP2: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP2-2021-3163=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3163=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3163=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): python3-salt-3002.2-46.1 salt-3002.2-46.1 salt-minion-3002.2-46.1 salt-transactional-update-3002.2-46.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP2 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3002.2-46.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): salt-api-3002.2-46.1 salt-cloud-3002.2-46.1 salt-master-3002.2-46.1 salt-proxy-3002.2-46.1 salt-ssh-3002.2-46.1 salt-standalone-formulas-configuration-3002.2-46.1 salt-syndic-3002.2-46.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): salt-fish-completion-3002.2-46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-46.1 salt-3002.2-46.1 salt-doc-3002.2-46.1 salt-minion-3002.2-46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): salt-bash-completion-3002.2-46.1 salt-zsh-completion-3002.2-46.1 References: https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1188259 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1189040 From sle-updates at lists.suse.com Tue Sep 21 16:17:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 18:17:42 +0200 (CEST) Subject: SUSE-RU-2021:3173-1: Recommended update for release-notes-sles Message-ID: <20210921161742.D39B4FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3173-1 Rating: low References: #1187693 #1188305 #1188511 #1189786 #933411 SLE-13565 SLE-17703 SLE-17881 Affected Products: SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Installer 15-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes and contains three features can now be installed. Description: This update for release-notes-sles fixes the following issues: - Added note about NVIDIA vGPU support (jsc#SLE-17881) - Added note about Intel technologies (bsc#1189786) - Added note about ODBC drivers (jsc#SLE-17703) - Added note about NVIDIA BlueField-2 tech preview (jsc#SLE-13565) - Added note about kubevirt-virt-* (bsc#1187693) - Fixed typo in note about compat-libpthread-nonshared (bsc#1188511) - Removed mention of SES (bsc#1188305) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-2021-3173=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-3173=1 Package List: - SUSE Linux Enterprise Server 15-SP3 (noarch): release-notes-sles-15.3.20210903-3.9.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): release-notes-sles-15.3.20210903-3.9.1 References: https://bugzilla.suse.com/1187693 https://bugzilla.suse.com/1188305 https://bugzilla.suse.com/1188511 https://bugzilla.suse.com/1189786 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Sep 21 16:23:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 18:23:29 +0200 (CEST) Subject: SUSE-RU-2021:3172-1: Recommended update for release-notes-sles Message-ID: <20210921162329.20D10FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3172-1 Rating: low References: #1174599 #1185109 #1187484 #1188305 #933411 SLE-11270 SLE-11413 SLE-12474 SLE-13589 Affected Products: SUSE Linux Enterprise Server Installer 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 5 recommended fixes and contains four features can now be installed. Description: This update for release-notes-sles fixes the following issues: - Added note about user login fail (bsc#1187484) - Removed mention of SES (bsc#1188305) - Updated note about psqlODBC (jsc#SLE-11413) - Added note about updated psqlODBC (jsc#SLE-13589) - Added note about nested VMX (jsc#SLE-11270) - Added note about Vagrant box support (bsc#1174599) - Added support end date for PHP 7.2 (jsc#SLE-12474) - Fixed IBM-Z doc link (bsc#1185109) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP5: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP5-2021-3172=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3172=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP5 (noarch): release-notes-sles-12.5.20210831-3.22.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): release-notes-sles-12.5.20210831-3.22.1 References: https://bugzilla.suse.com/1174599 https://bugzilla.suse.com/1185109 https://bugzilla.suse.com/1187484 https://bugzilla.suse.com/1188305 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Sep 21 19:18:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 21:18:26 +0200 (CEST) Subject: SUSE-SU-2021:3177-1: important: Security update for the Linux Kernel Message-ID: <20210921191826.9628CFCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3177-1 Rating: important References: #1040364 #1127650 #1135481 #1152489 #1160010 #1167032 #1168202 #1174969 #1175052 #1175543 #1177399 #1180141 #1180347 #1181148 #1181972 #1184114 #1184180 #1185675 #1185902 #1186264 #1186731 #1187211 #1187455 #1187468 #1187619 #1188067 #1188172 #1188418 #1188439 #1188616 #1188780 #1188781 #1188782 #1188783 #1188784 #1188786 #1188787 #1188788 #1188790 #1188878 #1188885 #1188924 #1188982 #1188983 #1188985 #1189021 #1189057 #1189077 #1189153 #1189197 #1189209 #1189210 #1189212 #1189213 #1189214 #1189215 #1189216 #1189217 #1189218 #1189219 #1189220 #1189221 #1189222 #1189229 #1189262 #1189291 #1189292 #1189298 #1189301 #1189305 #1189323 #1189384 #1189385 #1189392 #1189399 #1189400 #1189427 #1189449 #1189503 #1189504 #1189505 #1189506 #1189507 #1189562 #1189563 #1189564 #1189565 #1189566 #1189567 #1189568 #1189569 #1189573 #1189574 #1189575 #1189576 #1189577 #1189579 #1189581 #1189582 #1189583 #1189585 #1189586 #1189587 #1189706 #1189760 #1189832 #1189841 #1189870 #1189883 #1190025 #1190115 #1190117 #1190131 #1190181 Cross-References: CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38207 CVSS scores: CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3739 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3743 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3759 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38205 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-38207 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 98 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543) - Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449) Also blacklisted - Fix breakage of swap over NFS (bsc#1188924). - Fix kabi of prepare_to_wait_exclusive() (bsc#1189575). - HID: i2c-hid: Fix Elan touchpad regression (git-fixes). - HID: input: do not report stylus battery state as "full" (git-fixes). - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - Move upstreamed BT fixes into sorted section - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - README: Modernize build instructions. - Revert "ACPICA: Fix memory leak caused by _CID repair function" (git-fixes). - Revert "USB: serial: ch341: fix character loss at high transfer rates" (git-fixes). - Revert "dmaengine: imx-sdma: refine to load context only once" (git-fixes). - Revert "gpio: eic-sprd: Use devm_platform_ioremap_resource()" (git-fixes). - Revert "mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711" (git-fixes). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - Update patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481). - btrfs: add a comment explaining the data flush steps (bsc#1135481). - btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481). - btrfs: add flushing states for handling data reservations (bsc#1135481). - btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481). - btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481). - btrfs: check tickets after waiting on ordered extents (bsc#1135481). - btrfs: do async reclaim for data reservations (bsc#1135481). - btrfs: don't force commit if we are data (bsc#1135481). - btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: fix possible infinite loop in data async reclaim (bsc#1135481). - btrfs: flush delayed refs when trying to reserve data space (bsc#1135481). - btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481). - btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove orig from shrink_delalloc (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: run delayed iputs before committing the transaction for data (bsc#1135481). - btrfs: serialize data reservations if we are flushing (bsc#1135481). - btrfs: shrink delalloc pages instead of full inodes (bsc#1135481). - btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481). - btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481). - btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481). - btrfs: use the same helper for data and metadata reservations (bsc#1135481). - btrfs: use ticketing for data space reservations (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1190181). - cgroup: verify that source is a string (bsc#1190131). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: kirkwood: Fix a clocking boot regression (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - cpuidle: cpuidle_state kABI fix (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/nouveau/disp: power down unused DP links during init (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm: Copy drm_wait_vblank to user before returning (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - intel_idle: Use ACPI _CST on server systems (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - mailbox: sti: quieten kernel-doc warnings (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - memcg: enable accounting for file lock caches (bsc#1190115). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - nbd: do not update block size after device is started (git-fixes). - net/mlx5: Properly convey driver version to firmware (git-fixes). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - overflow: Correct check_shl_overflow() comment (git-fixes). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes). - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes). - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes) - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm: Abolish image suffix (bsc#1189841). - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ("rpm: support compressed modules") for compression methods other than xz. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes) - sched/rt: Fix RT utilization tracking during policy change (git-fixes) - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc2: Postponed gadget registration to the udc class driver (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - virt_wifi: fix error on connect (git-fixes). - virtio_pci: Support surprise removal of virtio pci device (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3177=1 - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-3177=1 Package List: - SUSE MicroOS 5.0 (x86_64): kernel-rt-5.3.18-51.2 kernel-rt-debuginfo-5.3.18-51.2 kernel-rt-debugsource-5.3.18-51.2 - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-51.1 kernel-source-rt-5.3.18-51.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-51.2 cluster-md-kmp-rt-debuginfo-5.3.18-51.2 dlm-kmp-rt-5.3.18-51.2 dlm-kmp-rt-debuginfo-5.3.18-51.2 gfs2-kmp-rt-5.3.18-51.2 gfs2-kmp-rt-debuginfo-5.3.18-51.2 kernel-rt-5.3.18-51.2 kernel-rt-debuginfo-5.3.18-51.2 kernel-rt-debugsource-5.3.18-51.2 kernel-rt-devel-5.3.18-51.2 kernel-rt-devel-debuginfo-5.3.18-51.2 kernel-rt_debug-5.3.18-51.2 kernel-rt_debug-debuginfo-5.3.18-51.2 kernel-rt_debug-debugsource-5.3.18-51.2 kernel-rt_debug-devel-5.3.18-51.2 kernel-rt_debug-devel-debuginfo-5.3.18-51.2 kernel-syms-rt-5.3.18-51.1 ocfs2-kmp-rt-5.3.18-51.2 ocfs2-kmp-rt-debuginfo-5.3.18-51.2 References: https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3739.html https://www.suse.com/security/cve/CVE-2021-3743.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-3759.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://www.suse.com/security/cve/CVE-2021-38205.html https://www.suse.com/security/cve/CVE-2021-38207.html https://bugzilla.suse.com/1040364 https://bugzilla.suse.com/1127650 https://bugzilla.suse.com/1135481 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1160010 https://bugzilla.suse.com/1167032 https://bugzilla.suse.com/1168202 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175543 https://bugzilla.suse.com/1177399 https://bugzilla.suse.com/1180141 https://bugzilla.suse.com/1180347 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181972 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184180 https://bugzilla.suse.com/1185675 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1186264 https://bugzilla.suse.com/1186731 https://bugzilla.suse.com/1187211 https://bugzilla.suse.com/1187455 https://bugzilla.suse.com/1187468 https://bugzilla.suse.com/1187619 https://bugzilla.suse.com/1188067 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188418 https://bugzilla.suse.com/1188439 https://bugzilla.suse.com/1188616 https://bugzilla.suse.com/1188780 https://bugzilla.suse.com/1188781 https://bugzilla.suse.com/1188782 https://bugzilla.suse.com/1188783 https://bugzilla.suse.com/1188784 https://bugzilla.suse.com/1188786 https://bugzilla.suse.com/1188787 https://bugzilla.suse.com/1188788 https://bugzilla.suse.com/1188790 https://bugzilla.suse.com/1188878 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188924 https://bugzilla.suse.com/1188982 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189021 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189077 https://bugzilla.suse.com/1189153 https://bugzilla.suse.com/1189197 https://bugzilla.suse.com/1189209 https://bugzilla.suse.com/1189210 https://bugzilla.suse.com/1189212 https://bugzilla.suse.com/1189213 https://bugzilla.suse.com/1189214 https://bugzilla.suse.com/1189215 https://bugzilla.suse.com/1189216 https://bugzilla.suse.com/1189217 https://bugzilla.suse.com/1189218 https://bugzilla.suse.com/1189219 https://bugzilla.suse.com/1189220 https://bugzilla.suse.com/1189221 https://bugzilla.suse.com/1189222 https://bugzilla.suse.com/1189229 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189292 https://bugzilla.suse.com/1189298 https://bugzilla.suse.com/1189301 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189323 https://bugzilla.suse.com/1189384 https://bugzilla.suse.com/1189385 https://bugzilla.suse.com/1189392 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189427 https://bugzilla.suse.com/1189449 https://bugzilla.suse.com/1189503 https://bugzilla.suse.com/1189504 https://bugzilla.suse.com/1189505 https://bugzilla.suse.com/1189506 https://bugzilla.suse.com/1189507 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1189563 https://bugzilla.suse.com/1189564 https://bugzilla.suse.com/1189565 https://bugzilla.suse.com/1189566 https://bugzilla.suse.com/1189567 https://bugzilla.suse.com/1189568 https://bugzilla.suse.com/1189569 https://bugzilla.suse.com/1189573 https://bugzilla.suse.com/1189574 https://bugzilla.suse.com/1189575 https://bugzilla.suse.com/1189576 https://bugzilla.suse.com/1189577 https://bugzilla.suse.com/1189579 https://bugzilla.suse.com/1189581 https://bugzilla.suse.com/1189582 https://bugzilla.suse.com/1189583 https://bugzilla.suse.com/1189585 https://bugzilla.suse.com/1189586 https://bugzilla.suse.com/1189587 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189760 https://bugzilla.suse.com/1189832 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1189870 https://bugzilla.suse.com/1189883 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190115 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190131 https://bugzilla.suse.com/1190181 From sle-updates at lists.suse.com Tue Sep 21 19:35:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 21:35:47 +0200 (CEST) Subject: SUSE-RU-2021:3015-2: moderate: Recommended update for ceph Message-ID: <20210921193547.35128FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3015-2 Rating: moderate References: #1181291 #1183561 #1184517 #1185246 #1186348 #1188979 #1189173 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for ceph fixes the following issues: - cls/rgw: look for plane entries in non-ascii plain namespace too (bsc#1184517) - rgw: check object locks in multi-object delete (bsc#1185246) - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - mgr/cephadm: pass --container-init to "cephadm deploy" if specified (bsc#1188979) - mgr/dashboard: Downstream branding: Adapt latest upstream changes to branded navigation component (bsc#1189173) - qa/tasks/salt_manager: allow gatherlogs for files in subdir - qa/tasks/ceph_salt: gather /var/log/ceph/cephadm.out - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - Revert "cephadm: default container_init to False" (bsc#1188979) - mgr/cephadm: alias rgw-nfs -> nfs (bsc#1181291) - mgr/cephadm: on ssh connection error, advice chmod 0600 (bsc#1183561) - Update _constraints: only honor physical memory, not 'any memory' (e.g. swap). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3015=1 Package List: - SUSE MicroOS 5.1 (aarch64 x86_64): ceph-debugsource-15.2.14.84+gb6e5642e260-3.31.1 librados2-15.2.14.84+gb6e5642e260-3.31.1 librados2-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 librbd1-15.2.14.84+gb6e5642e260-3.31.1 librbd1-debuginfo-15.2.14.84+gb6e5642e260-3.31.1 References: https://bugzilla.suse.com/1181291 https://bugzilla.suse.com/1183561 https://bugzilla.suse.com/1184517 https://bugzilla.suse.com/1185246 https://bugzilla.suse.com/1186348 https://bugzilla.suse.com/1188979 https://bugzilla.suse.com/1189173 From sle-updates at lists.suse.com Tue Sep 21 19:38:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 21:38:47 +0200 (CEST) Subject: SUSE-SU-2021:2937-2: important: Security update for libesmtp Message-ID: <20210921193847.B8521FCC9@maintenance.suse.de> SUSE Security Update: Security update for libesmtp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2937-2 Rating: important References: #1160462 #1189097 Cross-References: CVE-2019-19977 CVSS scores: CVE-2019-19977 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-19977 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-2937=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libesmtp-1.0.6-150.4.1 libesmtp-debuginfo-1.0.6-150.4.1 libesmtp-debugsource-1.0.6-150.4.1 References: https://www.suse.com/security/cve/CVE-2019-19977.html https://bugzilla.suse.com/1160462 https://bugzilla.suse.com/1189097 From sle-updates at lists.suse.com Tue Sep 21 19:40:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 21:40:06 +0200 (CEST) Subject: SUSE-RU-2021:3043-2: moderate: Recommended update for nvme-cli Message-ID: <20210921194006.EAAE5FE12@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3043-2 Rating: moderate References: #1186719 #1187287 #1187858 #1187860 #1187890 #1189046 #1189195 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: nvme-cli was updated to fix the following issues: - Do not print error message when opening controller (bsc#1186719) - Fix failures during 'nvme list' (bsc#1186719) - Only connect to matching controllers (bsc#1186719) - Skip connect if transport type doesn't match (bsc#1187287 bsc#1187860) - Ignore non live controllers when scanning subsystems (bsc#1186719 bsc#1187287) - Remove UUID validation heuristic (bsc#1187890) - Do not segfault when controller is not available (bsc#1189046) - Use correct default port for discovery (bsc#1189195 bsc#1187858) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3043=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): nvme-cli-1.13-3.7.1 nvme-cli-debuginfo-1.13-3.7.1 nvme-cli-debugsource-1.13-3.7.1 References: https://bugzilla.suse.com/1186719 https://bugzilla.suse.com/1187287 https://bugzilla.suse.com/1187858 https://bugzilla.suse.com/1187860 https://bugzilla.suse.com/1187890 https://bugzilla.suse.com/1189046 https://bugzilla.suse.com/1189195 From sle-updates at lists.suse.com Tue Sep 21 19:42:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 21:42:03 +0200 (CEST) Subject: SUSE-RU-2021:3022-2: important: Recommended update for c-ares Message-ID: <20210921194203.EDCE7FE12@maintenance.suse.de> SUSE Recommended Update: Recommended update for c-ares ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3022-2 Rating: important References: #1190225 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for c-ares fixes the following issue: - Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3022=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): c-ares-debugsource-1.17.1+20200724-3.17.1 libcares2-1.17.1+20200724-3.17.1 libcares2-debuginfo-1.17.1+20200724-3.17.1 References: https://bugzilla.suse.com/1190225 From sle-updates at lists.suse.com Tue Sep 21 19:43:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 21:43:10 +0200 (CEST) Subject: SUSE-SU-2021:3174-1: moderate: Security update for grafana-piechart-panel Message-ID: <20210921194310.F3938FCC9@maintenance.suse.de> SUSE Security Update: Security update for grafana-piechart-panel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3174-1 Rating: moderate References: #1172125 Cross-References: CVE-2020-13429 CVSS scores: CVE-2020-13429 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2020-13429 (SUSE): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for grafana-piechart-panel fixes the following issues: - CVE-2020-13429: Fixed XSS via the Values Header option in the piechart-panel (bsc#1172125). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3174=1 Package List: - SUSE Enterprise Storage 6 (noarch): grafana-piechart-panel-1.6.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13429.html https://bugzilla.suse.com/1172125 From sle-updates at lists.suse.com Tue Sep 21 19:44:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 21:44:16 +0200 (CEST) Subject: SUSE-RU-2021:2945-2: moderate: Recommended update for open-iscsi Message-ID: <20210921194416.A051CFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2945-2 Rating: moderate References: #1153806 #1185930 #1188579 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for open-iscsi fixes the following issues: - Update 'iscsi.service' so that it tries to logon to any "onboot" and firmware targets, in case a target was offline when booted but back up when the service is started. (bsc#1153806) - Merged with latest from upstream, which contains these fixes: * Add "no wait" option to iscsiadm firmware login * Check for ISCSI_ERR_ISCSID_NOTCONN in iscsistart * Log proper error message when AUTH failure occurs * Support the "qede" CMA-card driver. (bsc#1188579) * iscsistart: fix null pointer deref before exit * Set default 'startup' to 'onboot' for FW nodes. (bsc#1185930) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-2945=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): iscsiuio-0.7.8.6-32.5.1 iscsiuio-debuginfo-0.7.8.6-32.5.1 libopeniscsiusr0_2_0-2.1.4-32.5.1 libopeniscsiusr0_2_0-debuginfo-2.1.4-32.5.1 open-iscsi-2.1.4-32.5.1 open-iscsi-debuginfo-2.1.4-32.5.1 open-iscsi-debugsource-2.1.4-32.5.1 References: https://bugzilla.suse.com/1153806 https://bugzilla.suse.com/1185930 https://bugzilla.suse.com/1188579 From sle-updates at lists.suse.com Tue Sep 21 19:45:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 21:45:43 +0200 (CEST) Subject: SUSE-RU-2021:3182-1: moderate: Recommended update for file Message-ID: <20210921194543.C1A42FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for file ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3182-1 Rating: moderate References: #1189996 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3182=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-3182=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-3182=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3182=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3182=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3182=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3182=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): file-5.32-7.14.1 file-debuginfo-5.32-7.14.1 file-debugsource-5.32-7.14.1 libmagic1-5.32-7.14.1 libmagic1-debuginfo-5.32-7.14.1 - SUSE MicroOS 5.0 (noarch): file-magic-5.32-7.14.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python2-magic-5.32-7.14.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python2-magic-5.32-7.14.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-magic-5.32-7.14.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): python3-magic-5.32-7.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): file-5.32-7.14.1 file-debuginfo-5.32-7.14.1 file-debugsource-5.32-7.14.1 file-devel-5.32-7.14.1 libmagic1-5.32-7.14.1 libmagic1-debuginfo-5.32-7.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libmagic1-32bit-5.32-7.14.1 libmagic1-32bit-debuginfo-5.32-7.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): file-magic-5.32-7.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): file-5.32-7.14.1 file-debuginfo-5.32-7.14.1 file-debugsource-5.32-7.14.1 file-devel-5.32-7.14.1 libmagic1-5.32-7.14.1 libmagic1-debuginfo-5.32-7.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): file-magic-5.32-7.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libmagic1-32bit-5.32-7.14.1 libmagic1-32bit-debuginfo-5.32-7.14.1 References: https://bugzilla.suse.com/1189996 From sle-updates at lists.suse.com Tue Sep 21 19:47:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 21:47:02 +0200 (CEST) Subject: SUSE-SU-2021:3178-1: important: Security update for the Linux Kernel Message-ID: <20210921194702.2301BFCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3178-1 Rating: important References: #1040364 #1127650 #1135481 #1152489 #1160010 #1168202 #1174969 #1175052 #1175543 #1177399 #1180141 #1180347 #1181148 #1181972 #1184180 #1186264 #1186731 #1187211 #1187455 #1187468 #1187619 #1188067 #1188172 #1188418 #1188439 #1188616 #1188780 #1188781 #1188782 #1188783 #1188784 #1188786 #1188787 #1188788 #1188790 #1188878 #1188885 #1188924 #1188982 #1188983 #1188985 #1189021 #1189057 #1189077 #1189153 #1189197 #1189209 #1189210 #1189212 #1189213 #1189214 #1189215 #1189216 #1189217 #1189218 #1189219 #1189220 #1189221 #1189222 #1189229 #1189262 #1189278 #1189291 #1189292 #1189298 #1189301 #1189305 #1189323 #1189384 #1189385 #1189392 #1189399 #1189400 #1189427 #1189503 #1189504 #1189505 #1189506 #1189507 #1189562 #1189563 #1189564 #1189565 #1189566 #1189567 #1189568 #1189569 #1189573 #1189574 #1189575 #1189576 #1189577 #1189579 #1189581 #1189582 #1189583 #1189585 #1189586 #1189587 #1189706 #1189760 #1189832 #1189841 #1189870 #1189883 #1190025 #1190115 #1190117 #1190131 #1190181 Cross-References: CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38207 CVSS scores: CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3739 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3743 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3759 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38205 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-38207 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 94 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543) - Fix breakage of swap over NFS (bsc#1188924). - Fix kabi of prepare_to_wait_exclusive() (bsc#1189575). - HID: i2c-hid: Fix Elan touchpad regression (git-fixes). - HID: input: do not report stylus battery state as "full" (git-fixes). - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - Move upstreamed BT fixes into sorted section - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481). - btrfs: add a comment explaining the data flush steps (bsc#1135481). - btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481). - btrfs: add flushing states for handling data reservations (bsc#1135481). - btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481). - btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481). - btrfs: check tickets after waiting on ordered extents (bsc#1135481). - btrfs: do async reclaim for data reservations (bsc#1135481). - btrfs: don't force commit if we are data (bsc#1135481). - btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: fix possible infinite loop in data async reclaim (bsc#1135481). - btrfs: flush delayed refs when trying to reserve data space (bsc#1135481). - btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481). - btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove orig from shrink_delalloc (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: run delayed iputs before committing the transaction for data (bsc#1135481). - btrfs: serialize data reservations if we are flushing (bsc#1135481). - btrfs: shrink delalloc pages instead of full inodes (bsc#1135481). - btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481). - btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481). - btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481). - btrfs: use the same helper for data and metadata reservations (bsc#1135481). - btrfs: use ticketing for data space reservations (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1190181). - cgroup: verify that source is a string (bsc#1190131). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: kirkwood: Fix a clocking boot regression (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - cpuidle: cpuidle_state kABI fix (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/nouveau/disp: power down unused DP links during init (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm: Copy drm_wait_vblank to user before returning (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - intel_idle: Use ACPI _CST on server systems (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - mailbox: sti: quieten kernel-doc warnings (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - memcg: enable accounting for file lock caches (bsc#1190115). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net/mlx5: Properly convey driver version to firmware (git-fixes). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - overflow: Correct check_shl_overflow() comment (git-fixes). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes). - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes). - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes) - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm: Abolish image suffix (bsc#1189841). - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ("rpm: support compressed modules") for compression methods other than xz. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes) - sched/rt: Fix RT utilization tracking during policy change (git-fixes) - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc2: Postponed gadget registration to the udc class driver (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - virt_wifi: fix error on connect (git-fixes). - virtio_pci: Support surprise removal of virtio pci device (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-3178=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.66.2 kernel-azure-debuginfo-5.3.18-18.66.2 kernel-azure-debugsource-5.3.18-18.66.2 kernel-azure-devel-5.3.18-18.66.2 kernel-azure-devel-debuginfo-5.3.18-18.66.2 kernel-syms-azure-5.3.18-18.66.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.66.1 kernel-source-azure-5.3.18-18.66.1 References: https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3739.html https://www.suse.com/security/cve/CVE-2021-3743.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-3759.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://www.suse.com/security/cve/CVE-2021-38205.html https://www.suse.com/security/cve/CVE-2021-38207.html https://bugzilla.suse.com/1040364 https://bugzilla.suse.com/1127650 https://bugzilla.suse.com/1135481 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1160010 https://bugzilla.suse.com/1168202 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175543 https://bugzilla.suse.com/1177399 https://bugzilla.suse.com/1180141 https://bugzilla.suse.com/1180347 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181972 https://bugzilla.suse.com/1184180 https://bugzilla.suse.com/1186264 https://bugzilla.suse.com/1186731 https://bugzilla.suse.com/1187211 https://bugzilla.suse.com/1187455 https://bugzilla.suse.com/1187468 https://bugzilla.suse.com/1187619 https://bugzilla.suse.com/1188067 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188418 https://bugzilla.suse.com/1188439 https://bugzilla.suse.com/1188616 https://bugzilla.suse.com/1188780 https://bugzilla.suse.com/1188781 https://bugzilla.suse.com/1188782 https://bugzilla.suse.com/1188783 https://bugzilla.suse.com/1188784 https://bugzilla.suse.com/1188786 https://bugzilla.suse.com/1188787 https://bugzilla.suse.com/1188788 https://bugzilla.suse.com/1188790 https://bugzilla.suse.com/1188878 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188924 https://bugzilla.suse.com/1188982 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189021 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189077 https://bugzilla.suse.com/1189153 https://bugzilla.suse.com/1189197 https://bugzilla.suse.com/1189209 https://bugzilla.suse.com/1189210 https://bugzilla.suse.com/1189212 https://bugzilla.suse.com/1189213 https://bugzilla.suse.com/1189214 https://bugzilla.suse.com/1189215 https://bugzilla.suse.com/1189216 https://bugzilla.suse.com/1189217 https://bugzilla.suse.com/1189218 https://bugzilla.suse.com/1189219 https://bugzilla.suse.com/1189220 https://bugzilla.suse.com/1189221 https://bugzilla.suse.com/1189222 https://bugzilla.suse.com/1189229 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189278 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189292 https://bugzilla.suse.com/1189298 https://bugzilla.suse.com/1189301 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189323 https://bugzilla.suse.com/1189384 https://bugzilla.suse.com/1189385 https://bugzilla.suse.com/1189392 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189427 https://bugzilla.suse.com/1189503 https://bugzilla.suse.com/1189504 https://bugzilla.suse.com/1189505 https://bugzilla.suse.com/1189506 https://bugzilla.suse.com/1189507 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1189563 https://bugzilla.suse.com/1189564 https://bugzilla.suse.com/1189565 https://bugzilla.suse.com/1189566 https://bugzilla.suse.com/1189567 https://bugzilla.suse.com/1189568 https://bugzilla.suse.com/1189569 https://bugzilla.suse.com/1189573 https://bugzilla.suse.com/1189574 https://bugzilla.suse.com/1189575 https://bugzilla.suse.com/1189576 https://bugzilla.suse.com/1189577 https://bugzilla.suse.com/1189579 https://bugzilla.suse.com/1189581 https://bugzilla.suse.com/1189582 https://bugzilla.suse.com/1189583 https://bugzilla.suse.com/1189585 https://bugzilla.suse.com/1189586 https://bugzilla.suse.com/1189587 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189760 https://bugzilla.suse.com/1189832 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1189870 https://bugzilla.suse.com/1189883 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190115 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190131 https://bugzilla.suse.com/1190181 From sle-updates at lists.suse.com Tue Sep 21 20:19:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 22:19:26 +0200 (CEST) Subject: SUSE-SU-2021:3004-2: important: Security update for libtpms Message-ID: <20210921201926.5742BFCC9@maintenance.suse.de> SUSE Security Update: Security update for libtpms ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3004-2 Rating: important References: #1189935 Cross-References: CVE-2021-3746 CVSS scores: CVE-2021-3746 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtpms fixes the following issues: - CVE-2021-3746: Fixed out-of-bounds access via specially crafted TPM 2 command packets (bsc#1189935). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3004=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libtpms-debugsource-0.8.2-3.3.1 libtpms0-0.8.2-3.3.1 libtpms0-debuginfo-0.8.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3746.html https://bugzilla.suse.com/1189935 From sle-updates at lists.suse.com Tue Sep 21 20:20:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 22:20:33 +0200 (CEST) Subject: SUSE-RU-2021:3115-2: moderate: Recommended update for mozilla-nspr, mozilla-nss Message-ID: <20210921202033.E796AFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3115-2 Rating: moderate References: #1029961 #1174697 #1176206 #1176934 #1179382 #1188891 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports("vsx") with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the ???Staat der Nederlanden Root CA - G3??? root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008???. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt "cachedCertTable" * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_rele ase_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting "all" as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add "certSIGN Root CA G2" root certificate. * bmo#1645174 - Add Microsec's "e-Szigno Root CA 2017" root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for "O=Government Root Certification Authority; C=TW" root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove "LuxTrust Global Root 2" root certificate. * bmo#1639987 - Remove "Staat der Nederlanden Root CA - G2" root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3115=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libfreebl3-3.68-3.56.1 libfreebl3-debuginfo-3.68-3.56.1 libfreebl3-hmac-3.68-3.56.1 libsoftokn3-3.68-3.56.1 libsoftokn3-debuginfo-3.68-3.56.1 libsoftokn3-hmac-3.68-3.56.1 mozilla-nspr-4.32-3.20.1 mozilla-nspr-debuginfo-4.32-3.20.1 mozilla-nspr-debugsource-4.32-3.20.1 mozilla-nss-3.68-3.56.1 mozilla-nss-certs-3.68-3.56.1 mozilla-nss-certs-debuginfo-3.68-3.56.1 mozilla-nss-debuginfo-3.68-3.56.1 mozilla-nss-debugsource-3.68-3.56.1 mozilla-nss-tools-3.68-3.56.1 mozilla-nss-tools-debuginfo-3.68-3.56.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1174697 https://bugzilla.suse.com/1176206 https://bugzilla.suse.com/1176934 https://bugzilla.suse.com/1179382 https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Tue Sep 21 20:24:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 22:24:03 +0200 (CEST) Subject: SUSE-RU-2021:2909-2: moderate: Recommended update for ndctl Message-ID: <20210921202403.13495FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for ndctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2909-2 Rating: moderate References: #1188502 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ndctl fixes the following issues: - Enable aarch64 build. (bsc#1188502) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-2909=1 Package List: - SUSE MicroOS 5.1 (x86_64): libndctl6-71.1-3.3.1 libndctl6-debuginfo-71.1-3.3.1 ndctl-debuginfo-71.1-3.3.1 ndctl-debugsource-71.1-3.3.1 References: https://bugzilla.suse.com/1188502 From sle-updates at lists.suse.com Tue Sep 21 20:25:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 22:25:07 +0200 (CEST) Subject: SUSE-RU-2021:2950-2: moderate: Recommended update for pcre2 Message-ID: <20210921202507.855D9FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for pcre2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2950-2 Rating: moderate References: #1187937 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-2950=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libpcre2-8-0-10.31-3.3.1 libpcre2-8-0-debuginfo-10.31-3.3.1 pcre2-debugsource-10.31-3.3.1 References: https://bugzilla.suse.com/1187937 From sle-updates at lists.suse.com Tue Sep 21 20:26:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 22:26:17 +0200 (CEST) Subject: SUSE-SU-2021:3179-1: important: Security update for the Linux Kernel Message-ID: <20210921202617.AB5F4FCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3179-1 Rating: important References: #1040364 #1127650 #1135481 #1152489 #1160010 #1168202 #1171420 #1174969 #1175052 #1175543 #1177399 #1180100 #1180141 #1180347 #1181006 #1181148 #1181972 #1184180 #1185902 #1186264 #1186731 #1187211 #1187455 #1187468 #1187483 #1187619 #1187959 #1188067 #1188172 #1188231 #1188270 #1188412 #1188418 #1188616 #1188700 #1188780 #1188781 #1188782 #1188783 #1188784 #1188786 #1188787 #1188788 #1188790 #1188878 #1188885 #1188924 #1188982 #1188983 #1188985 #1189021 #1189057 #1189077 #1189153 #1189197 #1189209 #1189210 #1189212 #1189213 #1189214 #1189215 #1189216 #1189217 #1189218 #1189219 #1189220 #1189221 #1189222 #1189225 #1189229 #1189233 #1189262 #1189291 #1189292 #1189296 #1189298 #1189301 #1189305 #1189323 #1189384 #1189385 #1189392 #1189393 #1189399 #1189400 #1189427 #1189503 #1189504 #1189505 #1189506 #1189507 #1189562 #1189563 #1189564 #1189565 #1189566 #1189567 #1189568 #1189569 #1189573 #1189574 #1189575 #1189576 #1189577 #1189579 #1189581 #1189582 #1189583 #1189585 #1189586 #1189587 #1189696 #1189706 #1189760 #1189762 #1189832 #1189841 #1189870 #1189872 #1189883 #1190022 #1190025 #1190115 #1190117 #1190412 #1190413 #1190428 Cross-References: CVE-2020-12770 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209 CVSS scores: CVE-2020-12770 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-12770 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3739 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3743 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3759 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38166 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38205 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-38206 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38206 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38207 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38209 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 ______________________________________________________________________________ An update that solves 20 vulnerabilities and has 107 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ). - CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393). - CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543) - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest (bsc#1187959). - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189079). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - device-dax: Fix default return code of range_parse() (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes). - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes). - drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes). - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes). - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm/i915/dg1: gmbus pin mapping (bsc#1188700). - drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700). - drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700). - drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700). - drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700). - drm/i915: Add VBT AUX CH H and I (bsc#1188700). - drm/i915: Add VBT DVO ports H and I (bsc#1188700). - drm/i915: Add more AUX CHs to the enum (bsc#1188700). - drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700). - drm/i915: Correct SFC_DONE register offset (git-fixes). - drm/i915: Introduce HPD_PORT_TC<n> (bsc#1188700). - drm/i915: Move hpd_pin setup to encoder init (bsc#1188700). - drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fixup "rpm: support gz and zst compression methods" (bsc#1190358, bsc#1190428). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - md: revert io stats accounting (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412) - net/mlx5: Properly convey driver version to firmware (git-fixes). - net/mlx5e: Add missing capability check for uplink follow (bsc#1188412) - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270) - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - post.sh: detect /usr mountpoint too - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name at unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - virt_wifi: fix error on connect (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Use "SEV: " prefix for messages from sev.c (jsc#SLE-14337). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-3179=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-38.22.1 kernel-source-azure-5.3.18-38.22.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-38.22.2 kernel-azure-debuginfo-5.3.18-38.22.2 kernel-azure-debugsource-5.3.18-38.22.2 kernel-azure-devel-5.3.18-38.22.2 kernel-azure-devel-debuginfo-5.3.18-38.22.2 kernel-syms-azure-5.3.18-38.22.1 References: https://www.suse.com/security/cve/CVE-2020-12770.html https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3739.html https://www.suse.com/security/cve/CVE-2021-3743.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-3759.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38166.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://www.suse.com/security/cve/CVE-2021-38205.html https://www.suse.com/security/cve/CVE-2021-38206.html https://www.suse.com/security/cve/CVE-2021-38207.html https://www.suse.com/security/cve/CVE-2021-38209.html https://bugzilla.suse.com/1040364 https://bugzilla.suse.com/1127650 https://bugzilla.suse.com/1135481 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1160010 https://bugzilla.suse.com/1168202 https://bugzilla.suse.com/1171420 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175543 https://bugzilla.suse.com/1177399 https://bugzilla.suse.com/1180100 https://bugzilla.suse.com/1180141 https://bugzilla.suse.com/1180347 https://bugzilla.suse.com/1181006 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181972 https://bugzilla.suse.com/1184180 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1186264 https://bugzilla.suse.com/1186731 https://bugzilla.suse.com/1187211 https://bugzilla.suse.com/1187455 https://bugzilla.suse.com/1187468 https://bugzilla.suse.com/1187483 https://bugzilla.suse.com/1187619 https://bugzilla.suse.com/1187959 https://bugzilla.suse.com/1188067 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188231 https://bugzilla.suse.com/1188270 https://bugzilla.suse.com/1188412 https://bugzilla.suse.com/1188418 https://bugzilla.suse.com/1188616 https://bugzilla.suse.com/1188700 https://bugzilla.suse.com/1188780 https://bugzilla.suse.com/1188781 https://bugzilla.suse.com/1188782 https://bugzilla.suse.com/1188783 https://bugzilla.suse.com/1188784 https://bugzilla.suse.com/1188786 https://bugzilla.suse.com/1188787 https://bugzilla.suse.com/1188788 https://bugzilla.suse.com/1188790 https://bugzilla.suse.com/1188878 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188924 https://bugzilla.suse.com/1188982 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189021 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189077 https://bugzilla.suse.com/1189153 https://bugzilla.suse.com/1189197 https://bugzilla.suse.com/1189209 https://bugzilla.suse.com/1189210 https://bugzilla.suse.com/1189212 https://bugzilla.suse.com/1189213 https://bugzilla.suse.com/1189214 https://bugzilla.suse.com/1189215 https://bugzilla.suse.com/1189216 https://bugzilla.suse.com/1189217 https://bugzilla.suse.com/1189218 https://bugzilla.suse.com/1189219 https://bugzilla.suse.com/1189220 https://bugzilla.suse.com/1189221 https://bugzilla.suse.com/1189222 https://bugzilla.suse.com/1189225 https://bugzilla.suse.com/1189229 https://bugzilla.suse.com/1189233 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189292 https://bugzilla.suse.com/1189296 https://bugzilla.suse.com/1189298 https://bugzilla.suse.com/1189301 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189323 https://bugzilla.suse.com/1189384 https://bugzilla.suse.com/1189385 https://bugzilla.suse.com/1189392 https://bugzilla.suse.com/1189393 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189427 https://bugzilla.suse.com/1189503 https://bugzilla.suse.com/1189504 https://bugzilla.suse.com/1189505 https://bugzilla.suse.com/1189506 https://bugzilla.suse.com/1189507 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1189563 https://bugzilla.suse.com/1189564 https://bugzilla.suse.com/1189565 https://bugzilla.suse.com/1189566 https://bugzilla.suse.com/1189567 https://bugzilla.suse.com/1189568 https://bugzilla.suse.com/1189569 https://bugzilla.suse.com/1189573 https://bugzilla.suse.com/1189574 https://bugzilla.suse.com/1189575 https://bugzilla.suse.com/1189576 https://bugzilla.suse.com/1189577 https://bugzilla.suse.com/1189579 https://bugzilla.suse.com/1189581 https://bugzilla.suse.com/1189582 https://bugzilla.suse.com/1189583 https://bugzilla.suse.com/1189585 https://bugzilla.suse.com/1189586 https://bugzilla.suse.com/1189587 https://bugzilla.suse.com/1189696 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189760 https://bugzilla.suse.com/1189762 https://bugzilla.suse.com/1189832 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1189870 https://bugzilla.suse.com/1189872 https://bugzilla.suse.com/1189883 https://bugzilla.suse.com/1190022 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190115 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190412 https://bugzilla.suse.com/1190413 https://bugzilla.suse.com/1190428 From sle-updates at lists.suse.com Tue Sep 21 20:45:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 22:45:01 +0200 (CEST) Subject: SUSE-SU-2021:3180-1: critical: Security update for ghostscript Message-ID: <20210921204501.5F44BFCC9@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3180-1 Rating: critical References: #1190381 Cross-References: CVE-2021-3781 CVSS scores: CVE-2021-3781 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issues: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3180=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3180=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3180=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3180=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3180=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3180=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3180=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3180=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3180=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3180=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3180=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3180=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3180=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 - SUSE OpenStack Cloud 9 (x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 - SUSE OpenStack Cloud 8 (x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 - HPE Helion Openstack 8 (x86_64): ghostscript-9.52-23.42.1 ghostscript-debuginfo-9.52-23.42.1 ghostscript-debugsource-9.52-23.42.1 ghostscript-devel-9.52-23.42.1 ghostscript-x11-9.52-23.42.1 ghostscript-x11-debuginfo-9.52-23.42.1 libspectre-debugsource-0.2.7-12.12.1 libspectre-devel-0.2.7-12.12.1 libspectre1-0.2.7-12.12.1 libspectre1-debuginfo-0.2.7-12.12.1 References: https://www.suse.com/security/cve/CVE-2021-3781.html https://bugzilla.suse.com/1190381 From sle-updates at lists.suse.com Tue Sep 21 20:48:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 22:48:33 +0200 (CEST) Subject: SUSE-RU-2021:3001-2: moderate: Recommended update for netcfg Message-ID: <20210921204833.F167FFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for netcfg ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3001-2 Rating: moderate References: #1189683 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3001=1 Package List: - SUSE MicroOS 5.1 (noarch): netcfg-11.6-3.3.1 References: https://bugzilla.suse.com/1189683 From sle-updates at lists.suse.com Tue Sep 21 20:49:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 22:49:38 +0200 (CEST) Subject: SUSE-SU-2021:3181-1: moderate: Security update for xen Message-ID: <20210921204938.A3405FCC9@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3181-1 Rating: moderate References: #1027519 #1189632 Cross-References: CVE-2021-28701 CVSS scores: CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3181=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3181=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_14-3.52.1 xen-devel-4.12.4_14-3.52.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_14-3.52.1 xen-debugsource-4.12.4_14-3.52.1 xen-doc-html-4.12.4_14-3.52.1 xen-libs-32bit-4.12.4_14-3.52.1 xen-libs-4.12.4_14-3.52.1 xen-libs-debuginfo-32bit-4.12.4_14-3.52.1 xen-libs-debuginfo-4.12.4_14-3.52.1 xen-tools-4.12.4_14-3.52.1 xen-tools-debuginfo-4.12.4_14-3.52.1 xen-tools-domU-4.12.4_14-3.52.1 xen-tools-domU-debuginfo-4.12.4_14-3.52.1 References: https://www.suse.com/security/cve/CVE-2021-28701.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1189632 From sle-updates at lists.suse.com Tue Sep 21 20:50:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 22:50:51 +0200 (CEST) Subject: SUSE-SU-2021:2966-2: Security update for openssl-1_1 Message-ID: <20210921205051.298FDFCC9@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2966-2 Rating: low References: #1189521 Cross-References: CVE-2021-3712 CVSS scores: CVE-2021-3712 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-2966=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.30.1 libopenssl1_1-1.1.1d-11.30.1 libopenssl1_1-debuginfo-1.1.1d-11.30.1 libopenssl1_1-hmac-1.1.1d-11.30.1 openssl-1_1-1.1.1d-11.30.1 openssl-1_1-debuginfo-1.1.1d-11.30.1 openssl-1_1-debugsource-1.1.1d-11.30.1 References: https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1189521 From sle-updates at lists.suse.com Tue Sep 21 20:51:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 22:51:57 +0200 (CEST) Subject: SUSE-RU-2021:2898-2: moderate: Recommended update for grub2 Message-ID: <20210921205157.B5921FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2898-2 Rating: moderate References: #1186975 #1187565 #1187645 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix error not a btrfs filesystem on s390x (bsc#1187645) - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) - Fix boot failure after kdump due to the content of grub.cfg is not completed with pending modificaton in xfs journal (bsc#1186975) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-2898=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): grub2-2.04-22.3.1 grub2-debuginfo-2.04-22.3.1 grub2-debugsource-2.04-22.3.1 - SUSE MicroOS 5.1 (noarch): grub2-arm64-efi-2.04-22.3.1 grub2-i386-pc-2.04-22.3.1 grub2-snapper-plugin-2.04-22.3.1 grub2-x86_64-efi-2.04-22.3.1 grub2-x86_64-xen-2.04-22.3.1 - SUSE MicroOS 5.1 (s390x): grub2-s390x-emu-2.04-22.3.1 References: https://bugzilla.suse.com/1186975 https://bugzilla.suse.com/1187565 https://bugzilla.suse.com/1187645 From sle-updates at lists.suse.com Tue Sep 21 20:55:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Sep 2021 22:55:33 +0200 (CEST) Subject: SUSE-RU-2021:2863-2: moderate: Recommended update for python-dbus-python Message-ID: <20210921205533.4BA9EFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-dbus-python ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:2863-2 Rating: moderate References: #1183818 ECO-3589 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for python-dbus-python fixes the following issues: - Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818) - update to 1.2.16: * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present. - Support builds with more than one python3 flavor - Clean duplicate python flavor variables for configure - Version update to version 1.2.14: * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions. * Disable -Winline. * Add clearer license information using SPDX-License-Identifier. * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx. * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag * Silence '-Wcast-function-type' with gcc 8. * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall. * Consistently save and restore the exception indicator when called from C code. - Add missing dependency for pkg-config files - Version update to version 1.2.8: * Python 2.7 required or 3.4 respectively * Upstream dropped epydoc completely - Add dbus-1-python3 package - Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to - When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon - New package: dbus-1-python-devel Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-2863=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): python-dbus-python-debuginfo-1.2.16-6.3.1 python-dbus-python-debugsource-1.2.16-6.3.1 python3-dbus-python-1.2.16-6.3.1 python3-dbus-python-debuginfo-1.2.16-6.3.1 References: https://bugzilla.suse.com/1183818 From sle-updates at lists.suse.com Wed Sep 22 06:37:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 08:37:52 +0200 (CEST) Subject: SUSE-CU-2021:346-1: Security update of suse/sles12sp3 Message-ID: <20210922063752.D44BFFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:346-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.304 , suse/sles12sp3:latest Container Release : 24.304 Severity : low Type : security References : 1189521 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3144-1 Released: Mon Sep 20 07:57:55 2021 Summary: Security update for openssl Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). From sle-updates at lists.suse.com Wed Sep 22 06:56:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 08:56:43 +0200 (CEST) Subject: SUSE-CU-2021:347-1: Security update of suse/sles12sp4 Message-ID: <20210922065643.D23C4FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:347-1 Container Tags : suse/sles12sp4:26.348 , suse/sles12sp4:latest Container Release : 26.348 Severity : important Type : security References : 1158605 1189521 1189738 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2989-1 Released: Thu Sep 9 00:00:42 2021 Summary: Recommended update for release packages. Type: recommended Severity: low References: 1158605 This update contains new end of support dates for the release packages. - Update the EOL date for the products. (bsc#1158605) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2995-1 Released: Thu Sep 9 14:35:53 2021 Summary: Security update for openssl-1_0_0 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3147-1 Released: Mon Sep 20 11:09:04 2021 Summary: Create update the package in the update channels Type: recommended Severity: important References: 1189738 Create update to release base-container-licenses to fix bsc#1189738 From sle-updates at lists.suse.com Wed Sep 22 08:46:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 10:46:51 +0200 (CEST) Subject: SUSE-CU-2021:348-1: Security update of suse/sles12sp5 Message-ID: <20210922084651.6AC16FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:348-1 Container Tags : suse/sles12sp5:6.5.235 , suse/sles12sp5:latest Container Release : 6.5.235 Severity : important Type : security References : 1189521 1189738 1189738 1189738 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2995-1 Released: Thu Sep 9 14:35:53 2021 Summary: Security update for openssl-1_0_0 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3016-1 Released: Mon Sep 13 08:46:07 2021 Summary: Create update the package in the update channels Type: recommended Severity: important References: 1189738 Create update to release base-container-licenses to fix bsc#1189738 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3041-1 Released: Wed Sep 15 09:47:47 2021 Summary: Create update the package in the update channels Type: recommended Severity: important References: 1189738 Create update to release base-container-licenses to fix bsc#1189738 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3147-1 Released: Mon Sep 20 11:09:04 2021 Summary: Create update the package in the update channels Type: recommended Severity: important References: 1189738 Create update to release base-container-licenses to fix bsc#1189738 From sle-updates at lists.suse.com Wed Sep 22 09:13:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 11:13:20 +0200 (CEST) Subject: SUSE-CU-2021:349-1: Security update of suse/sle15 Message-ID: <20210922091320.37D8DFE12@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:349-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.453 Container Release : 4.22.453 Severity : moderate Type : security References : 1189521 1189683 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2967-1 Released: Tue Sep 7 09:52:21 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] From sle-updates at lists.suse.com Wed Sep 22 13:17:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 15:17:30 +0200 (CEST) Subject: SUSE-RU-2021:3183-1: Recommended update for lsvpd Message-ID: <20210922131730.A2137FE12@maintenance.suse.de> SUSE Recommended Update: Recommended update for lsvpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3183-1 Rating: low References: Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for lsvpd fixes the following issues: - Drop upstreamed patches that are already fixed in the sources itself. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3183=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3183=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le): lsvpd-1.7.12-3.12.1 lsvpd-debuginfo-1.7.12-3.12.1 lsvpd-debugsource-1.7.12-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le): lsvpd-1.7.12-3.12.1 lsvpd-debuginfo-1.7.12-3.12.1 lsvpd-debugsource-1.7.12-3.12.1 References: From sle-updates at lists.suse.com Wed Sep 22 16:16:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 18:16:59 +0200 (CEST) Subject: SUSE-SU-2021:3187-1: important: Security update for samba Message-ID: <20210922161659.A755CFE12@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3187-1 Rating: important References: #1182830 #1183572 #1183574 #1184677 #1189875 Cross-References: CVE-2020-27840 CVE-2021-20254 CVE-2021-20277 CVSS scores: CVE-2020-27840 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27840 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20254 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2021-20277 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20277 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Spec file fixes around systemd and requires (bsc#1182830) - Fix dependency problem upgrading from libndr0 to libndr1 (bsc#1189875) - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2 (bsc#1189875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-3187=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3187=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3187=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.13.6+git.211.555d60b24ba-3.7.1 samba-ad-dc-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-debugsource-4.13.6+git.211.555d60b24ba-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-binding0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-devel-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-samr-devel-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-samr0-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-samr0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc0-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-devel-4.13.6+git.211.555d60b24ba-3.7.1 libndr-krb5pac-devel-4.13.6+git.211.555d60b24ba-3.7.1 libndr-krb5pac0-4.13.6+git.211.555d60b24ba-3.7.1 libndr-krb5pac0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-nbt-devel-4.13.6+git.211.555d60b24ba-3.7.1 libndr-nbt0-4.13.6+git.211.555d60b24ba-3.7.1 libndr-nbt0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-standard-devel-4.13.6+git.211.555d60b24ba-3.7.1 libndr-standard0-4.13.6+git.211.555d60b24ba-3.7.1 libndr-standard0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr1-4.13.6+git.211.555d60b24ba-3.7.1 libndr1-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libnetapi-devel-4.13.6+git.211.555d60b24ba-3.7.1 libnetapi0-4.13.6+git.211.555d60b24ba-3.7.1 libnetapi0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-credentials-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-credentials0-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-credentials0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-errors-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-errors0-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-errors0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-hostconfig-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-hostconfig0-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-hostconfig0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-passdb-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-passdb0-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-passdb0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-policy-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-policy-python3-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-policy0-python3-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-policy0-python3-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-util-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-util0-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-util0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamdb-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamdb0-4.13.6+git.211.555d60b24ba-3.7.1 libsamdb0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsmbclient-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsmbclient0-4.13.6+git.211.555d60b24ba-3.7.1 libsmbclient0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsmbconf-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsmbconf0-4.13.6+git.211.555d60b24ba-3.7.1 libsmbconf0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsmbldap-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsmbldap2-4.13.6+git.211.555d60b24ba-3.7.1 libsmbldap2-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libtevent-util-devel-4.13.6+git.211.555d60b24ba-3.7.1 libtevent-util0-4.13.6+git.211.555d60b24ba-3.7.1 libtevent-util0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libwbclient-devel-4.13.6+git.211.555d60b24ba-3.7.1 libwbclient0-4.13.6+git.211.555d60b24ba-3.7.1 libwbclient0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-4.13.6+git.211.555d60b24ba-3.7.1 samba-client-4.13.6+git.211.555d60b24ba-3.7.1 samba-client-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-core-devel-4.13.6+git.211.555d60b24ba-3.7.1 samba-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-debugsource-4.13.6+git.211.555d60b24ba-3.7.1 samba-dsdb-modules-4.13.6+git.211.555d60b24ba-3.7.1 samba-dsdb-modules-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-python3-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-python3-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-python3-4.13.6+git.211.555d60b24ba-3.7.1 samba-python3-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-winbind-4.13.6+git.211.555d60b24ba-3.7.1 samba-winbind-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): samba-ceph-4.13.6+git.211.555d60b24ba-3.7.1 samba-ceph-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libdcerpc-binding0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-binding0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-krb5pac0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libndr-krb5pac0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-nbt0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libndr-nbt0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-standard0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libndr-standard0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr1-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libndr1-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libnetapi0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libnetapi0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-credentials0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-credentials0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-errors0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-errors0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-hostconfig0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-hostconfig0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-passdb0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-passdb0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-util0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-util0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamdb0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamdb0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsmbconf0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsmbconf0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsmbldap2-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsmbldap2-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libtevent-util0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libtevent-util0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libwbclient0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libwbclient0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-32bit-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-winbind-32bit-4.13.6+git.211.555d60b24ba-3.7.1 samba-winbind-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.13.6+git.211.555d60b24ba-3.7.1 ctdb-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-debugsource-4.13.6+git.211.555d60b24ba-3.7.1 References: https://www.suse.com/security/cve/CVE-2020-27840.html https://www.suse.com/security/cve/CVE-2021-20254.html https://www.suse.com/security/cve/CVE-2021-20277.html https://bugzilla.suse.com/1182830 https://bugzilla.suse.com/1183572 https://bugzilla.suse.com/1183574 https://bugzilla.suse.com/1184677 https://bugzilla.suse.com/1189875 From sle-updates at lists.suse.com Wed Sep 22 16:18:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 18:18:45 +0200 (CEST) Subject: SUSE-RU-2021:3186-1: moderate: Recommended update for gtk3 Message-ID: <20210922161845.28138FE12@maintenance.suse.de> SUSE Recommended Update: Recommended update for gtk3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3186-1 Rating: moderate References: #1094486 #1189238 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gtk3 fixes the following issue: - Ensure printer entries from Avahi are usable (bsc#1094486, bsc#1189238). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3186=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3186=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3186=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3186=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gtk3-devel-doc-3.24.20-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gtk3-devel-doc-3.24.20-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gettext-its-gtk3-3.24.20-3.6.1 gtk3-debugsource-3.24.20-3.6.1 gtk3-devel-3.24.20-3.6.1 gtk3-devel-debuginfo-3.24.20-3.6.1 gtk3-tools-3.24.20-3.6.1 gtk3-tools-debuginfo-3.24.20-3.6.1 libgtk-3-0-3.24.20-3.6.1 libgtk-3-0-debuginfo-3.24.20-3.6.1 typelib-1_0-Gtk-3_0-3.24.20-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): gtk3-data-3.24.20-3.6.1 gtk3-lang-3.24.20-3.6.1 gtk3-schema-3.24.20-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gettext-its-gtk3-3.24.20-3.6.1 gtk3-debugsource-3.24.20-3.6.1 gtk3-devel-3.24.20-3.6.1 gtk3-devel-debuginfo-3.24.20-3.6.1 gtk3-tools-3.24.20-3.6.1 gtk3-tools-debuginfo-3.24.20-3.6.1 libgtk-3-0-3.24.20-3.6.1 libgtk-3-0-debuginfo-3.24.20-3.6.1 typelib-1_0-Gtk-3_0-3.24.20-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): gtk3-data-3.24.20-3.6.1 gtk3-lang-3.24.20-3.6.1 gtk3-schema-3.24.20-3.6.1 References: https://bugzilla.suse.com/1094486 https://bugzilla.suse.com/1189238 From sle-updates at lists.suse.com Wed Sep 22 16:21:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 18:21:22 +0200 (CEST) Subject: SUSE-SU-2021:3184-1: important: Security update for nodejs14 Message-ID: <20210922162122.7BA65FE12@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3184-1 Rating: important References: #1188881 #1188917 #1189368 #1189369 #1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 CVSS scores: CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22931 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-22939 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-22940 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). - CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) - CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-3184=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.17.5-6.15.3 nodejs14-debuginfo-14.17.5-6.15.3 nodejs14-debugsource-14.17.5-6.15.3 nodejs14-devel-14.17.5-6.15.3 npm14-14.17.5-6.15.3 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.17.5-6.15.3 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://www.suse.com/security/cve/CVE-2021-22931.html https://www.suse.com/security/cve/CVE-2021-22939.html https://www.suse.com/security/cve/CVE-2021-22940.html https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 https://bugzilla.suse.com/1188917 https://bugzilla.suse.com/1189368 https://bugzilla.suse.com/1189369 https://bugzilla.suse.com/1189370 From sle-updates at lists.suse.com Wed Sep 22 16:23:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 18:23:07 +0200 (CEST) Subject: SUSE-RU-2021:3185-1: moderate: Recommended update for sssd Message-ID: <20210922162307.08481FE12@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3185-1 Rating: moderate References: #1182058 #1182637 #1184289 #1187120 #1189492 #1190021 ECO-3493 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 5 fixes is now available. Description: This update for sssd fixes the following issues: - Fix a dependency loop by moving internal libraries to sssd-common package. (bsc#1182058) - Moved sssctl command from sssd to sssd-tools package. (bsc#1184289) - Create timestamp attribute in cache objects if missing. (bsc#1182637) - Fix watchdog not terminating tasks. (bsc#1187120) - Improve logs to record the reason why internal watchdog terminates. - Fixed security issue with sssd: shell command injection in sssctl. (CVE-2021-3621, bsc#1189492) - Fixes a segfault with newer libcares2 versions when the library fails to parse a dns name. (bsc#1190021) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3185=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-17.14.1 libipa_hbac0-1.16.1-17.14.1 libipa_hbac0-debuginfo-1.16.1-17.14.1 libsss_certmap-devel-1.16.1-17.14.1 libsss_certmap0-1.16.1-17.14.1 libsss_certmap0-debuginfo-1.16.1-17.14.1 libsss_idmap-devel-1.16.1-17.14.1 libsss_idmap0-1.16.1-17.14.1 libsss_idmap0-debuginfo-1.16.1-17.14.1 libsss_nss_idmap-devel-1.16.1-17.14.1 libsss_nss_idmap0-1.16.1-17.14.1 libsss_nss_idmap0-debuginfo-1.16.1-17.14.1 libsss_simpleifp-devel-1.16.1-17.14.1 libsss_simpleifp0-1.16.1-17.14.1 libsss_simpleifp0-debuginfo-1.16.1-17.14.1 python3-sssd-config-1.16.1-17.14.1 python3-sssd-config-debuginfo-1.16.1-17.14.1 sssd-1.16.1-17.14.1 sssd-ad-1.16.1-17.14.1 sssd-ad-debuginfo-1.16.1-17.14.1 sssd-common-1.16.1-17.14.1 sssd-common-debuginfo-1.16.1-17.14.1 sssd-dbus-1.16.1-17.14.1 sssd-dbus-debuginfo-1.16.1-17.14.1 sssd-debugsource-1.16.1-17.14.1 sssd-ipa-1.16.1-17.14.1 sssd-ipa-debuginfo-1.16.1-17.14.1 sssd-krb5-1.16.1-17.14.1 sssd-krb5-common-1.16.1-17.14.1 sssd-krb5-common-debuginfo-1.16.1-17.14.1 sssd-krb5-debuginfo-1.16.1-17.14.1 sssd-ldap-1.16.1-17.14.1 sssd-ldap-debuginfo-1.16.1-17.14.1 sssd-proxy-1.16.1-17.14.1 sssd-proxy-debuginfo-1.16.1-17.14.1 sssd-tools-1.16.1-17.14.1 sssd-tools-debuginfo-1.16.1-17.14.1 sssd-winbind-idmap-1.16.1-17.14.1 sssd-winbind-idmap-debuginfo-1.16.1-17.14.1 References: https://www.suse.com/security/cve/CVE-2021-3621.html https://bugzilla.suse.com/1182058 https://bugzilla.suse.com/1182637 https://bugzilla.suse.com/1184289 https://bugzilla.suse.com/1187120 https://bugzilla.suse.com/1189492 https://bugzilla.suse.com/1190021 From sle-updates at lists.suse.com Wed Sep 22 19:16:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 21:16:48 +0200 (CEST) Subject: SUSE-RU-2021:3188-1: moderate: Recommended update for sapnwbootstrap-formula Message-ID: <20210922191648.CC4A6FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapnwbootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3188-1 Rating: moderate References: #1181541 #1185093 #1185627 #1186236 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for sapnwbootstrap-formula fixes the following issues: Update to version 0.6.4+git.1621842068.a86c37c: - Set the default empty dictionary for 'virtual_addresses'. (bsc#1185627) - This also ensures that a dictionary is obtained if the value is None (needed by SUSE Manager) - Fix issue when 'azure-lb' resource for 'ASCS/ERS' is not added in the corresponding Resource Group (bsc#1186236) - Set the virtual ip addresses as permanent, except for HA scenarios, to have them even after a reboot of the machine. (bsc#1185093) - Give the option to mount '/sapmnt' folder locally without using a 'NFS' share. - Make '/sapmnt' path configurable using 'sapmnt_path' pillar variable - Update PAS and AAS templates to use HANA sid and instance number to create the configuration file - Fix error about missing instance installation requisite when monitoring is enabled. (bsc#1181541) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3188=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-3188=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-3188=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-3188=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): sapnwbootstrap-formula-0.6.4+git.1621842068.a86c37c-10.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): sapnwbootstrap-formula-0.6.4+git.1621842068.a86c37c-10.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): sapnwbootstrap-formula-0.6.4+git.1621842068.a86c37c-10.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): sapnwbootstrap-formula-0.6.4+git.1621842068.a86c37c-10.1 References: https://bugzilla.suse.com/1181541 https://bugzilla.suse.com/1185093 https://bugzilla.suse.com/1185627 https://bugzilla.suse.com/1186236 From sle-updates at lists.suse.com Wed Sep 22 19:18:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 21:18:35 +0200 (CEST) Subject: SUSE-SU-2021:3191-1: important: Security update for MozillaFirefox Message-ID: <20210922191835.6CBA6FCC9@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3191-1 Rating: important References: #1188891 #1189547 #1190269 #1190274 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 CVSS scores: CVE-2021-29980 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29984 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29985 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29986 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29988 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29989 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29991 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-38492 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded "just in time" if you decide to "Log in with Facebook" on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We???ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We???ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3191=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3191=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3191=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3191=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3191=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3191=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3191=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3191=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3191=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3191=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3191=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3191=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3191=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-91.1.0-112.71.1 MozillaFirefox-branding-SLE-91-35.6.6 MozillaFirefox-debuginfo-91.1.0-112.71.1 MozillaFirefox-debugsource-91.1.0-112.71.1 MozillaFirefox-devel-91.1.0-112.71.1 MozillaFirefox-translations-common-91.1.0-112.71.1 References: https://www.suse.com/security/cve/CVE-2021-29980.html https://www.suse.com/security/cve/CVE-2021-29981.html https://www.suse.com/security/cve/CVE-2021-29982.html https://www.suse.com/security/cve/CVE-2021-29983.html https://www.suse.com/security/cve/CVE-2021-29984.html https://www.suse.com/security/cve/CVE-2021-29985.html https://www.suse.com/security/cve/CVE-2021-29986.html https://www.suse.com/security/cve/CVE-2021-29987.html https://www.suse.com/security/cve/CVE-2021-29988.html https://www.suse.com/security/cve/CVE-2021-29989.html https://www.suse.com/security/cve/CVE-2021-29990.html https://www.suse.com/security/cve/CVE-2021-29991.html https://www.suse.com/security/cve/CVE-2021-38492.html https://www.suse.com/security/cve/CVE-2021-38495.html https://bugzilla.suse.com/1188891 https://bugzilla.suse.com/1189547 https://bugzilla.suse.com/1190269 https://bugzilla.suse.com/1190274 From sle-updates at lists.suse.com Wed Sep 22 19:20:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 21:20:20 +0200 (CEST) Subject: SUSE-RU-2021:3190-1: moderate: Recommended update for resource-agents Message-ID: <20210922192020.C08AAFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3190-1 Rating: moderate References: #1189535 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Solve an issue on 'SAPInstance' that failed to detect SAP unit files for 'systemd'. (bsc#1189535) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-3190=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ldirectord-4.0.1+git.1495055229.643177f1-2.56.1 resource-agents-4.0.1+git.1495055229.643177f1-2.56.1 resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-2.56.1 resource-agents-debugsource-4.0.1+git.1495055229.643177f1-2.56.1 - SUSE Linux Enterprise High Availability 12-SP3 (noarch): monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-2.56.1 References: https://bugzilla.suse.com/1189535 From sle-updates at lists.suse.com Wed Sep 22 19:21:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 21:21:30 +0200 (CEST) Subject: SUSE-RU-2021:3189-1: moderate: Recommended update for osinfo-db Message-ID: <20210922192130.33089FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3189-1 Rating: moderate References: #1054986 #1159445 #1188692 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for osinfo-db fixes the following issues: Update to database version 20210621 - Add support for openSUSE Leap 15.4, SUSE Linux Enterprise 15-SP4 and SUSE Linux Enterprise Micro 5.1. (bsc#1188692) - Fix the listed order for openSUSE Tumbleweed. (bsc#1188692) - Fix the length of string for the ISO volume id. (bsc#1054986) - Detected the correct Windows guest system version from the local install media. (bsc#1159445) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3189=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): osinfo-db-20210621-3.3.1 References: https://bugzilla.suse.com/1054986 https://bugzilla.suse.com/1159445 https://bugzilla.suse.com/1188692 From sle-updates at lists.suse.com Wed Sep 22 19:24:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Sep 2021 21:24:27 +0200 (CEST) Subject: SUSE-SU-2021:3192-1: important: Security update for the Linux Kernel Message-ID: <20210922192427.22923FCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3192-1 Rating: important References: #1040364 #1108488 #1114648 #1127650 #1129898 #1133374 #1183050 #1183983 #1185902 #1185973 #1187076 #1188000 #1188172 #1188439 #1188616 #1188885 #1188982 #1189057 #1189262 #1189268 #1189269 #1189270 #1189271 #1189272 #1189291 #1189301 #1189384 #1189385 #1189392 #1189399 #1189400 #1189505 #1189506 #1189562 #1189564 #1189565 #1189566 #1189567 #1189568 #1189569 #1189573 #1189577 #1189579 #1189581 #1189582 #1189639 #1189640 #1189706 #1189846 #1190025 #1190115 #1190117 Cross-References: CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVSS scores: CVE-2018-9517 (NVD) : 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2018-9517 (SUSE): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2019-3874 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3874 (SUSE): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3900 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-3900 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3759 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 39 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - Bluetooth: Move shutdown callback before flushing tx and rx queue (git-fixes). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - KVM: SVM: Call SEV Guest Decommission if ASID binding fails (12sp5). - Move upstreamed BT fixes into sorted section - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Add Intel VMD devices to pci ids (bsc#1183983). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - PCI: vmd: Add an additional VMD device id to driver device id table (bsc#1183983). - PCI: vmd: Add offset to bus numbers if necessary (bsc#1183983). - PCI: vmd: Assign membar addresses from shadow registers (bsc#1183983). - PCI: vmd: Filter resource type bits from shadow register (bsc#1183983). - PCI: vmd: Fix config addressing when using bus offsets (bsc#1183983). - PCI: vmd: Fix shadow offsets to reflect spec changes (bsc#1183983). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - block: fix trace completion for chained bio (bsc#1189505). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - crypto: ccp - Annotate SEV Firmware file names (bsc#1189268). - crypto: nx - Fix RCU warning in nx842_OF_upd_status (git-fixes). - crypto: nx - Fix memcpy() over-reading in nonce (git-fixes). - crypto: talitos - Do not modify req->cryptlen on decryption (git-fixes). - crypto: talitos - fix ECB algs ivsize (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git fixes). - dm cache metadata: Avoid returning cmd->bm wild pointer on error (git fixes). - dm era: Fix bitset memory leaks (git fixes). - dm era: Recover committed writeset after crash (git fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git fixes). - dm era: Use correct value size in equality function of writeset tree (git fixes). - dm era: Verify the data block size hasn't changed (git fixes). - dm era: only resize metadata in preresume (git fixes). - dm ioctl: fix error return code in target_message (git fixes). - dm ioctl: fix out of bounds array access when no devices (git fixes). - dm persistent data: packed struct should have an aligned() attribute too (git fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git fixes). - dm snapshot: flush merged data before committing metadata (git fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git fixes). - dm table: fix iterate_devices based device capability checks (git fixes). - dm thin metadata: Avoid returning cmd->bm wild pointer on error (git fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - ftgmac100: Restart MAC HW once (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - iommu/amd: Fix extended features logging (bsc#1189269). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189270). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189271). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189272). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kABI: s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193818). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - memcg: enable accounting for file lock caches (bsc#1190115). - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - mm/memory-failure: unnecessary amount of unmapping (bsc#1189640). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Performance, bsc#1189301). - mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes). - net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1187076). - nvme-fc: convert assoc_active flag to bit op (bsc#1187076). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1187076). - nvme-fc: fix double-free scenarios on hw queues (bsc#1187076). - nvme-fc: fix io timeout to abort I/O (bsc#1187076). - nvme-fc: fix racing controller reset and create association (bsc#1187076). - nvme-fc: remove err_work work item (bsc#1187076). - nvme-fc: remove nvme_fc_terminate_io() (bsc#1187076). - nvme-fc: track error_recovery while connecting (bsc#1187076). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - overflow: Correct check_shl_overflow() comment (git-fixes). - overflow: Include header file with SIZE_MAX declaration (git-fixes). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - qlcnic: Fix error code in probe (git-fixes). - r8152: Fix potential PM refcount imbalance (git-fixes). - readdir: make sure to verify directory entry for legacy interfaces too (bsc#1189639). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193818). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189384). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189384). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189384). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189384). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189384). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189384). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189384). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189384). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189384). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189384). - scsi: qla2xxx: edif: Add key update (bsc#1189384). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189384). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189384). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - virtio_net: Fix error code in probe() (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1114648). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1114648). - x86/fpu: Reset state for all signal restore failures (bsc#1114648). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1114648). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3192=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.73.1 kernel-source-azure-4.12.14-16.73.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.73.2 kernel-azure-base-4.12.14-16.73.2 kernel-azure-base-debuginfo-4.12.14-16.73.2 kernel-azure-debuginfo-4.12.14-16.73.2 kernel-azure-debugsource-4.12.14-16.73.2 kernel-azure-devel-4.12.14-16.73.2 kernel-syms-azure-4.12.14-16.73.1 References: https://www.suse.com/security/cve/CVE-2018-9517.html https://www.suse.com/security/cve/CVE-2019-3874.html https://www.suse.com/security/cve/CVE-2019-3900.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-3759.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://bugzilla.suse.com/1040364 https://bugzilla.suse.com/1108488 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1127650 https://bugzilla.suse.com/1129898 https://bugzilla.suse.com/1133374 https://bugzilla.suse.com/1183050 https://bugzilla.suse.com/1183983 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1187076 https://bugzilla.suse.com/1188000 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188439 https://bugzilla.suse.com/1188616 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188982 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189268 https://bugzilla.suse.com/1189269 https://bugzilla.suse.com/1189270 https://bugzilla.suse.com/1189271 https://bugzilla.suse.com/1189272 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189301 https://bugzilla.suse.com/1189384 https://bugzilla.suse.com/1189385 https://bugzilla.suse.com/1189392 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189505 https://bugzilla.suse.com/1189506 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1189564 https://bugzilla.suse.com/1189565 https://bugzilla.suse.com/1189566 https://bugzilla.suse.com/1189567 https://bugzilla.suse.com/1189568 https://bugzilla.suse.com/1189569 https://bugzilla.suse.com/1189573 https://bugzilla.suse.com/1189577 https://bugzilla.suse.com/1189579 https://bugzilla.suse.com/1189581 https://bugzilla.suse.com/1189582 https://bugzilla.suse.com/1189639 https://bugzilla.suse.com/1189640 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189846 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190115 https://bugzilla.suse.com/1190117 From sle-updates at lists.suse.com Thu Sep 23 06:38:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 08:38:30 +0200 (CEST) Subject: SUSE-CU-2021:350-1: Security update of suse/sle15 Message-ID: <20210923063830.B636DFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:350-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.508 Container Release : 6.2.508 Severity : moderate Type : security References : 1189521 1189683 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2968-1 Released: Tue Sep 7 09:53:00 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] From sle-updates at lists.suse.com Thu Sep 23 06:52:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 08:52:56 +0200 (CEST) Subject: SUSE-CU-2021:351-1: Security update of suse/sle15 Message-ID: <20210923065256.D3EB1FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:351-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.21 Container Release : 9.5.21 Severity : moderate Type : security References : 1189521 1189534 1189554 1189683 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) From sle-updates at lists.suse.com Thu Sep 23 06:53:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 08:53:40 +0200 (CEST) Subject: SUSE-CU-2021:352-1: Security update of suse/dotnet-sdk Message-ID: <20210923065340.683D2FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:352-1 Container Tags : suse/dotnet-sdk:3.1 , suse/dotnet-sdk:3.1.202 Container Release : 6.1 Severity : critical Type : security References : 1029961 1040589 1047218 1057452 1106014 1161276 1175448 1175449 1178577 1178624 1178675 1181443 1182016 1182604 1182899 1183064 1183154 1184358 1184435 1184614 1185163 1185408 1185408 1185409 1185409 1185410 1185410 1185438 1185540 1185562 1185698 1185807 1185828 1185958 1186015 1186049 1186114 1186411 1186642 1187154 1187210 1187212 1187292 1188063 1188217 1188218 1188219 1188220 1188287 1188571 1189206 1189465 1189465 1189550 CVE-2020-24370 CVE-2020-24371 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-36222 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1526-1 Released: Thu May 6 08:57:30 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1825-1 Released: Tue Jun 1 16:24:01 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1185807,1185828,1185958,1186411,1187154,1187292 This update for systemd fixes the following issues: - Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154) - Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292) - 'udev' requires systemd in its %post (bsc#1185958) nspawn: turn on higher optimization level in seccomp nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411) shared/seccomp-util: added functionality to make list of filtred syscalls hared/syscall-list: filter out some obviously platform-specific syscalls shared/seccomp: reduce scope of indexing variables generate-syscall-list: require python3 shared: add @known syscall list meson: add syscall-names-update target shared/seccomp: use _cleanup_ in one more place home: fix homed.conf install location - We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't manage to overwrite the freshly created symlinks (by A) because A has still yet not registered the symlinks in the DB. (bsc#1185828) - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important References: 1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2786-1 Released: Fri Aug 20 02:02:23 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1057452,1188287 This update for bash fixes the following issues: - Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3013-1 Released: Thu Sep 9 16:55:40 2021 Summary: Recommended update for patterns-base, patterns-server-enterprise, sles15-image Type: recommended Severity: moderate References: 1183154,1189550 This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues: - Add pattern to install necessary packages for FIPS (bsc#1183154) - Add patterns-base-fips to work also in FIPS environments (bsc#1183154) - Use the same icon in the fips pattern as the previous pattern had (bsc#1189550) From sle-updates at lists.suse.com Thu Sep 23 06:54:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 08:54:13 +0200 (CEST) Subject: SUSE-CU-2021:353-1: Security update of suse/dotnet-aspnet Message-ID: <20210923065413.2E67EFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:353-1 Container Tags : suse/dotnet-aspnet:3.1 , suse/dotnet-aspnet:3.1.202 Container Release : 6.1 Severity : critical Type : security References : 1029961 1040589 1047218 1057452 1106014 1161276 1175448 1175449 1178577 1178624 1178675 1181443 1182016 1182604 1182899 1183064 1183154 1184358 1184435 1184614 1185163 1185408 1185408 1185409 1185409 1185410 1185410 1185438 1185540 1185562 1185698 1185807 1185828 1185958 1186015 1186049 1186114 1186411 1186642 1187154 1187210 1187212 1187292 1188063 1188217 1188218 1188219 1188220 1188287 1188571 1189206 1189465 1189465 1189550 CVE-2020-24370 CVE-2020-24371 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-36222 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1526-1 Released: Thu May 6 08:57:30 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1825-1 Released: Tue Jun 1 16:24:01 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1185807,1185828,1185958,1186411,1187154,1187292 This update for systemd fixes the following issues: - Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154) - Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292) - 'udev' requires systemd in its %post (bsc#1185958) nspawn: turn on higher optimization level in seccomp nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411) shared/seccomp-util: added functionality to make list of filtred syscalls hared/syscall-list: filter out some obviously platform-specific syscalls shared/seccomp: reduce scope of indexing variables generate-syscall-list: require python3 shared: add @known syscall list meson: add syscall-names-update target shared/seccomp: use _cleanup_ in one more place home: fix homed.conf install location - We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't manage to overwrite the freshly created symlinks (by A) because A has still yet not registered the symlinks in the DB. (bsc#1185828) - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important References: 1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2786-1 Released: Fri Aug 20 02:02:23 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1057452,1188287 This update for bash fixes the following issues: - Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3013-1 Released: Thu Sep 9 16:55:40 2021 Summary: Recommended update for patterns-base, patterns-server-enterprise, sles15-image Type: recommended Severity: moderate References: 1183154,1189550 This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues: - Add pattern to install necessary packages for FIPS (bsc#1183154) - Add patterns-base-fips to work also in FIPS environments (bsc#1183154) - Use the same icon in the fips pattern as the previous pattern had (bsc#1189550) From sle-updates at lists.suse.com Thu Sep 23 06:54:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 08:54:30 +0200 (CEST) Subject: SUSE-CU-2021:354-1: Security update of suse/dotnet-aspnet Message-ID: <20210923065430.1A373FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:354-1 Container Tags : suse/dotnet-aspnet:5.0 , suse/dotnet-aspnet:5.0.202 Container Release : 5.1 Severity : critical Type : security References : 1029961 1040589 1047218 1057452 1099521 1106014 1161276 1175448 1175449 1178577 1178624 1178675 1181443 1182016 1182604 1182899 1183064 1183154 1184358 1184435 1184614 1185163 1185408 1185408 1185409 1185409 1185410 1185410 1185438 1185540 1185562 1185698 1185807 1185828 1185958 1186015 1186049 1186114 1186411 1186642 1187154 1187210 1187212 1187292 1188063 1188127 1188217 1188218 1188219 1188220 1188287 1188571 1189206 1189465 1189465 1189550 CVE-2020-24370 CVE-2020-24371 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-36222 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1526-1 Released: Thu May 6 08:57:30 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1825-1 Released: Tue Jun 1 16:24:01 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1185807,1185828,1185958,1186411,1187154,1187292 This update for systemd fixes the following issues: - Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154) - Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292) - 'udev' requires systemd in its %post (bsc#1185958) nspawn: turn on higher optimization level in seccomp nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411) shared/seccomp-util: added functionality to make list of filtred syscalls hared/syscall-list: filter out some obviously platform-specific syscalls shared/seccomp: reduce scope of indexing variables generate-syscall-list: require python3 shared: add @known syscall list meson: add syscall-names-update target shared/seccomp: use _cleanup_ in one more place home: fix homed.conf install location - We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't manage to overwrite the freshly created symlinks (by A) because A has still yet not registered the symlinks in the DB. (bsc#1185828) - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important References: 1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2786-1 Released: Fri Aug 20 02:02:23 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1057452,1188287 This update for bash fixes the following issues: - Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3013-1 Released: Thu Sep 9 16:55:40 2021 Summary: Recommended update for patterns-base, patterns-server-enterprise, sles15-image Type: recommended Severity: moderate References: 1183154,1189550 This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues: - Add pattern to install necessary packages for FIPS (bsc#1183154) - Add patterns-base-fips to work also in FIPS environments (bsc#1183154) - Use the same icon in the fips pattern as the previous pattern had (bsc#1189550) From sle-updates at lists.suse.com Thu Sep 23 06:54:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 08:54:47 +0200 (CEST) Subject: SUSE-CU-2021:355-1: Security update of suse/dotnet-sdk Message-ID: <20210923065447.CC011FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:355-1 Container Tags : suse/dotnet-sdk:5.0 , suse/dotnet-sdk:5.0.202 Container Release : 5.1 Severity : critical Type : security References : 1029961 1040589 1047218 1057452 1099521 1106014 1161276 1175448 1175449 1178577 1178624 1178675 1181443 1182016 1182604 1182899 1183064 1183154 1184358 1184435 1184614 1185163 1185408 1185408 1185409 1185409 1185410 1185410 1185438 1185540 1185562 1185698 1185807 1185828 1185958 1186015 1186049 1186114 1186411 1186642 1187154 1187210 1187212 1187292 1188063 1188127 1188217 1188218 1188219 1188220 1188287 1188571 1189206 1189465 1189465 1189550 CVE-2020-24370 CVE-2020-24371 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-36222 CVE-2021-38185 CVE-2021-38185 ----------------------------------------------------------------- The container suse/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1526-1 Released: Thu May 6 08:57:30 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1825-1 Released: Tue Jun 1 16:24:01 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1185807,1185828,1185958,1186411,1187154,1187292 This update for systemd fixes the following issues: - Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154) - Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292) - 'udev' requires systemd in its %post (bsc#1185958) nspawn: turn on higher optimization level in seccomp nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411) shared/seccomp-util: added functionality to make list of filtred syscalls hared/syscall-list: filter out some obviously platform-specific syscalls shared/seccomp: reduce scope of indexing variables generate-syscall-list: require python3 shared: add @known syscall list meson: add syscall-names-update target shared/seccomp: use _cleanup_ in one more place home: fix homed.conf install location - We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't manage to overwrite the freshly created symlinks (by A) because A has still yet not registered the symlinks in the DB. (bsc#1185828) - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important References: 1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2786-1 Released: Fri Aug 20 02:02:23 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1057452,1188287 This update for bash fixes the following issues: - Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3013-1 Released: Thu Sep 9 16:55:40 2021 Summary: Recommended update for patterns-base, patterns-server-enterprise, sles15-image Type: recommended Severity: moderate References: 1183154,1189550 This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues: - Add pattern to install necessary packages for FIPS (bsc#1183154) - Add patterns-base-fips to work also in FIPS environments (bsc#1183154) - Use the same icon in the fips pattern as the previous pattern had (bsc#1189550) From sle-updates at lists.suse.com Thu Sep 23 13:16:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 15:16:58 +0200 (CEST) Subject: SUSE-SU-2021:3194-1: important: Security update for grilo Message-ID: <20210923131658.B3266FE12@maintenance.suse.de> SUSE Security Update: Security update for grilo ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3194-1 Rating: important References: #1189839 Cross-References: CVE-2021-39365 CVSS scores: CVE-2021-39365 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for grilo fixes the following issues: - CVE-2021-39365: Fixed missing TLS certificate verification (bsc#1189839). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3194=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3194=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3194=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3194=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): grilo-debuginfo-0.3.12-3.3.1 grilo-debugsource-0.3.12-3.3.1 grilo-tools-0.3.12-3.3.1 grilo-tools-debuginfo-0.3.12-3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): grilo-lang-0.3.12-3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): grilo-debuginfo-0.3.12-3.3.1 grilo-debugsource-0.3.12-3.3.1 grilo-tools-0.3.12-3.3.1 grilo-tools-debuginfo-0.3.12-3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): grilo-lang-0.3.12-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): grilo-debuginfo-0.3.12-3.3.1 grilo-debugsource-0.3.12-3.3.1 grilo-devel-0.3.12-3.3.1 libgrilo-0_3-0-0.3.12-3.3.1 libgrilo-0_3-0-debuginfo-0.3.12-3.3.1 libgrlnet-0_3-0-0.3.12-3.3.1 libgrlnet-0_3-0-debuginfo-0.3.12-3.3.1 libgrlpls-0_3-0-0.3.12-3.3.1 libgrlpls-0_3-0-debuginfo-0.3.12-3.3.1 typelib-1_0-Grl-0_3-0.3.12-3.3.1 typelib-1_0-GrlNet-0_3-0.3.12-3.3.1 typelib-1_0-GrlPls-0_3-0.3.12-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): grilo-debuginfo-0.3.12-3.3.1 grilo-debugsource-0.3.12-3.3.1 grilo-devel-0.3.12-3.3.1 libgrilo-0_3-0-0.3.12-3.3.1 libgrilo-0_3-0-debuginfo-0.3.12-3.3.1 libgrlnet-0_3-0-0.3.12-3.3.1 libgrlnet-0_3-0-debuginfo-0.3.12-3.3.1 libgrlpls-0_3-0-0.3.12-3.3.1 libgrlpls-0_3-0-debuginfo-0.3.12-3.3.1 typelib-1_0-Grl-0_3-0.3.12-3.3.1 typelib-1_0-GrlNet-0_3-0.3.12-3.3.1 typelib-1_0-GrlPls-0_3-0.3.12-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-39365.html https://bugzilla.suse.com/1189839 From sle-updates at lists.suse.com Thu Sep 23 13:18:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 15:18:15 +0200 (CEST) Subject: SUSE-SU-2021:3201-1: moderate: Security update for hivex Message-ID: <20210923131815.2A667FE12@maintenance.suse.de> SUSE Security Update: Security update for hivex ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3201-1 Rating: moderate References: #1189060 Cross-References: CVE-2021-3622 CVSS scores: CVE-2021-3622 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hivex fixes the following issues: - CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children() (bsc#1189060). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3201=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3201=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3201=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3201=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3201=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): hivex-debuginfo-1.3.14-5.6.1 hivex-debugsource-1.3.14-5.6.1 libhivex0-1.3.14-5.6.1 libhivex0-debuginfo-1.3.14-5.6.1 perl-Win-Hivex-1.3.14-5.6.1 perl-Win-Hivex-debuginfo-1.3.14-5.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.14-5.6.1 hivex-debugsource-1.3.14-5.6.1 ocaml-hivex-1.3.14-5.6.1 ocaml-hivex-debuginfo-1.3.14-5.6.1 ocaml-hivex-devel-1.3.14-5.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.14-5.6.1 hivex-debugsource-1.3.14-5.6.1 ocaml-hivex-1.3.14-5.6.1 ocaml-hivex-debuginfo-1.3.14-5.6.1 ocaml-hivex-devel-1.3.14-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.14-5.6.1 hivex-debugsource-1.3.14-5.6.1 hivex-devel-1.3.14-5.6.1 libhivex0-1.3.14-5.6.1 libhivex0-debuginfo-1.3.14-5.6.1 perl-Win-Hivex-1.3.14-5.6.1 perl-Win-Hivex-debuginfo-1.3.14-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.14-5.6.1 hivex-debugsource-1.3.14-5.6.1 hivex-devel-1.3.14-5.6.1 libhivex0-1.3.14-5.6.1 libhivex0-debuginfo-1.3.14-5.6.1 perl-Win-Hivex-1.3.14-5.6.1 perl-Win-Hivex-debuginfo-1.3.14-5.6.1 References: https://www.suse.com/security/cve/CVE-2021-3622.html https://bugzilla.suse.com/1189060 From sle-updates at lists.suse.com Thu Sep 23 13:19:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 15:19:30 +0200 (CEST) Subject: SUSE-SU-2021:3193-1: important: Security update for ffmpeg Message-ID: <20210923131930.173F9FE12@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3193-1 Rating: important References: #1189724 Cross-References: CVE-2021-38171 CVSS scores: CVE-2021-38171 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ffmpeg fixes the following issues: - CVE-2021-38171: Fixed adts_decode_extradata in libavformat/adtsenc.c to check the init_get_bits return value (bsc#1189724). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3193=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3193=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3193=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3193=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3193=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3193=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): ffmpeg-debuginfo-3.4.2-11.11.1 ffmpeg-debugsource-3.4.2-11.11.1 libavcodec-devel-3.4.2-11.11.1 libavformat-devel-3.4.2-11.11.1 libavresample-devel-3.4.2-11.11.1 libavresample3-3.4.2-11.11.1 libavresample3-debuginfo-3.4.2-11.11.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): ffmpeg-debuginfo-3.4.2-11.11.1 ffmpeg-debugsource-3.4.2-11.11.1 libavcodec-devel-3.4.2-11.11.1 libavformat-devel-3.4.2-11.11.1 libavresample-devel-3.4.2-11.11.1 libavresample3-3.4.2-11.11.1 libavresample3-debuginfo-3.4.2-11.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-11.11.1 ffmpeg-debuginfo-3.4.2-11.11.1 ffmpeg-debugsource-3.4.2-11.11.1 libavdevice57-3.4.2-11.11.1 libavdevice57-debuginfo-3.4.2-11.11.1 libavfilter6-3.4.2-11.11.1 libavfilter6-debuginfo-3.4.2-11.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-11.11.1 ffmpeg-debuginfo-3.4.2-11.11.1 ffmpeg-debugsource-3.4.2-11.11.1 libavdevice57-3.4.2-11.11.1 libavdevice57-debuginfo-3.4.2-11.11.1 libavfilter6-3.4.2-11.11.1 libavfilter6-debuginfo-3.4.2-11.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-11.11.1 ffmpeg-debugsource-3.4.2-11.11.1 libavcodec57-3.4.2-11.11.1 libavcodec57-debuginfo-3.4.2-11.11.1 libavformat57-3.4.2-11.11.1 libavformat57-debuginfo-3.4.2-11.11.1 libavresample-devel-3.4.2-11.11.1 libavresample3-3.4.2-11.11.1 libavresample3-debuginfo-3.4.2-11.11.1 libavutil-devel-3.4.2-11.11.1 libavutil55-3.4.2-11.11.1 libavutil55-debuginfo-3.4.2-11.11.1 libpostproc-devel-3.4.2-11.11.1 libpostproc54-3.4.2-11.11.1 libpostproc54-debuginfo-3.4.2-11.11.1 libswresample-devel-3.4.2-11.11.1 libswresample2-3.4.2-11.11.1 libswresample2-debuginfo-3.4.2-11.11.1 libswscale-devel-3.4.2-11.11.1 libswscale4-3.4.2-11.11.1 libswscale4-debuginfo-3.4.2-11.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64_ilp32): libavresample3-64bit-3.4.2-11.11.1 libavresample3-64bit-debuginfo-3.4.2-11.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 i586 ppc64le s390x x86_64): libavresample-devel-3.4.2-11.11.1 libavresample3-3.4.2-11.11.1 libavresample3-debuginfo-3.4.2-11.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-11.11.1 ffmpeg-debugsource-3.4.2-11.11.1 libavcodec57-3.4.2-11.11.1 libavcodec57-debuginfo-3.4.2-11.11.1 libavformat57-3.4.2-11.11.1 libavformat57-debuginfo-3.4.2-11.11.1 libavutil-devel-3.4.2-11.11.1 libavutil55-3.4.2-11.11.1 libavutil55-debuginfo-3.4.2-11.11.1 libpostproc-devel-3.4.2-11.11.1 libpostproc54-3.4.2-11.11.1 libpostproc54-debuginfo-3.4.2-11.11.1 libswresample-devel-3.4.2-11.11.1 libswresample2-3.4.2-11.11.1 libswresample2-debuginfo-3.4.2-11.11.1 libswscale-devel-3.4.2-11.11.1 libswscale4-3.4.2-11.11.1 libswscale4-debuginfo-3.4.2-11.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): libavresample3-32bit-3.4.2-11.11.1 libavresample3-32bit-debuginfo-3.4.2-11.11.1 References: https://www.suse.com/security/cve/CVE-2021-38171.html https://bugzilla.suse.com/1189724 From sle-updates at lists.suse.com Thu Sep 23 13:21:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 15:21:48 +0200 (CEST) Subject: SUSE-SU-2021:3202-1: moderate: Security update for linuxptp Message-ID: <20210923132148.980C1FE12@maintenance.suse.de> SUSE Security Update: Security update for linuxptp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3202-1 Rating: moderate References: #1187646 Cross-References: CVE-2021-3570 CVSS scores: CVE-2021-3570 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3570 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for linuxptp fixes the following issues: - CVE-2021-3570: Fixed messageLength validation field of incoming messages (bsc#1187646). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3202=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): linuxptp-3.1.1-3.3.1 linuxptp-debuginfo-3.1.1-3.3.1 linuxptp-debugsource-3.1.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3570.html https://bugzilla.suse.com/1187646 From sle-updates at lists.suse.com Thu Sep 23 13:26:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 15:26:22 +0200 (CEST) Subject: SUSE-SU-2021:3196-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) Message-ID: <20210923132622.BECB6FE12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3196-1 Rating: important References: #1189278 #1189420 Cross-References: CVE-2021-3653 CVE-2021-38198 CVSS scores: CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_147 fixes several issues. The following security issues were fixed: - CVE-2021-3653: Fixed missing validation of the KVM `int_ctl` VMCB field that would have allowed a malicious L1 guest to enable AVIC support for the L2 guest (bsc#1189420). - CVE-2021-38198: Fixed KVM MMU to use the correct inherited permissions to get shadow page (bsc#1189278). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3195=1 SUSE-SLE-SAP-12-SP3-2021-3196=1 SUSE-SLE-SAP-12-SP3-2021-3197=1 SUSE-SLE-SAP-12-SP3-2021-3198=1 SUSE-SLE-SAP-12-SP3-2021-3199=1 SUSE-SLE-SAP-12-SP3-2021-3200=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3195=1 SUSE-SLE-SERVER-12-SP3-2021-3196=1 SUSE-SLE-SERVER-12-SP3-2021-3197=1 SUSE-SLE-SERVER-12-SP3-2021-3198=1 SUSE-SLE-SERVER-12-SP3-2021-3199=1 SUSE-SLE-SERVER-12-SP3-2021-3200=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_130-default-14-2.3 kgraft-patch-4_4_180-94_130-default-debuginfo-14-2.3 kgraft-patch-4_4_180-94_135-default-12-2.3 kgraft-patch-4_4_180-94_135-default-debuginfo-12-2.3 kgraft-patch-4_4_180-94_138-default-10-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-10-2.2 kgraft-patch-4_4_180-94_141-default-9-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_144-default-6-2.2 kgraft-patch-4_4_180-94_144-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_147-default-3-2.2 kgraft-patch-4_4_180-94_147-default-debuginfo-3-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_130-default-14-2.3 kgraft-patch-4_4_180-94_130-default-debuginfo-14-2.3 kgraft-patch-4_4_180-94_135-default-12-2.3 kgraft-patch-4_4_180-94_135-default-debuginfo-12-2.3 kgraft-patch-4_4_180-94_138-default-10-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-10-2.2 kgraft-patch-4_4_180-94_141-default-9-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_144-default-6-2.2 kgraft-patch-4_4_180-94_144-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_147-default-3-2.2 kgraft-patch-4_4_180-94_147-default-debuginfo-3-2.2 References: https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-38198.html https://bugzilla.suse.com/1189278 https://bugzilla.suse.com/1189420 From sle-updates at lists.suse.com Thu Sep 23 16:18:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 18:18:35 +0200 (CEST) Subject: SUSE-RU-2021:3203-1: moderate: Recommended update for kmod Message-ID: <20210923161835.716C4FE12@maintenance.suse.de> SUSE Recommended Update: Recommended update for kmod ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3203-1 Rating: moderate References: #1189537 #1190190 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kmod fixes the following issues: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). - Enable support for ZSTD compressed modules - Display module information even for modules built into the running kernel (bsc#1189537) - '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well. - Remove test patches included in release 29 - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3203=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kmod-29-4.9.1 kmod-debuginfo-29-4.9.1 kmod-debugsource-29-4.9.1 libkmod-devel-29-4.9.1 libkmod2-29-4.9.1 libkmod2-debuginfo-29-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kmod-bash-completion-29-4.9.1 References: https://bugzilla.suse.com/1189537 https://bugzilla.suse.com/1190190 From sle-updates at lists.suse.com Thu Sep 23 16:19:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 18:19:53 +0200 (CEST) Subject: SUSE-RU-2021:3204-1: important: Recommended update for docker Message-ID: <20210923161953.8658EFE12@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3204-1 Rating: important References: #1190670 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for docker fixes the following issues: - Return ENOSYS for clone3 in the seccomp profile to avoid breaking containers using glibc 2.34. - Add shell requires for the *-completion subpackages. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2021-3204=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-20.10.6_ce-98.69.1 docker-debuginfo-20.10.6_ce-98.69.1 References: https://bugzilla.suse.com/1190670 From sle-updates at lists.suse.com Thu Sep 23 19:16:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 21:16:56 +0200 (CEST) Subject: SUSE-SU-2021:3211-1: important: Security update for nodejs14 Message-ID: <20210923191656.06F34FCC9@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3211-1 Rating: important References: #1188881 #1188917 #1189368 #1189369 #1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 CVSS scores: CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22931 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-22939 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-22940 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). - CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) - CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-3211=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-3211=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs14-14.17.5-5.15.5 nodejs14-debuginfo-14.17.5-5.15.5 nodejs14-debugsource-14.17.5-5.15.5 nodejs14-devel-14.17.5-5.15.5 npm14-14.17.5-5.15.5 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs14-docs-14.17.5-5.15.5 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs14-14.17.5-5.15.5 nodejs14-debuginfo-14.17.5-5.15.5 nodejs14-debugsource-14.17.5-5.15.5 nodejs14-devel-14.17.5-5.15.5 npm14-14.17.5-5.15.5 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs14-docs-14.17.5-5.15.5 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://www.suse.com/security/cve/CVE-2021-22931.html https://www.suse.com/security/cve/CVE-2021-22939.html https://www.suse.com/security/cve/CVE-2021-22940.html https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 https://bugzilla.suse.com/1188917 https://bugzilla.suse.com/1189368 https://bugzilla.suse.com/1189369 https://bugzilla.suse.com/1189370 From sle-updates at lists.suse.com Thu Sep 23 19:18:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 21:18:43 +0200 (CEST) Subject: SUSE-SU-2021:3206-1: important: Security update for the Linux Kernel Message-ID: <20210923191843.D91BBFCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3206-1 Rating: important References: #1040364 #1108488 #1114648 #1127650 #1129898 #1133374 #1136513 #1171420 #1183050 #1183983 #1185902 #1185973 #1187076 #1188172 #1188439 #1188616 #1188885 #1188982 #1188983 #1188985 #1189057 #1189262 #1189268 #1189269 #1189270 #1189271 #1189272 #1189291 #1189301 #1189384 #1189385 #1189392 #1189399 #1189400 #1189505 #1189506 #1189562 #1189564 #1189565 #1189566 #1189567 #1189568 #1189569 #1189573 #1189577 #1189579 #1189581 #1189582 #1189639 #1189640 #1189706 #1189846 #1190022 #1190025 #1190115 #1190117 Cross-References: CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2020-12770 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVSS scores: CVE-2018-9517 (NVD) : 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2018-9517 (SUSE): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2019-3874 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3874 (SUSE): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3900 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-3900 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12770 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-12770 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3759 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 40 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - Bluetooth: Move shutdown callback before flushing tx and rx queue (git-fixes). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - KVM: SVM: Call SEV Guest Decommission if ASID binding fails (12sp5). - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Add Intel VMD devices to pci ids (bsc#1183983). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - PCI: vmd: Add an additional VMD device id to driver device id table (bsc#1183983). - PCI: vmd: Add offset to bus numbers if necessary (bsc#1183983). - PCI: vmd: Assign membar addresses from shadow registers (bsc#1183983). - PCI: vmd: Filter resource type bits from shadow register (bsc#1183983). - PCI: vmd: Fix config addressing when using bus offsets (bsc#1183983). - PCI: vmd: Fix shadow offsets to reflect spec changes (bsc#1183983). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - block: fix trace completion for chained bio (bsc#1189505). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - crypto: ccp - Annotate SEV Firmware file names (bsc#1189268). - crypto: nx - Fix RCU warning in nx842_OF_upd_status (git-fixes). - crypto: nx - Fix memcpy() over-reading in nonce (git-fixes). - crypto: talitos - Do not modify req->cryptlen on decryption (git-fixes). - crypto: talitos - fix ECB algs ivsize (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git fixes). - dm cache metadata: Avoid returning cmd->bm wild pointer on error (git fixes). - dm era: Fix bitset memory leaks (git fixes). - dm era: Recover committed writeset after crash (git fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git fixes). - dm era: Use correct value size in equality function of writeset tree (git fixes). - dm era: Verify the data block size hasn't changed (git fixes). - dm era: only resize metadata in preresume (git fixes). - dm ioctl: fix error return code in target_message (git fixes). - dm ioctl: fix out of bounds array access when no devices (git fixes). - dm persistent data: packed struct should have an aligned() attribute too (git fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git fixes). - dm snapshot: flush merged data before committing metadata (git fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git fixes). - dm table: fix iterate_devices based device capability checks (git fixes). - dm thin metadata: Avoid returning cmd->bm wild pointer on error (git fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - ftgmac100: Restart MAC HW once (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - iommu/amd: Fix extended features logging (bsc#1189269). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189270). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189271). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189272). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kABI: s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193818). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - memcg: enable accounting for file lock caches (bsc#1190115). - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - mm/memory-failure: unnecessary amount of unmapping (bsc#1189640). - mm/memory.c: do_fault: avoid usage of stale vm_area_struct (bsc#1136513). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Performance, bsc#1189301). - mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes). - net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1187076). - nvme-fc: convert assoc_active flag to bit op (bsc#1187076). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1187076). - nvme-fc: fix double-free scenarios on hw queues (bsc#1187076). - nvme-fc: fix io timeout to abort I/O (bsc#1187076). - nvme-fc: fix racing controller reset and create association (bsc#1187076). - nvme-fc: remove err_work work item (bsc#1187076). - nvme-fc: remove nvme_fc_terminate_io() (bsc#1187076). - nvme-fc: track error_recovery while connecting (bsc#1187076). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - overflow: Correct check_shl_overflow() comment (git-fixes). - overflow: Include header file with SIZE_MAX declaration (git-fixes). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - qlcnic: Fix error code in probe (git-fixes). - r8152: Fix potential PM refcount imbalance (git-fixes). - readdir: make sure to verify directory entry for legacy interfaces too (bsc#1189639). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193818). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189384). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189384). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189384). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189384). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189384). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189384). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189384). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189384). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189384). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189384). - scsi: qla2xxx: edif: Add key update (bsc#1189384). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189384). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189384). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - virtio_net: Fix error code in probe() (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1114648). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1114648). - x86/fpu: Reset state for all signal restore failures (bsc#1114648). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1114648). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3206=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3206=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3206=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-3206=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-3206=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.88.1 kernel-default-debugsource-4.12.14-122.88.1 kernel-default-extra-4.12.14-122.88.1 kernel-default-extra-debuginfo-4.12.14-122.88.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.88.2 kernel-obs-build-debugsource-4.12.14-122.88.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.88.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.88.1 kernel-default-base-4.12.14-122.88.1 kernel-default-base-debuginfo-4.12.14-122.88.1 kernel-default-debuginfo-4.12.14-122.88.1 kernel-default-debugsource-4.12.14-122.88.1 kernel-default-devel-4.12.14-122.88.1 kernel-syms-4.12.14-122.88.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.88.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.88.1 kernel-macros-4.12.14-122.88.1 kernel-source-4.12.14-122.88.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.88.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.88.1 kernel-default-debugsource-4.12.14-122.88.1 kernel-default-kgraft-4.12.14-122.88.1 kernel-default-kgraft-devel-4.12.14-122.88.1 kgraft-patch-4_12_14-122_88-default-1-8.5.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.88.1 cluster-md-kmp-default-debuginfo-4.12.14-122.88.1 dlm-kmp-default-4.12.14-122.88.1 dlm-kmp-default-debuginfo-4.12.14-122.88.1 gfs2-kmp-default-4.12.14-122.88.1 gfs2-kmp-default-debuginfo-4.12.14-122.88.1 kernel-default-debuginfo-4.12.14-122.88.1 kernel-default-debugsource-4.12.14-122.88.1 ocfs2-kmp-default-4.12.14-122.88.1 ocfs2-kmp-default-debuginfo-4.12.14-122.88.1 References: https://www.suse.com/security/cve/CVE-2018-9517.html https://www.suse.com/security/cve/CVE-2019-3874.html https://www.suse.com/security/cve/CVE-2019-3900.html https://www.suse.com/security/cve/CVE-2020-12770.html https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-3759.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://bugzilla.suse.com/1040364 https://bugzilla.suse.com/1108488 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1127650 https://bugzilla.suse.com/1129898 https://bugzilla.suse.com/1133374 https://bugzilla.suse.com/1136513 https://bugzilla.suse.com/1171420 https://bugzilla.suse.com/1183050 https://bugzilla.suse.com/1183983 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1187076 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188439 https://bugzilla.suse.com/1188616 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188982 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189268 https://bugzilla.suse.com/1189269 https://bugzilla.suse.com/1189270 https://bugzilla.suse.com/1189271 https://bugzilla.suse.com/1189272 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189301 https://bugzilla.suse.com/1189384 https://bugzilla.suse.com/1189385 https://bugzilla.suse.com/1189392 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189505 https://bugzilla.suse.com/1189506 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1189564 https://bugzilla.suse.com/1189565 https://bugzilla.suse.com/1189566 https://bugzilla.suse.com/1189567 https://bugzilla.suse.com/1189568 https://bugzilla.suse.com/1189569 https://bugzilla.suse.com/1189573 https://bugzilla.suse.com/1189577 https://bugzilla.suse.com/1189579 https://bugzilla.suse.com/1189581 https://bugzilla.suse.com/1189582 https://bugzilla.suse.com/1189639 https://bugzilla.suse.com/1189640 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189846 https://bugzilla.suse.com/1190022 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190115 https://bugzilla.suse.com/1190117 From sle-updates at lists.suse.com Thu Sep 23 19:26:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 21:26:43 +0200 (CEST) Subject: SUSE-SU-2021:3209-1: moderate: Security update for python-reportlab Message-ID: <20210923192643.9FF96FCC9@maintenance.suse.de> SUSE Security Update: Security update for python-reportlab ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3209-1 Rating: moderate References: #1182503 #1190110 Cross-References: CVE-2020-28463 CVSS scores: CVE-2020-28463 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-28463 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python-reportlab fixes the following issues: - CVE-2020-28463: Fixed Server-side Request Forgery via img tags (bsc#1182503). - Add missing import in CVE-2020-28463 fix (bsc#1190110). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3209=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): python-reportlab-2.7-3.8.1 python-reportlab-debuginfo-2.7-3.8.1 python-reportlab-debugsource-2.7-3.8.1 References: https://www.suse.com/security/cve/CVE-2020-28463.html https://bugzilla.suse.com/1182503 https://bugzilla.suse.com/1190110 From sle-updates at lists.suse.com Thu Sep 23 19:27:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 21:27:59 +0200 (CEST) Subject: SUSE-SU-2021:3213-1: important: Security update for xen Message-ID: <20210923192759.87064FCC9@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3213-1 Rating: important References: #1189373 #1189378 #1189632 Cross-References: CVE-2021-28701 CVSS scores: CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Integrate bugfixes (bsc#1189373, bsc#1189378). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3213=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3213=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3213=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3213=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3213=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3213=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 References: https://www.suse.com/security/cve/CVE-2021-28701.html https://bugzilla.suse.com/1189373 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189632 From sle-updates at lists.suse.com Thu Sep 23 19:29:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 21:29:26 +0200 (CEST) Subject: SUSE-RU-2021:3216-1: moderate: Recommended update for yast2-migration Message-ID: <20210923192926.87E6DFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-migration ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3216-1 Rating: moderate References: #1185808 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-migration fixes the following issues: - Show the new base product license in online migration. (bsc#1185808) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-3216=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-3216=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-3216=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3216=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3216=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3216=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3216=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3216=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3216=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (noarch): yast2-migration-4.1.3-7.6.1 - SUSE Manager Retail Branch Server 4.0 (noarch): yast2-migration-4.1.3-7.6.1 - SUSE Manager Proxy 4.0 (noarch): yast2-migration-4.1.3-7.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): yast2-migration-4.1.3-7.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): yast2-migration-4.1.3-7.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): yast2-migration-4.1.3-7.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): yast2-migration-4.1.3-7.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): yast2-migration-4.1.3-7.6.1 - SUSE Enterprise Storage 6 (noarch): yast2-migration-4.1.3-7.6.1 - SUSE CaaS Platform 4.0 (noarch): yast2-migration-4.1.3-7.6.1 References: https://bugzilla.suse.com/1185808 From sle-updates at lists.suse.com Thu Sep 23 19:32:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 21:32:20 +0200 (CEST) Subject: SUSE-SU-2021:3210-1: moderate: Security update for hivex Message-ID: <20210923193220.CC55EFCC9@maintenance.suse.de> SUSE Security Update: Security update for hivex ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3210-1 Rating: moderate References: #1189060 Cross-References: CVE-2021-3622 CVSS scores: CVE-2021-3622 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hivex fixes the following issues: - CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children() (bsc#1189060). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3210=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3210=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.10-5.7.1 hivex-debugsource-1.3.10-5.7.1 hivex-devel-1.3.10-5.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): hivex-debuginfo-1.3.10-5.7.1 hivex-debugsource-1.3.10-5.7.1 libhivex0-1.3.10-5.7.1 libhivex0-debuginfo-1.3.10-5.7.1 perl-Win-Hivex-1.3.10-5.7.1 perl-Win-Hivex-debuginfo-1.3.10-5.7.1 References: https://www.suse.com/security/cve/CVE-2021-3622.html https://bugzilla.suse.com/1189060 From sle-updates at lists.suse.com Thu Sep 23 19:33:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 21:33:32 +0200 (CEST) Subject: SUSE-SU-2021:3217-1: important: Security update for the Linux Kernel Message-ID: <20210923193332.F3546FCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3217-1 Rating: important References: #1040364 #1108488 #1114648 #1127650 #1129898 #1133374 #1136513 #1171420 #1183050 #1183983 #1185902 #1185973 #1187076 #1188172 #1188439 #1188616 #1188885 #1188982 #1188983 #1188985 #1189057 #1189262 #1189268 #1189269 #1189270 #1189271 #1189272 #1189291 #1189301 #1189384 #1189385 #1189392 #1189399 #1189400 #1189505 #1189506 #1189562 #1189564 #1189565 #1189566 #1189567 #1189568 #1189569 #1189573 #1189577 #1189579 #1189581 #1189582 #1189639 #1189640 #1189706 #1189846 #1190022 #1190025 #1190115 #1190117 Cross-References: CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2020-12770 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVSS scores: CVE-2018-9517 (NVD) : 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2018-9517 (SUSE): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2019-3874 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3874 (SUSE): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3900 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-3900 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12770 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-12770 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3759 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 40 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - Bluetooth: Move shutdown callback before flushing tx and rx queue (git-fixes). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - KVM: SVM: Call SEV Guest Decommission if ASID binding fails (12sp5). - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Add Intel VMD devices to pci ids (bsc#1183983). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - PCI: vmd: Add an additional VMD device id to driver device id table (bsc#1183983). - PCI: vmd: Add offset to bus numbers if necessary (bsc#1183983). - PCI: vmd: Assign membar addresses from shadow registers (bsc#1183983). - PCI: vmd: Filter resource type bits from shadow register (bsc#1183983). - PCI: vmd: Fix config addressing when using bus offsets (bsc#1183983). - PCI: vmd: Fix shadow offsets to reflect spec changes (bsc#1183983). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - block: fix trace completion for chained bio (bsc#1189505). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - crypto: ccp - Annotate SEV Firmware file names (bsc#1189268). - crypto: nx - Fix RCU warning in nx842_OF_upd_status (git-fixes). - crypto: nx - Fix memcpy() over-reading in nonce (git-fixes). - crypto: talitos - Do not modify req->cryptlen on decryption (git-fixes). - crypto: talitos - fix ECB algs ivsize (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git fixes). - dm cache metadata: Avoid returning cmd->bm wild pointer on error (git fixes). - dm era: Fix bitset memory leaks (git fixes). - dm era: Recover committed writeset after crash (git fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git fixes). - dm era: Use correct value size in equality function of writeset tree (git fixes). - dm era: Verify the data block size hasn't changed (git fixes). - dm era: only resize metadata in preresume (git fixes). - dm ioctl: fix error return code in target_message (git fixes). - dm ioctl: fix out of bounds array access when no devices (git fixes). - dm persistent data: packed struct should have an aligned() attribute too (git fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git fixes). - dm snapshot: flush merged data before committing metadata (git fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git fixes). - dm table: fix iterate_devices based device capability checks (git fixes). - dm thin metadata: Avoid returning cmd->bm wild pointer on error (git fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - ftgmac100: Restart MAC HW once (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - iommu/amd: Fix extended features logging (bsc#1189269). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189270). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189271). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189272). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kABI: s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193818). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - memcg: enable accounting for file lock caches (bsc#1190115). - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - mm/memory-failure: unnecessary amount of unmapping (bsc#1189640). - mm/memory.c: do_fault: avoid usage of stale vm_area_struct (bsc#1136513). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Performance, bsc#1189301). - mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes). - net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1187076). - nvme-fc: convert assoc_active flag to bit op (bsc#1187076). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1187076). - nvme-fc: fix double-free scenarios on hw queues (bsc#1187076). - nvme-fc: fix io timeout to abort I/O (bsc#1187076). - nvme-fc: fix racing controller reset and create association (bsc#1187076). - nvme-fc: remove err_work work item (bsc#1187076). - nvme-fc: remove nvme_fc_terminate_io() (bsc#1187076). - nvme-fc: track error_recovery while connecting (bsc#1187076). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - overflow: Correct check_shl_overflow() comment (git-fixes). - overflow: Include header file with SIZE_MAX declaration (git-fixes). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - qlcnic: Fix error code in probe (git-fixes). - r8152: Fix potential PM refcount imbalance (git-fixes). - readdir: make sure to verify directory entry for legacy interfaces too (bsc#1189639). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193818). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189384). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189384). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189384). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189384). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189384). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189384). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189384). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189384). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189384). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189384). - scsi: qla2xxx: edif: Add key update (bsc#1189384). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189384). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189384). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - virtio_net: Fix error code in probe() (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1114648). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1114648). - x86/fpu: Reset state for all signal restore failures (bsc#1114648). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1114648). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-3217=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.57.1 kernel-source-rt-4.12.14-10.57.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.57.2 cluster-md-kmp-rt-debuginfo-4.12.14-10.57.2 dlm-kmp-rt-4.12.14-10.57.2 dlm-kmp-rt-debuginfo-4.12.14-10.57.2 gfs2-kmp-rt-4.12.14-10.57.2 gfs2-kmp-rt-debuginfo-4.12.14-10.57.2 kernel-rt-4.12.14-10.57.2 kernel-rt-base-4.12.14-10.57.2 kernel-rt-base-debuginfo-4.12.14-10.57.2 kernel-rt-debuginfo-4.12.14-10.57.2 kernel-rt-debugsource-4.12.14-10.57.2 kernel-rt-devel-4.12.14-10.57.2 kernel-rt-devel-debuginfo-4.12.14-10.57.2 kernel-rt_debug-4.12.14-10.57.2 kernel-rt_debug-debuginfo-4.12.14-10.57.2 kernel-rt_debug-debugsource-4.12.14-10.57.2 kernel-rt_debug-devel-4.12.14-10.57.2 kernel-rt_debug-devel-debuginfo-4.12.14-10.57.2 kernel-syms-rt-4.12.14-10.57.1 ocfs2-kmp-rt-4.12.14-10.57.2 ocfs2-kmp-rt-debuginfo-4.12.14-10.57.2 References: https://www.suse.com/security/cve/CVE-2018-9517.html https://www.suse.com/security/cve/CVE-2019-3874.html https://www.suse.com/security/cve/CVE-2019-3900.html https://www.suse.com/security/cve/CVE-2020-12770.html https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-3759.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://bugzilla.suse.com/1040364 https://bugzilla.suse.com/1108488 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1127650 https://bugzilla.suse.com/1129898 https://bugzilla.suse.com/1133374 https://bugzilla.suse.com/1136513 https://bugzilla.suse.com/1171420 https://bugzilla.suse.com/1183050 https://bugzilla.suse.com/1183983 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1187076 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188439 https://bugzilla.suse.com/1188616 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188982 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189268 https://bugzilla.suse.com/1189269 https://bugzilla.suse.com/1189270 https://bugzilla.suse.com/1189271 https://bugzilla.suse.com/1189272 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189301 https://bugzilla.suse.com/1189384 https://bugzilla.suse.com/1189385 https://bugzilla.suse.com/1189392 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189505 https://bugzilla.suse.com/1189506 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1189564 https://bugzilla.suse.com/1189565 https://bugzilla.suse.com/1189566 https://bugzilla.suse.com/1189567 https://bugzilla.suse.com/1189568 https://bugzilla.suse.com/1189569 https://bugzilla.suse.com/1189573 https://bugzilla.suse.com/1189577 https://bugzilla.suse.com/1189579 https://bugzilla.suse.com/1189581 https://bugzilla.suse.com/1189582 https://bugzilla.suse.com/1189639 https://bugzilla.suse.com/1189640 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189846 https://bugzilla.suse.com/1190022 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190115 https://bugzilla.suse.com/1190117 From sle-updates at lists.suse.com Thu Sep 23 19:41:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 21:41:33 +0200 (CEST) Subject: SUSE-SU-2021:14807-1: moderate: Security update for curl Message-ID: <20210923194133.86947FE12@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14807-1 Rating: moderate References: #1190373 #1190374 Cross-References: CVE-2021-22946 CVE-2021-22947 CVSS scores: CVE-2021-22946 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22947 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-14807=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.37.0-70.74.1 libcurl4-openssl1-7.37.0-70.74.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.37.0-70.74.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.37.0-70.74.1 References: https://www.suse.com/security/cve/CVE-2021-22946.html https://www.suse.com/security/cve/CVE-2021-22947.html https://bugzilla.suse.com/1190373 https://bugzilla.suse.com/1190374 From sle-updates at lists.suse.com Thu Sep 23 19:43:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 21:43:01 +0200 (CEST) Subject: SUSE-SU-2021:3205-1: important: Security update for the Linux Kernel Message-ID: <20210923194301.8F075FE12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3205-1 Rating: important References: #1040364 #1127650 #1135481 #1152489 #1160010 #1168202 #1171420 #1174969 #1175052 #1175543 #1177399 #1180100 #1180141 #1180347 #1181006 #1181148 #1181972 #1184180 #1185902 #1186264 #1186731 #1187211 #1187455 #1187468 #1187483 #1187619 #1187959 #1188067 #1188172 #1188231 #1188270 #1188412 #1188418 #1188616 #1188700 #1188780 #1188781 #1188782 #1188783 #1188784 #1188786 #1188787 #1188788 #1188790 #1188878 #1188885 #1188924 #1188982 #1188983 #1188985 #1189021 #1189057 #1189077 #1189153 #1189197 #1189209 #1189210 #1189212 #1189213 #1189214 #1189215 #1189216 #1189217 #1189218 #1189219 #1189220 #1189221 #1189222 #1189225 #1189229 #1189233 #1189262 #1189291 #1189292 #1189296 #1189298 #1189301 #1189305 #1189323 #1189384 #1189385 #1189392 #1189393 #1189399 #1189400 #1189427 #1189503 #1189504 #1189505 #1189506 #1189507 #1189562 #1189563 #1189564 #1189565 #1189566 #1189567 #1189568 #1189569 #1189573 #1189574 #1189575 #1189576 #1189577 #1189579 #1189581 #1189582 #1189583 #1189585 #1189586 #1189587 #1189706 #1189760 #1189762 #1189832 #1189841 #1189870 #1189872 #1189883 #1190022 #1190025 #1190115 #1190117 #1190412 #1190413 #1190428 Cross-References: CVE-2020-12770 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209 CVSS scores: CVE-2020-12770 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-12770 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3739 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3743 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3759 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38166 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38205 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-38206 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38206 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38207 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38209 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that solves 20 vulnerabilities and has 106 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ). - CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393). - CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412) - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest (bsc#1187959). - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - device-dax: Fix default return code of range_parse() (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes). - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes). - drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes). - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes). - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm/i915/dg1: gmbus pin mapping (bsc#1188700). - drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700). - drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700). - drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700). - drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700). - drm/i915: Add VBT AUX CH H and I (bsc#1188700). - drm/i915: Add VBT DVO ports H and I (bsc#1188700). - drm/i915: Add more AUX CHs to the enum (bsc#1188700). - drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700). - drm/i915: Correct SFC_DONE register offset (git-fixes). - drm/i915: Introduce HPD_PORT_TC<n> (bsc#1188700). - drm/i915: Move hpd_pin setup to encoder init (bsc#1188700). - drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fixup "rpm: support gz and zst compression methods" (bsc#1190358, bsc#1190428). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - md: revert io stats accounting (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412) - net/mlx5: Properly convey driver version to firmware (git-fixes). - net/mlx5e: Add missing capability check for uplink follow (bsc#1188412) - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270) - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - post.sh: detect /usr mountpoint too - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name at unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol which is kABI change but not kABI break. - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - virt_wifi: fix error on connect (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Use "SEV: " prefix for messages from sev.c (jsc#SLE-14337). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3205=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3205=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-3205=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3205=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3205=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3205=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-59.24.1 kernel-default-debugsource-5.3.18-59.24.1 kernel-default-extra-5.3.18-59.24.1 kernel-default-extra-debuginfo-5.3.18-59.24.1 kernel-preempt-debuginfo-5.3.18-59.24.1 kernel-preempt-debugsource-5.3.18-59.24.1 kernel-preempt-extra-5.3.18-59.24.1 kernel-preempt-extra-debuginfo-5.3.18-59.24.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-59.24.1 kernel-default-debugsource-5.3.18-59.24.1 kernel-default-livepatch-5.3.18-59.24.1 kernel-default-livepatch-devel-5.3.18-59.24.1 kernel-livepatch-5_3_18-59_24-default-1-7.5.1 kernel-livepatch-5_3_18-59_24-default-debuginfo-1-7.5.1 kernel-livepatch-SLE15-SP3_Update_6-debugsource-1-7.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-59.24.1 kernel-default-debugsource-5.3.18-59.24.1 reiserfs-kmp-default-5.3.18-59.24.1 reiserfs-kmp-default-debuginfo-5.3.18-59.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-59.24.1 kernel-obs-build-debugsource-5.3.18-59.24.1 kernel-syms-5.3.18-59.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-59.24.1 kernel-preempt-debugsource-5.3.18-59.24.1 kernel-preempt-devel-5.3.18-59.24.1 kernel-preempt-devel-debuginfo-5.3.18-59.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-59.24.1 kernel-source-5.3.18-59.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-59.24.1 kernel-default-base-5.3.18-59.24.1.18.12.1 kernel-default-debuginfo-5.3.18-59.24.1 kernel-default-debugsource-5.3.18-59.24.1 kernel-default-devel-5.3.18-59.24.1 kernel-default-devel-debuginfo-5.3.18-59.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-59.24.1 kernel-preempt-debuginfo-5.3.18-59.24.1 kernel-preempt-debugsource-5.3.18-59.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-59.24.1 kernel-64kb-debuginfo-5.3.18-59.24.1 kernel-64kb-debugsource-5.3.18-59.24.1 kernel-64kb-devel-5.3.18-59.24.1 kernel-64kb-devel-debuginfo-5.3.18-59.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-59.24.1 kernel-macros-5.3.18-59.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-59.24.1 kernel-zfcpdump-debuginfo-5.3.18-59.24.1 kernel-zfcpdump-debugsource-5.3.18-59.24.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-59.24.1 cluster-md-kmp-default-debuginfo-5.3.18-59.24.1 dlm-kmp-default-5.3.18-59.24.1 dlm-kmp-default-debuginfo-5.3.18-59.24.1 gfs2-kmp-default-5.3.18-59.24.1 gfs2-kmp-default-debuginfo-5.3.18-59.24.1 kernel-default-debuginfo-5.3.18-59.24.1 kernel-default-debugsource-5.3.18-59.24.1 ocfs2-kmp-default-5.3.18-59.24.1 ocfs2-kmp-default-debuginfo-5.3.18-59.24.1 References: https://www.suse.com/security/cve/CVE-2020-12770.html https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3739.html https://www.suse.com/security/cve/CVE-2021-3743.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-3759.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38166.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://www.suse.com/security/cve/CVE-2021-38205.html https://www.suse.com/security/cve/CVE-2021-38206.html https://www.suse.com/security/cve/CVE-2021-38207.html https://www.suse.com/security/cve/CVE-2021-38209.html https://bugzilla.suse.com/1040364 https://bugzilla.suse.com/1127650 https://bugzilla.suse.com/1135481 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1160010 https://bugzilla.suse.com/1168202 https://bugzilla.suse.com/1171420 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175543 https://bugzilla.suse.com/1177399 https://bugzilla.suse.com/1180100 https://bugzilla.suse.com/1180141 https://bugzilla.suse.com/1180347 https://bugzilla.suse.com/1181006 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181972 https://bugzilla.suse.com/1184180 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1186264 https://bugzilla.suse.com/1186731 https://bugzilla.suse.com/1187211 https://bugzilla.suse.com/1187455 https://bugzilla.suse.com/1187468 https://bugzilla.suse.com/1187483 https://bugzilla.suse.com/1187619 https://bugzilla.suse.com/1187959 https://bugzilla.suse.com/1188067 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188231 https://bugzilla.suse.com/1188270 https://bugzilla.suse.com/1188412 https://bugzilla.suse.com/1188418 https://bugzilla.suse.com/1188616 https://bugzilla.suse.com/1188700 https://bugzilla.suse.com/1188780 https://bugzilla.suse.com/1188781 https://bugzilla.suse.com/1188782 https://bugzilla.suse.com/1188783 https://bugzilla.suse.com/1188784 https://bugzilla.suse.com/1188786 https://bugzilla.suse.com/1188787 https://bugzilla.suse.com/1188788 https://bugzilla.suse.com/1188790 https://bugzilla.suse.com/1188878 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188924 https://bugzilla.suse.com/1188982 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189021 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189077 https://bugzilla.suse.com/1189153 https://bugzilla.suse.com/1189197 https://bugzilla.suse.com/1189209 https://bugzilla.suse.com/1189210 https://bugzilla.suse.com/1189212 https://bugzilla.suse.com/1189213 https://bugzilla.suse.com/1189214 https://bugzilla.suse.com/1189215 https://bugzilla.suse.com/1189216 https://bugzilla.suse.com/1189217 https://bugzilla.suse.com/1189218 https://bugzilla.suse.com/1189219 https://bugzilla.suse.com/1189220 https://bugzilla.suse.com/1189221 https://bugzilla.suse.com/1189222 https://bugzilla.suse.com/1189225 https://bugzilla.suse.com/1189229 https://bugzilla.suse.com/1189233 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189292 https://bugzilla.suse.com/1189296 https://bugzilla.suse.com/1189298 https://bugzilla.suse.com/1189301 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189323 https://bugzilla.suse.com/1189384 https://bugzilla.suse.com/1189385 https://bugzilla.suse.com/1189392 https://bugzilla.suse.com/1189393 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189427 https://bugzilla.suse.com/1189503 https://bugzilla.suse.com/1189504 https://bugzilla.suse.com/1189505 https://bugzilla.suse.com/1189506 https://bugzilla.suse.com/1189507 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1189563 https://bugzilla.suse.com/1189564 https://bugzilla.suse.com/1189565 https://bugzilla.suse.com/1189566 https://bugzilla.suse.com/1189567 https://bugzilla.suse.com/1189568 https://bugzilla.suse.com/1189569 https://bugzilla.suse.com/1189573 https://bugzilla.suse.com/1189574 https://bugzilla.suse.com/1189575 https://bugzilla.suse.com/1189576 https://bugzilla.suse.com/1189577 https://bugzilla.suse.com/1189579 https://bugzilla.suse.com/1189581 https://bugzilla.suse.com/1189582 https://bugzilla.suse.com/1189583 https://bugzilla.suse.com/1189585 https://bugzilla.suse.com/1189586 https://bugzilla.suse.com/1189587 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189760 https://bugzilla.suse.com/1189762 https://bugzilla.suse.com/1189832 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1189870 https://bugzilla.suse.com/1189872 https://bugzilla.suse.com/1189883 https://bugzilla.suse.com/1190022 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190115 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190412 https://bugzilla.suse.com/1190413 https://bugzilla.suse.com/1190428 From sle-updates at lists.suse.com Thu Sep 23 19:59:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 21:59:25 +0200 (CEST) Subject: SUSE-SU-2021:3212-1: important: Security update for ffmpeg Message-ID: <20210923195925.2F7F7FCC9@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3212-1 Rating: important References: #1189724 Cross-References: CVE-2021-38171 CVSS scores: CVE-2021-38171 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ffmpeg fixes the following issues: - CVE-2021-38171: Fixed adts_decode_extradata in libavformat/adtsenc.c to check the init_get_bits return value (bsc#1189724). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3212=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3212=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3212=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3212=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3212=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3212=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3212=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3212=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3212=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3212=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): ffmpeg-debuginfo-3.4.2-4.37.1 ffmpeg-debugsource-3.4.2-4.37.1 libavcodec-devel-3.4.2-4.37.1 libavcodec57-3.4.2-4.37.1 libavcodec57-debuginfo-3.4.2-4.37.1 libavdevice-devel-3.4.2-4.37.1 libavdevice57-3.4.2-4.37.1 libavdevice57-debuginfo-3.4.2-4.37.1 libavfilter-devel-3.4.2-4.37.1 libavfilter6-3.4.2-4.37.1 libavfilter6-debuginfo-3.4.2-4.37.1 libavformat-devel-3.4.2-4.37.1 libavformat57-3.4.2-4.37.1 libavformat57-debuginfo-3.4.2-4.37.1 libavresample-devel-3.4.2-4.37.1 libavresample3-3.4.2-4.37.1 libavresample3-debuginfo-3.4.2-4.37.1 libavutil-devel-3.4.2-4.37.1 libavutil55-3.4.2-4.37.1 libavutil55-debuginfo-3.4.2-4.37.1 libpostproc-devel-3.4.2-4.37.1 libpostproc54-3.4.2-4.37.1 libpostproc54-debuginfo-3.4.2-4.37.1 libswresample-devel-3.4.2-4.37.1 libswresample2-3.4.2-4.37.1 libswresample2-debuginfo-3.4.2-4.37.1 libswscale-devel-3.4.2-4.37.1 libswscale4-3.4.2-4.37.1 libswscale4-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libavcodec57-32bit-3.4.2-4.37.1 libavcodec57-32bit-debuginfo-3.4.2-4.37.1 libavdevice57-32bit-3.4.2-4.37.1 libavdevice57-32bit-debuginfo-3.4.2-4.37.1 libavfilter6-32bit-3.4.2-4.37.1 libavfilter6-32bit-debuginfo-3.4.2-4.37.1 libavformat57-32bit-3.4.2-4.37.1 libavformat57-32bit-debuginfo-3.4.2-4.37.1 libavresample3-32bit-3.4.2-4.37.1 libavresample3-32bit-debuginfo-3.4.2-4.37.1 libavutil55-32bit-3.4.2-4.37.1 libavutil55-32bit-debuginfo-3.4.2-4.37.1 libpostproc54-32bit-3.4.2-4.37.1 libpostproc54-32bit-debuginfo-3.4.2-4.37.1 libswresample2-32bit-3.4.2-4.37.1 libswresample2-32bit-debuginfo-3.4.2-4.37.1 libswscale4-32bit-3.4.2-4.37.1 libswscale4-32bit-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): ffmpeg-debuginfo-3.4.2-4.37.1 ffmpeg-debugsource-3.4.2-4.37.1 libavcodec-devel-3.4.2-4.37.1 libavcodec57-3.4.2-4.37.1 libavcodec57-debuginfo-3.4.2-4.37.1 libavdevice-devel-3.4.2-4.37.1 libavdevice57-3.4.2-4.37.1 libavdevice57-debuginfo-3.4.2-4.37.1 libavfilter-devel-3.4.2-4.37.1 libavfilter6-3.4.2-4.37.1 libavfilter6-debuginfo-3.4.2-4.37.1 libavformat-devel-3.4.2-4.37.1 libavformat57-3.4.2-4.37.1 libavformat57-debuginfo-3.4.2-4.37.1 libavresample-devel-3.4.2-4.37.1 libavresample3-3.4.2-4.37.1 libavresample3-debuginfo-3.4.2-4.37.1 libavutil-devel-3.4.2-4.37.1 libavutil55-3.4.2-4.37.1 libavutil55-debuginfo-3.4.2-4.37.1 libpostproc-devel-3.4.2-4.37.1 libpostproc54-3.4.2-4.37.1 libpostproc54-debuginfo-3.4.2-4.37.1 libswresample-devel-3.4.2-4.37.1 libswresample2-3.4.2-4.37.1 libswresample2-debuginfo-3.4.2-4.37.1 libswscale-devel-3.4.2-4.37.1 libswscale4-3.4.2-4.37.1 libswscale4-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libavcodec57-32bit-3.4.2-4.37.1 libavcodec57-32bit-debuginfo-3.4.2-4.37.1 libavdevice57-32bit-3.4.2-4.37.1 libavdevice57-32bit-debuginfo-3.4.2-4.37.1 libavfilter6-32bit-3.4.2-4.37.1 libavfilter6-32bit-debuginfo-3.4.2-4.37.1 libavformat57-32bit-3.4.2-4.37.1 libavformat57-32bit-debuginfo-3.4.2-4.37.1 libavresample3-32bit-3.4.2-4.37.1 libavresample3-32bit-debuginfo-3.4.2-4.37.1 libavutil55-32bit-3.4.2-4.37.1 libavutil55-32bit-debuginfo-3.4.2-4.37.1 libpostproc54-32bit-3.4.2-4.37.1 libpostproc54-32bit-debuginfo-3.4.2-4.37.1 libswresample2-32bit-3.4.2-4.37.1 libswresample2-32bit-debuginfo-3.4.2-4.37.1 libswscale4-32bit-3.4.2-4.37.1 libswscale4-32bit-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-4.37.1 ffmpeg-debugsource-3.4.2-4.37.1 libavcodec-devel-3.4.2-4.37.1 libavcodec57-3.4.2-4.37.1 libavcodec57-debuginfo-3.4.2-4.37.1 libavdevice-devel-3.4.2-4.37.1 libavdevice57-3.4.2-4.37.1 libavdevice57-debuginfo-3.4.2-4.37.1 libavfilter-devel-3.4.2-4.37.1 libavfilter6-3.4.2-4.37.1 libavfilter6-debuginfo-3.4.2-4.37.1 libavformat-devel-3.4.2-4.37.1 libavformat57-3.4.2-4.37.1 libavformat57-debuginfo-3.4.2-4.37.1 libavresample-devel-3.4.2-4.37.1 libavresample3-3.4.2-4.37.1 libavresample3-debuginfo-3.4.2-4.37.1 libavutil-devel-3.4.2-4.37.1 libavutil55-3.4.2-4.37.1 libavutil55-debuginfo-3.4.2-4.37.1 libpostproc-devel-3.4.2-4.37.1 libpostproc54-3.4.2-4.37.1 libpostproc54-debuginfo-3.4.2-4.37.1 libswresample-devel-3.4.2-4.37.1 libswresample2-3.4.2-4.37.1 libswresample2-debuginfo-3.4.2-4.37.1 libswscale-devel-3.4.2-4.37.1 libswscale4-3.4.2-4.37.1 libswscale4-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libavcodec57-32bit-3.4.2-4.37.1 libavcodec57-32bit-debuginfo-3.4.2-4.37.1 libavdevice57-32bit-3.4.2-4.37.1 libavdevice57-32bit-debuginfo-3.4.2-4.37.1 libavfilter6-32bit-3.4.2-4.37.1 libavfilter6-32bit-debuginfo-3.4.2-4.37.1 libavformat57-32bit-3.4.2-4.37.1 libavformat57-32bit-debuginfo-3.4.2-4.37.1 libavresample3-32bit-3.4.2-4.37.1 libavresample3-32bit-debuginfo-3.4.2-4.37.1 libavutil55-32bit-3.4.2-4.37.1 libavutil55-32bit-debuginfo-3.4.2-4.37.1 libpostproc54-32bit-3.4.2-4.37.1 libpostproc54-32bit-debuginfo-3.4.2-4.37.1 libswresample2-32bit-3.4.2-4.37.1 libswresample2-32bit-debuginfo-3.4.2-4.37.1 libswscale4-32bit-3.4.2-4.37.1 libswscale4-32bit-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): ffmpeg-debuginfo-3.4.2-4.37.1 ffmpeg-debugsource-3.4.2-4.37.1 libavcodec-devel-3.4.2-4.37.1 libavcodec57-3.4.2-4.37.1 libavcodec57-32bit-3.4.2-4.37.1 libavcodec57-32bit-debuginfo-3.4.2-4.37.1 libavcodec57-debuginfo-3.4.2-4.37.1 libavdevice-devel-3.4.2-4.37.1 libavdevice57-3.4.2-4.37.1 libavdevice57-32bit-3.4.2-4.37.1 libavdevice57-32bit-debuginfo-3.4.2-4.37.1 libavdevice57-debuginfo-3.4.2-4.37.1 libavfilter-devel-3.4.2-4.37.1 libavfilter6-3.4.2-4.37.1 libavfilter6-32bit-3.4.2-4.37.1 libavfilter6-32bit-debuginfo-3.4.2-4.37.1 libavfilter6-debuginfo-3.4.2-4.37.1 libavformat-devel-3.4.2-4.37.1 libavformat57-3.4.2-4.37.1 libavformat57-32bit-3.4.2-4.37.1 libavformat57-32bit-debuginfo-3.4.2-4.37.1 libavformat57-debuginfo-3.4.2-4.37.1 libavresample-devel-3.4.2-4.37.1 libavresample3-3.4.2-4.37.1 libavresample3-32bit-3.4.2-4.37.1 libavresample3-32bit-debuginfo-3.4.2-4.37.1 libavresample3-debuginfo-3.4.2-4.37.1 libavutil-devel-3.4.2-4.37.1 libavutil55-3.4.2-4.37.1 libavutil55-32bit-3.4.2-4.37.1 libavutil55-32bit-debuginfo-3.4.2-4.37.1 libavutil55-debuginfo-3.4.2-4.37.1 libpostproc-devel-3.4.2-4.37.1 libpostproc54-3.4.2-4.37.1 libpostproc54-32bit-3.4.2-4.37.1 libpostproc54-32bit-debuginfo-3.4.2-4.37.1 libpostproc54-debuginfo-3.4.2-4.37.1 libswresample-devel-3.4.2-4.37.1 libswresample2-3.4.2-4.37.1 libswresample2-32bit-3.4.2-4.37.1 libswresample2-32bit-debuginfo-3.4.2-4.37.1 libswresample2-debuginfo-3.4.2-4.37.1 libswscale-devel-3.4.2-4.37.1 libswscale4-3.4.2-4.37.1 libswscale4-32bit-3.4.2-4.37.1 libswscale4-32bit-debuginfo-3.4.2-4.37.1 libswscale4-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): ffmpeg-debuginfo-3.4.2-4.37.1 ffmpeg-debugsource-3.4.2-4.37.1 libavcodec-devel-3.4.2-4.37.1 libavcodec57-3.4.2-4.37.1 libavcodec57-debuginfo-3.4.2-4.37.1 libavdevice-devel-3.4.2-4.37.1 libavdevice57-3.4.2-4.37.1 libavdevice57-debuginfo-3.4.2-4.37.1 libavfilter-devel-3.4.2-4.37.1 libavfilter6-3.4.2-4.37.1 libavfilter6-debuginfo-3.4.2-4.37.1 libavformat-devel-3.4.2-4.37.1 libavformat57-3.4.2-4.37.1 libavformat57-debuginfo-3.4.2-4.37.1 libavresample-devel-3.4.2-4.37.1 libavresample3-3.4.2-4.37.1 libavresample3-debuginfo-3.4.2-4.37.1 libavutil-devel-3.4.2-4.37.1 libavutil55-3.4.2-4.37.1 libavutil55-debuginfo-3.4.2-4.37.1 libpostproc-devel-3.4.2-4.37.1 libpostproc54-3.4.2-4.37.1 libpostproc54-debuginfo-3.4.2-4.37.1 libswresample-devel-3.4.2-4.37.1 libswresample2-3.4.2-4.37.1 libswresample2-debuginfo-3.4.2-4.37.1 libswscale-devel-3.4.2-4.37.1 libswscale4-3.4.2-4.37.1 libswscale4-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-4.37.1 ffmpeg-debugsource-3.4.2-4.37.1 libavcodec-devel-3.4.2-4.37.1 libavcodec57-3.4.2-4.37.1 libavcodec57-debuginfo-3.4.2-4.37.1 libavdevice-devel-3.4.2-4.37.1 libavdevice57-3.4.2-4.37.1 libavdevice57-debuginfo-3.4.2-4.37.1 libavfilter-devel-3.4.2-4.37.1 libavfilter6-3.4.2-4.37.1 libavfilter6-debuginfo-3.4.2-4.37.1 libavformat-devel-3.4.2-4.37.1 libavformat57-3.4.2-4.37.1 libavformat57-debuginfo-3.4.2-4.37.1 libavresample-devel-3.4.2-4.37.1 libavresample3-3.4.2-4.37.1 libavresample3-debuginfo-3.4.2-4.37.1 libavutil-devel-3.4.2-4.37.1 libavutil55-3.4.2-4.37.1 libavutil55-debuginfo-3.4.2-4.37.1 libpostproc-devel-3.4.2-4.37.1 libpostproc54-3.4.2-4.37.1 libpostproc54-debuginfo-3.4.2-4.37.1 libswresample-devel-3.4.2-4.37.1 libswresample2-3.4.2-4.37.1 libswresample2-debuginfo-3.4.2-4.37.1 libswscale-devel-3.4.2-4.37.1 libswscale4-3.4.2-4.37.1 libswscale4-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libavcodec57-32bit-3.4.2-4.37.1 libavcodec57-32bit-debuginfo-3.4.2-4.37.1 libavdevice57-32bit-3.4.2-4.37.1 libavdevice57-32bit-debuginfo-3.4.2-4.37.1 libavfilter6-32bit-3.4.2-4.37.1 libavfilter6-32bit-debuginfo-3.4.2-4.37.1 libavformat57-32bit-3.4.2-4.37.1 libavformat57-32bit-debuginfo-3.4.2-4.37.1 libavresample3-32bit-3.4.2-4.37.1 libavresample3-32bit-debuginfo-3.4.2-4.37.1 libavutil55-32bit-3.4.2-4.37.1 libavutil55-32bit-debuginfo-3.4.2-4.37.1 libpostproc54-32bit-3.4.2-4.37.1 libpostproc54-32bit-debuginfo-3.4.2-4.37.1 libswresample2-32bit-3.4.2-4.37.1 libswresample2-32bit-debuginfo-3.4.2-4.37.1 libswscale4-32bit-3.4.2-4.37.1 libswscale4-32bit-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-4.37.1 ffmpeg-debugsource-3.4.2-4.37.1 libavcodec-devel-3.4.2-4.37.1 libavcodec57-3.4.2-4.37.1 libavcodec57-debuginfo-3.4.2-4.37.1 libavdevice-devel-3.4.2-4.37.1 libavdevice57-3.4.2-4.37.1 libavdevice57-debuginfo-3.4.2-4.37.1 libavfilter-devel-3.4.2-4.37.1 libavfilter6-3.4.2-4.37.1 libavfilter6-debuginfo-3.4.2-4.37.1 libavformat-devel-3.4.2-4.37.1 libavformat57-3.4.2-4.37.1 libavformat57-debuginfo-3.4.2-4.37.1 libavresample-devel-3.4.2-4.37.1 libavresample3-3.4.2-4.37.1 libavresample3-debuginfo-3.4.2-4.37.1 libavutil-devel-3.4.2-4.37.1 libavutil55-3.4.2-4.37.1 libavutil55-debuginfo-3.4.2-4.37.1 libpostproc-devel-3.4.2-4.37.1 libpostproc54-3.4.2-4.37.1 libpostproc54-debuginfo-3.4.2-4.37.1 libswresample-devel-3.4.2-4.37.1 libswresample2-3.4.2-4.37.1 libswresample2-debuginfo-3.4.2-4.37.1 libswscale-devel-3.4.2-4.37.1 libswscale4-3.4.2-4.37.1 libswscale4-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libavcodec57-32bit-3.4.2-4.37.1 libavcodec57-32bit-debuginfo-3.4.2-4.37.1 libavdevice57-32bit-3.4.2-4.37.1 libavdevice57-32bit-debuginfo-3.4.2-4.37.1 libavfilter6-32bit-3.4.2-4.37.1 libavfilter6-32bit-debuginfo-3.4.2-4.37.1 libavformat57-32bit-3.4.2-4.37.1 libavformat57-32bit-debuginfo-3.4.2-4.37.1 libavresample3-32bit-3.4.2-4.37.1 libavresample3-32bit-debuginfo-3.4.2-4.37.1 libavutil55-32bit-3.4.2-4.37.1 libavutil55-32bit-debuginfo-3.4.2-4.37.1 libpostproc54-32bit-3.4.2-4.37.1 libpostproc54-32bit-debuginfo-3.4.2-4.37.1 libswresample2-32bit-3.4.2-4.37.1 libswresample2-32bit-debuginfo-3.4.2-4.37.1 libswscale4-32bit-3.4.2-4.37.1 libswscale4-32bit-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-4.37.1 ffmpeg-debugsource-3.4.2-4.37.1 libavcodec-devel-3.4.2-4.37.1 libavcodec57-3.4.2-4.37.1 libavcodec57-debuginfo-3.4.2-4.37.1 libavdevice-devel-3.4.2-4.37.1 libavdevice57-3.4.2-4.37.1 libavdevice57-debuginfo-3.4.2-4.37.1 libavfilter-devel-3.4.2-4.37.1 libavfilter6-3.4.2-4.37.1 libavfilter6-debuginfo-3.4.2-4.37.1 libavformat-devel-3.4.2-4.37.1 libavformat57-3.4.2-4.37.1 libavformat57-debuginfo-3.4.2-4.37.1 libavresample-devel-3.4.2-4.37.1 libavresample3-3.4.2-4.37.1 libavresample3-debuginfo-3.4.2-4.37.1 libavutil-devel-3.4.2-4.37.1 libavutil55-3.4.2-4.37.1 libavutil55-debuginfo-3.4.2-4.37.1 libpostproc-devel-3.4.2-4.37.1 libpostproc54-3.4.2-4.37.1 libpostproc54-debuginfo-3.4.2-4.37.1 libswresample-devel-3.4.2-4.37.1 libswresample2-3.4.2-4.37.1 libswresample2-debuginfo-3.4.2-4.37.1 libswscale-devel-3.4.2-4.37.1 libswscale4-3.4.2-4.37.1 libswscale4-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libavcodec57-32bit-3.4.2-4.37.1 libavcodec57-32bit-debuginfo-3.4.2-4.37.1 libavdevice57-32bit-3.4.2-4.37.1 libavdevice57-32bit-debuginfo-3.4.2-4.37.1 libavfilter6-32bit-3.4.2-4.37.1 libavfilter6-32bit-debuginfo-3.4.2-4.37.1 libavformat57-32bit-3.4.2-4.37.1 libavformat57-32bit-debuginfo-3.4.2-4.37.1 libavresample3-32bit-3.4.2-4.37.1 libavresample3-32bit-debuginfo-3.4.2-4.37.1 libavutil55-32bit-3.4.2-4.37.1 libavutil55-32bit-debuginfo-3.4.2-4.37.1 libpostproc54-32bit-3.4.2-4.37.1 libpostproc54-32bit-debuginfo-3.4.2-4.37.1 libswresample2-32bit-3.4.2-4.37.1 libswresample2-32bit-debuginfo-3.4.2-4.37.1 libswscale4-32bit-3.4.2-4.37.1 libswscale4-32bit-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-4.37.1 ffmpeg-debugsource-3.4.2-4.37.1 libavcodec-devel-3.4.2-4.37.1 libavcodec57-3.4.2-4.37.1 libavcodec57-debuginfo-3.4.2-4.37.1 libavdevice-devel-3.4.2-4.37.1 libavdevice57-3.4.2-4.37.1 libavdevice57-debuginfo-3.4.2-4.37.1 libavfilter-devel-3.4.2-4.37.1 libavfilter6-3.4.2-4.37.1 libavfilter6-debuginfo-3.4.2-4.37.1 libavformat-devel-3.4.2-4.37.1 libavformat57-3.4.2-4.37.1 libavformat57-debuginfo-3.4.2-4.37.1 libavresample-devel-3.4.2-4.37.1 libavresample3-3.4.2-4.37.1 libavresample3-debuginfo-3.4.2-4.37.1 libavutil-devel-3.4.2-4.37.1 libavutil55-3.4.2-4.37.1 libavutil55-debuginfo-3.4.2-4.37.1 libpostproc-devel-3.4.2-4.37.1 libpostproc54-3.4.2-4.37.1 libpostproc54-debuginfo-3.4.2-4.37.1 libswresample-devel-3.4.2-4.37.1 libswresample2-3.4.2-4.37.1 libswresample2-debuginfo-3.4.2-4.37.1 libswscale-devel-3.4.2-4.37.1 libswscale4-3.4.2-4.37.1 libswscale4-debuginfo-3.4.2-4.37.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libavcodec57-32bit-3.4.2-4.37.1 libavcodec57-32bit-debuginfo-3.4.2-4.37.1 libavdevice57-32bit-3.4.2-4.37.1 libavdevice57-32bit-debuginfo-3.4.2-4.37.1 libavfilter6-32bit-3.4.2-4.37.1 libavfilter6-32bit-debuginfo-3.4.2-4.37.1 libavformat57-32bit-3.4.2-4.37.1 libavformat57-32bit-debuginfo-3.4.2-4.37.1 libavresample3-32bit-3.4.2-4.37.1 libavresample3-32bit-debuginfo-3.4.2-4.37.1 libavutil55-32bit-3.4.2-4.37.1 libavutil55-32bit-debuginfo-3.4.2-4.37.1 libpostproc54-32bit-3.4.2-4.37.1 libpostproc54-32bit-debuginfo-3.4.2-4.37.1 libswresample2-32bit-3.4.2-4.37.1 libswresample2-32bit-debuginfo-3.4.2-4.37.1 libswscale4-32bit-3.4.2-4.37.1 libswscale4-32bit-debuginfo-3.4.2-4.37.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-4.37.1 ffmpeg-debugsource-3.4.2-4.37.1 libavcodec-devel-3.4.2-4.37.1 libavcodec57-3.4.2-4.37.1 libavcodec57-debuginfo-3.4.2-4.37.1 libavdevice-devel-3.4.2-4.37.1 libavdevice57-3.4.2-4.37.1 libavdevice57-debuginfo-3.4.2-4.37.1 libavfilter-devel-3.4.2-4.37.1 libavfilter6-3.4.2-4.37.1 libavfilter6-debuginfo-3.4.2-4.37.1 libavformat-devel-3.4.2-4.37.1 libavformat57-3.4.2-4.37.1 libavformat57-debuginfo-3.4.2-4.37.1 libavresample-devel-3.4.2-4.37.1 libavresample3-3.4.2-4.37.1 libavresample3-debuginfo-3.4.2-4.37.1 libavutil-devel-3.4.2-4.37.1 libavutil55-3.4.2-4.37.1 libavutil55-debuginfo-3.4.2-4.37.1 libpostproc-devel-3.4.2-4.37.1 libpostproc54-3.4.2-4.37.1 libpostproc54-debuginfo-3.4.2-4.37.1 libswresample-devel-3.4.2-4.37.1 libswresample2-3.4.2-4.37.1 libswresample2-debuginfo-3.4.2-4.37.1 libswscale-devel-3.4.2-4.37.1 libswscale4-3.4.2-4.37.1 libswscale4-debuginfo-3.4.2-4.37.1 - SUSE Enterprise Storage 6 (x86_64): libavcodec57-32bit-3.4.2-4.37.1 libavcodec57-32bit-debuginfo-3.4.2-4.37.1 libavdevice57-32bit-3.4.2-4.37.1 libavdevice57-32bit-debuginfo-3.4.2-4.37.1 libavfilter6-32bit-3.4.2-4.37.1 libavfilter6-32bit-debuginfo-3.4.2-4.37.1 libavformat57-32bit-3.4.2-4.37.1 libavformat57-32bit-debuginfo-3.4.2-4.37.1 libavresample3-32bit-3.4.2-4.37.1 libavresample3-32bit-debuginfo-3.4.2-4.37.1 libavutil55-32bit-3.4.2-4.37.1 libavutil55-32bit-debuginfo-3.4.2-4.37.1 libpostproc54-32bit-3.4.2-4.37.1 libpostproc54-32bit-debuginfo-3.4.2-4.37.1 libswresample2-32bit-3.4.2-4.37.1 libswresample2-32bit-debuginfo-3.4.2-4.37.1 libswscale4-32bit-3.4.2-4.37.1 libswscale4-32bit-debuginfo-3.4.2-4.37.1 - SUSE CaaS Platform 4.0 (x86_64): ffmpeg-debuginfo-3.4.2-4.37.1 ffmpeg-debugsource-3.4.2-4.37.1 libavcodec-devel-3.4.2-4.37.1 libavcodec57-3.4.2-4.37.1 libavcodec57-32bit-3.4.2-4.37.1 libavcodec57-32bit-debuginfo-3.4.2-4.37.1 libavcodec57-debuginfo-3.4.2-4.37.1 libavdevice-devel-3.4.2-4.37.1 libavdevice57-3.4.2-4.37.1 libavdevice57-32bit-3.4.2-4.37.1 libavdevice57-32bit-debuginfo-3.4.2-4.37.1 libavdevice57-debuginfo-3.4.2-4.37.1 libavfilter-devel-3.4.2-4.37.1 libavfilter6-3.4.2-4.37.1 libavfilter6-32bit-3.4.2-4.37.1 libavfilter6-32bit-debuginfo-3.4.2-4.37.1 libavfilter6-debuginfo-3.4.2-4.37.1 libavformat-devel-3.4.2-4.37.1 libavformat57-3.4.2-4.37.1 libavformat57-32bit-3.4.2-4.37.1 libavformat57-32bit-debuginfo-3.4.2-4.37.1 libavformat57-debuginfo-3.4.2-4.37.1 libavresample-devel-3.4.2-4.37.1 libavresample3-3.4.2-4.37.1 libavresample3-32bit-3.4.2-4.37.1 libavresample3-32bit-debuginfo-3.4.2-4.37.1 libavresample3-debuginfo-3.4.2-4.37.1 libavutil-devel-3.4.2-4.37.1 libavutil55-3.4.2-4.37.1 libavutil55-32bit-3.4.2-4.37.1 libavutil55-32bit-debuginfo-3.4.2-4.37.1 libavutil55-debuginfo-3.4.2-4.37.1 libpostproc-devel-3.4.2-4.37.1 libpostproc54-3.4.2-4.37.1 libpostproc54-32bit-3.4.2-4.37.1 libpostproc54-32bit-debuginfo-3.4.2-4.37.1 libpostproc54-debuginfo-3.4.2-4.37.1 libswresample-devel-3.4.2-4.37.1 libswresample2-3.4.2-4.37.1 libswresample2-32bit-3.4.2-4.37.1 libswresample2-32bit-debuginfo-3.4.2-4.37.1 libswresample2-debuginfo-3.4.2-4.37.1 libswscale-devel-3.4.2-4.37.1 libswscale4-3.4.2-4.37.1 libswscale4-32bit-3.4.2-4.37.1 libswscale4-32bit-debuginfo-3.4.2-4.37.1 libswscale4-debuginfo-3.4.2-4.37.1 References: https://www.suse.com/security/cve/CVE-2021-38171.html https://bugzilla.suse.com/1189724 From sle-updates at lists.suse.com Thu Sep 23 20:00:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 22:00:37 +0200 (CEST) Subject: SUSE-SU-2021:3214-1: moderate: Security update for gd Message-ID: <20210923200037.67B64FCC9@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3214-1 Rating: moderate References: #1190400 Cross-References: CVE-2021-40812 CVSS scores: CVE-2021-40812 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gd fixes the following issues: - CVE-2021-40812: Fixed out-of-bounds read caused by the lack of certain gdGetBuf and gdPutBuf return value checks (bsc#1190400). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3214=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3214=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3214=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): gd-32bit-2.1.0-24.20.1 gd-debuginfo-32bit-2.1.0-24.20.1 gd-debugsource-2.1.0-24.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.1.0-24.20.1 gd-debugsource-2.1.0-24.20.1 gd-devel-2.1.0-24.20.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gd-2.1.0-24.20.1 gd-debuginfo-2.1.0-24.20.1 gd-debugsource-2.1.0-24.20.1 References: https://www.suse.com/security/cve/CVE-2021-40812.html https://bugzilla.suse.com/1190400 From sle-updates at lists.suse.com Thu Sep 23 20:18:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 22:18:59 +0200 (CEST) Subject: SUSE-SU-2021:3207-1: important: Security update for the Linux Kernel Message-ID: <20210923201859.1C922FCC9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3207-1 Rating: important References: #1040364 #1127650 #1135481 #1152489 #1160010 #1167032 #1168202 #1174969 #1175052 #1175543 #1177399 #1180141 #1180347 #1181148 #1181972 #1184114 #1184180 #1185675 #1185902 #1186264 #1186731 #1187211 #1187455 #1187468 #1187619 #1188067 #1188172 #1188418 #1188439 #1188616 #1188780 #1188781 #1188782 #1188783 #1188784 #1188786 #1188787 #1188788 #1188790 #1188878 #1188885 #1188924 #1188982 #1188983 #1188985 #1189021 #1189057 #1189077 #1189153 #1189197 #1189209 #1189210 #1189212 #1189213 #1189214 #1189215 #1189216 #1189217 #1189218 #1189219 #1189220 #1189221 #1189222 #1189229 #1189262 #1189291 #1189292 #1189298 #1189301 #1189305 #1189323 #1189384 #1189385 #1189392 #1189399 #1189400 #1189427 #1189449 #1189503 #1189504 #1189505 #1189506 #1189507 #1189562 #1189563 #1189564 #1189565 #1189566 #1189567 #1189568 #1189569 #1189573 #1189574 #1189575 #1189576 #1189577 #1189579 #1189581 #1189582 #1189583 #1189585 #1189586 #1189587 #1189706 #1189760 #1189832 #1189841 #1189870 #1189883 #1190025 #1190115 #1190117 #1190131 #1190181 Cross-References: CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38207 CVSS scores: CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3739 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3743 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3759 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38205 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-38207 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 98 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543) - Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449) Also blacklisted - Fix breakage of swap over NFS (bsc#1188924). - Fix kabi of prepare_to_wait_exclusive() (bsc#1189575). - HID: i2c-hid: Fix Elan touchpad regression (git-fixes). - HID: input: do not report stylus battery state as "full" (git-fixes). - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - Move upstreamed BT fixes into sorted section - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - README: Modernize build instructions. - Revert "ACPICA: Fix memory leak caused by _CID repair function" (git-fixes). - Revert "USB: serial: ch341: fix character loss at high transfer rates" (git-fixes). - Revert "dmaengine: imx-sdma: refine to load context only once" (git-fixes). - Revert "gpio: eic-sprd: Use devm_platform_ioremap_resource()" (git-fixes). - Revert "mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711" (git-fixes). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - Update patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481). - btrfs: add a comment explaining the data flush steps (bsc#1135481). - btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481). - btrfs: add flushing states for handling data reservations (bsc#1135481). - btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481). - btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481). - btrfs: check tickets after waiting on ordered extents (bsc#1135481). - btrfs: do async reclaim for data reservations (bsc#1135481). - btrfs: don't force commit if we are data (bsc#1135481). - btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: fix possible infinite loop in data async reclaim (bsc#1135481). - btrfs: flush delayed refs when trying to reserve data space (bsc#1135481). - btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481). - btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove orig from shrink_delalloc (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: run delayed iputs before committing the transaction for data (bsc#1135481). - btrfs: serialize data reservations if we are flushing (bsc#1135481). - btrfs: shrink delalloc pages instead of full inodes (bsc#1135481). - btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481). - btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481). - btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481). - btrfs: use the same helper for data and metadata reservations (bsc#1135481). - btrfs: use ticketing for data space reservations (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1190181). - cgroup: verify that source is a string (bsc#1190131). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: kirkwood: Fix a clocking boot regression (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - cpuidle: cpuidle_state kABI fix (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/nouveau/disp: power down unused DP links during init (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm: Copy drm_wait_vblank to user before returning (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - intel_idle: Use ACPI _CST on server systems (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - mailbox: sti: quieten kernel-doc warnings (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - memcg: enable accounting for file lock caches (bsc#1190115). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - nbd: do not update block size after device is started (git-fixes). - net/mlx5: Properly convey driver version to firmware (git-fixes). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - overflow: Correct check_shl_overflow() comment (git-fixes). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes). - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes). - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes) - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm: Abolish image suffix (bsc#1189841). - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ("rpm: support compressed modules") for compression methods other than xz. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes) - sched/rt: Fix RT utilization tracking during policy change (git-fixes) - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc2: Postponed gadget registration to the udc class driver (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - virt_wifi: fix error on connect (git-fixes). - virtio_pci: Support surprise removal of virtio pci device (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3207=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3207=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3207=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-3207=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3207=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3207=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3207=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): kernel-default-5.3.18-24.83.2 kernel-default-base-5.3.18-24.83.2.9.38.3 kernel-default-debuginfo-5.3.18-24.83.2 kernel-default-debugsource-5.3.18-24.83.2 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.83.2 kernel-default-debugsource-5.3.18-24.83.2 kernel-default-extra-5.3.18-24.83.2 kernel-default-extra-debuginfo-5.3.18-24.83.2 kernel-preempt-extra-5.3.18-24.83.2 kernel-preempt-extra-debuginfo-5.3.18-24.83.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.83.2 kernel-default-debugsource-5.3.18-24.83.2 kernel-default-livepatch-5.3.18-24.83.2 kernel-default-livepatch-devel-5.3.18-24.83.2 kernel-livepatch-5_3_18-24_83-default-1-5.3.4 kernel-livepatch-5_3_18-24_83-default-debuginfo-1-5.3.4 kernel-livepatch-SLE15-SP2_Update_19-debugsource-1-5.3.4 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.83.2 kernel-default-debugsource-5.3.18-24.83.2 reiserfs-kmp-default-5.3.18-24.83.2 reiserfs-kmp-default-debuginfo-5.3.18-24.83.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.83.2 kernel-obs-build-debugsource-5.3.18-24.83.2 kernel-syms-5.3.18-24.83.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.83.2 kernel-preempt-debugsource-5.3.18-24.83.2 kernel-preempt-devel-5.3.18-24.83.2 kernel-preempt-devel-debuginfo-5.3.18-24.83.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.83.2 kernel-source-5.3.18-24.83.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.83.2 kernel-default-base-5.3.18-24.83.2.9.38.3 kernel-default-debuginfo-5.3.18-24.83.2 kernel-default-debugsource-5.3.18-24.83.2 kernel-default-devel-5.3.18-24.83.2 kernel-default-devel-debuginfo-5.3.18-24.83.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.83.2 kernel-preempt-debuginfo-5.3.18-24.83.2 kernel-preempt-debugsource-5.3.18-24.83.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.83.1 kernel-macros-5.3.18-24.83.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.83.2 cluster-md-kmp-default-debuginfo-5.3.18-24.83.2 dlm-kmp-default-5.3.18-24.83.2 dlm-kmp-default-debuginfo-5.3.18-24.83.2 gfs2-kmp-default-5.3.18-24.83.2 gfs2-kmp-default-debuginfo-5.3.18-24.83.2 kernel-default-debuginfo-5.3.18-24.83.2 kernel-default-debugsource-5.3.18-24.83.2 ocfs2-kmp-default-5.3.18-24.83.2 ocfs2-kmp-default-debuginfo-5.3.18-24.83.2 References: https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3739.html https://www.suse.com/security/cve/CVE-2021-3743.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-3759.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://www.suse.com/security/cve/CVE-2021-38205.html https://www.suse.com/security/cve/CVE-2021-38207.html https://bugzilla.suse.com/1040364 https://bugzilla.suse.com/1127650 https://bugzilla.suse.com/1135481 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1160010 https://bugzilla.suse.com/1167032 https://bugzilla.suse.com/1168202 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175543 https://bugzilla.suse.com/1177399 https://bugzilla.suse.com/1180141 https://bugzilla.suse.com/1180347 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181972 https://bugzilla.suse.com/1184114 https://bugzilla.suse.com/1184180 https://bugzilla.suse.com/1185675 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1186264 https://bugzilla.suse.com/1186731 https://bugzilla.suse.com/1187211 https://bugzilla.suse.com/1187455 https://bugzilla.suse.com/1187468 https://bugzilla.suse.com/1187619 https://bugzilla.suse.com/1188067 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188418 https://bugzilla.suse.com/1188439 https://bugzilla.suse.com/1188616 https://bugzilla.suse.com/1188780 https://bugzilla.suse.com/1188781 https://bugzilla.suse.com/1188782 https://bugzilla.suse.com/1188783 https://bugzilla.suse.com/1188784 https://bugzilla.suse.com/1188786 https://bugzilla.suse.com/1188787 https://bugzilla.suse.com/1188788 https://bugzilla.suse.com/1188790 https://bugzilla.suse.com/1188878 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188924 https://bugzilla.suse.com/1188982 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189021 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189077 https://bugzilla.suse.com/1189153 https://bugzilla.suse.com/1189197 https://bugzilla.suse.com/1189209 https://bugzilla.suse.com/1189210 https://bugzilla.suse.com/1189212 https://bugzilla.suse.com/1189213 https://bugzilla.suse.com/1189214 https://bugzilla.suse.com/1189215 https://bugzilla.suse.com/1189216 https://bugzilla.suse.com/1189217 https://bugzilla.suse.com/1189218 https://bugzilla.suse.com/1189219 https://bugzilla.suse.com/1189220 https://bugzilla.suse.com/1189221 https://bugzilla.suse.com/1189222 https://bugzilla.suse.com/1189229 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189292 https://bugzilla.suse.com/1189298 https://bugzilla.suse.com/1189301 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189323 https://bugzilla.suse.com/1189384 https://bugzilla.suse.com/1189385 https://bugzilla.suse.com/1189392 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189427 https://bugzilla.suse.com/1189449 https://bugzilla.suse.com/1189503 https://bugzilla.suse.com/1189504 https://bugzilla.suse.com/1189505 https://bugzilla.suse.com/1189506 https://bugzilla.suse.com/1189507 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1189563 https://bugzilla.suse.com/1189564 https://bugzilla.suse.com/1189565 https://bugzilla.suse.com/1189566 https://bugzilla.suse.com/1189567 https://bugzilla.suse.com/1189568 https://bugzilla.suse.com/1189569 https://bugzilla.suse.com/1189573 https://bugzilla.suse.com/1189574 https://bugzilla.suse.com/1189575 https://bugzilla.suse.com/1189576 https://bugzilla.suse.com/1189577 https://bugzilla.suse.com/1189579 https://bugzilla.suse.com/1189581 https://bugzilla.suse.com/1189582 https://bugzilla.suse.com/1189583 https://bugzilla.suse.com/1189585 https://bugzilla.suse.com/1189586 https://bugzilla.suse.com/1189587 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189760 https://bugzilla.suse.com/1189832 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1189870 https://bugzilla.suse.com/1189883 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190115 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190131 https://bugzilla.suse.com/1190181 From sle-updates at lists.suse.com Thu Sep 23 20:34:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Sep 2021 22:34:19 +0200 (CEST) Subject: SUSE-SU-2021:3215-1: important: Security update for sqlite3 Message-ID: <20210923203420.01F6CFCC9@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3215-1 Rating: important References: #1157818 #1158812 #1158958 #1158959 #1158960 #1159491 #1159715 #1159847 #1159850 #1160309 #1160438 #1160439 #1164719 #1172091 #1172115 #1172234 #1172236 #1172240 #1173641 #928700 #928701 SLE-16032 Cross-References: CVE-2015-3414 CVE-2015-3415 CVE-2016-6153 CVE-2017-10989 CVE-2017-2518 CVE-2018-20346 CVE-2018-8740 CVE-2019-16168 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-8457 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 CVSS scores: CVE-2015-3414 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2015-3415 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6153 (NVD) : 5.9 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2017-10989 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-10989 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2017-2518 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-2518 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-20346 (NVD) : 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-20346 (SUSE): 7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-8740 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-8740 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-16168 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-16168 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-19244 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19244 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19317 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-19317 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2019-19603 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19603 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19645 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-19645 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19646 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-19646 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-19880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19923 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19923 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2019-19924 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2019-19924 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2019-19925 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19925 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-19926 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19926 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19959 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-19959 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2019-20218 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-20218 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-8457 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-8457 (SUSE): 8.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-13434 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-13434 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-13435 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-13435 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-13630 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-13630 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2020-13631 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2020-13631 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2020-13632 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-13632 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2020-15358 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-15358 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2020-9327 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-9327 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 28 vulnerabilities, contains one feature is now available. Description: This update for sqlite3 fixes the following issues: sqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032). The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the change log so far: * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2020-13434 bsc#1172115: integer overflow in sqlite3_str_vappendf * CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow * CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed to one of its shadow tables * CVE-2020-13632 bsc#1172240: NULL pointer dereference via crafted matchinfo() query * CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3215=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3215=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3215=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3215=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3215=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3215=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3215=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3215=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3215=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3215=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3215=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3215=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3215=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - SUSE OpenStack Cloud 9 (x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - SUSE OpenStack Cloud 8 (x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 - HPE Helion Openstack 8 (x86_64): libsqlite3-0-3.36.0-9.18.1 libsqlite3-0-32bit-3.36.0-9.18.1 libsqlite3-0-debuginfo-3.36.0-9.18.1 libsqlite3-0-debuginfo-32bit-3.36.0-9.18.1 sqlite3-3.36.0-9.18.1 sqlite3-debuginfo-3.36.0-9.18.1 sqlite3-debugsource-3.36.0-9.18.1 sqlite3-devel-3.36.0-9.18.1 References: https://www.suse.com/security/cve/CVE-2015-3414.html https://www.suse.com/security/cve/CVE-2015-3415.html https://www.suse.com/security/cve/CVE-2016-6153.html https://www.suse.com/security/cve/CVE-2017-10989.html https://www.suse.com/security/cve/CVE-2017-2518.html https://www.suse.com/security/cve/CVE-2018-20346.html https://www.suse.com/security/cve/CVE-2018-8740.html https://www.suse.com/security/cve/CVE-2019-16168.html https://www.suse.com/security/cve/CVE-2019-19244.html https://www.suse.com/security/cve/CVE-2019-19317.html https://www.suse.com/security/cve/CVE-2019-19603.html https://www.suse.com/security/cve/CVE-2019-19645.html https://www.suse.com/security/cve/CVE-2019-19646.html https://www.suse.com/security/cve/CVE-2019-19880.html https://www.suse.com/security/cve/CVE-2019-19923.html https://www.suse.com/security/cve/CVE-2019-19924.html https://www.suse.com/security/cve/CVE-2019-19925.html https://www.suse.com/security/cve/CVE-2019-19926.html https://www.suse.com/security/cve/CVE-2019-19959.html https://www.suse.com/security/cve/CVE-2019-20218.html https://www.suse.com/security/cve/CVE-2019-8457.html https://www.suse.com/security/cve/CVE-2020-13434.html https://www.suse.com/security/cve/CVE-2020-13435.html https://www.suse.com/security/cve/CVE-2020-13630.html https://www.suse.com/security/cve/CVE-2020-13631.html https://www.suse.com/security/cve/CVE-2020-13632.html https://www.suse.com/security/cve/CVE-2020-15358.html https://www.suse.com/security/cve/CVE-2020-9327.html https://bugzilla.suse.com/1157818 https://bugzilla.suse.com/1158812 https://bugzilla.suse.com/1158958 https://bugzilla.suse.com/1158959 https://bugzilla.suse.com/1158960 https://bugzilla.suse.com/1159491 https://bugzilla.suse.com/1159715 https://bugzilla.suse.com/1159847 https://bugzilla.suse.com/1159850 https://bugzilla.suse.com/1160309 https://bugzilla.suse.com/1160438 https://bugzilla.suse.com/1160439 https://bugzilla.suse.com/1164719 https://bugzilla.suse.com/1172091 https://bugzilla.suse.com/1172115 https://bugzilla.suse.com/1172234 https://bugzilla.suse.com/1172236 https://bugzilla.suse.com/1172240 https://bugzilla.suse.com/1173641 https://bugzilla.suse.com/928700 https://bugzilla.suse.com/928701 From sle-updates at lists.suse.com Fri Sep 24 13:16:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Sep 2021 15:16:48 +0200 (CEST) Subject: SUSE-RU-2021:14808-1: moderate: Recommended update for shim Message-ID: <20210924131648.9425FFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for shim ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14808-1 Rating: moderate References: #1185232 #1185261 #1185441 #1185621 #1187071 #1187260 #1187696 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for shim fixes the following issues: Update shim to 15.4-4.7.1 from SLE15-SP3 + Version: 15.4, "Thu Jul 15 2021" + Update the SLE signatures + Include the fixes for bsc#1187696, bsc#1185261, bsc#1185441, bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261, bsc#1187260, bsc#1185232. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-shim-14808=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): shim-15.4-12.11.1 References: https://bugzilla.suse.com/1185232 https://bugzilla.suse.com/1185261 https://bugzilla.suse.com/1185441 https://bugzilla.suse.com/1185621 https://bugzilla.suse.com/1187071 https://bugzilla.suse.com/1187260 https://bugzilla.suse.com/1187696 From sle-updates at lists.suse.com Fri Sep 24 13:18:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Sep 2021 15:18:51 +0200 (CEST) Subject: SUSE-RU-2021:3222-1: moderate: Recommended update for gdm Message-ID: <20210924131851.BEA76FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3222-1 Rating: moderate References: #1188082 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issues: - Improve the patch to fix fail in user switching. (bsc#1188082) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3222=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3222=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3222=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3222=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3222=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3222=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3222=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3222=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3222=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3222=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): gdm-3.26.2.1-13.42.1 gdm-debuginfo-3.26.2.1-13.42.1 gdm-debugsource-3.26.2.1-13.42.1 gdm-devel-3.26.2.1-13.42.1 libgdm1-3.26.2.1-13.42.1 libgdm1-debuginfo-3.26.2.1-13.42.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.42.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): gdm-lang-3.26.2.1-13.42.1 gdmflexiserver-3.26.2.1-13.42.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): gdm-3.26.2.1-13.42.1 gdm-debuginfo-3.26.2.1-13.42.1 gdm-debugsource-3.26.2.1-13.42.1 gdm-devel-3.26.2.1-13.42.1 libgdm1-3.26.2.1-13.42.1 libgdm1-debuginfo-3.26.2.1-13.42.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.42.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): gdm-lang-3.26.2.1-13.42.1 gdmflexiserver-3.26.2.1-13.42.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): gdm-3.26.2.1-13.42.1 gdm-debuginfo-3.26.2.1-13.42.1 gdm-debugsource-3.26.2.1-13.42.1 gdm-devel-3.26.2.1-13.42.1 libgdm1-3.26.2.1-13.42.1 libgdm1-debuginfo-3.26.2.1-13.42.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.42.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): gdm-lang-3.26.2.1-13.42.1 gdmflexiserver-3.26.2.1-13.42.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): gdm-3.26.2.1-13.42.1 gdm-debuginfo-3.26.2.1-13.42.1 gdm-debugsource-3.26.2.1-13.42.1 gdm-devel-3.26.2.1-13.42.1 libgdm1-3.26.2.1-13.42.1 libgdm1-debuginfo-3.26.2.1-13.42.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.42.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): gdm-lang-3.26.2.1-13.42.1 gdmflexiserver-3.26.2.1-13.42.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): gdm-3.26.2.1-13.42.1 gdm-debuginfo-3.26.2.1-13.42.1 gdm-debugsource-3.26.2.1-13.42.1 gdm-devel-3.26.2.1-13.42.1 libgdm1-3.26.2.1-13.42.1 libgdm1-debuginfo-3.26.2.1-13.42.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.42.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): gdm-lang-3.26.2.1-13.42.1 gdmflexiserver-3.26.2.1-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): gdm-3.26.2.1-13.42.1 gdm-debuginfo-3.26.2.1-13.42.1 gdm-debugsource-3.26.2.1-13.42.1 gdm-devel-3.26.2.1-13.42.1 libgdm1-3.26.2.1-13.42.1 libgdm1-debuginfo-3.26.2.1-13.42.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): gdm-lang-3.26.2.1-13.42.1 gdmflexiserver-3.26.2.1-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): gdm-3.26.2.1-13.42.1 gdm-debuginfo-3.26.2.1-13.42.1 gdm-debugsource-3.26.2.1-13.42.1 gdm-devel-3.26.2.1-13.42.1 libgdm1-3.26.2.1-13.42.1 libgdm1-debuginfo-3.26.2.1-13.42.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): gdm-lang-3.26.2.1-13.42.1 gdmflexiserver-3.26.2.1-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): gdm-3.26.2.1-13.42.1 gdm-debuginfo-3.26.2.1-13.42.1 gdm-debugsource-3.26.2.1-13.42.1 gdm-devel-3.26.2.1-13.42.1 libgdm1-3.26.2.1-13.42.1 libgdm1-debuginfo-3.26.2.1-13.42.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): gdm-lang-3.26.2.1-13.42.1 gdmflexiserver-3.26.2.1-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): gdm-3.26.2.1-13.42.1 gdm-debuginfo-3.26.2.1-13.42.1 gdm-debugsource-3.26.2.1-13.42.1 gdm-devel-3.26.2.1-13.42.1 libgdm1-3.26.2.1-13.42.1 libgdm1-debuginfo-3.26.2.1-13.42.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.42.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): gdm-lang-3.26.2.1-13.42.1 gdmflexiserver-3.26.2.1-13.42.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): gdm-3.26.2.1-13.42.1 gdm-debuginfo-3.26.2.1-13.42.1 gdm-debugsource-3.26.2.1-13.42.1 gdm-devel-3.26.2.1-13.42.1 libgdm1-3.26.2.1-13.42.1 libgdm1-debuginfo-3.26.2.1-13.42.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.42.1 - SUSE Enterprise Storage 6 (noarch): gdm-lang-3.26.2.1-13.42.1 gdmflexiserver-3.26.2.1-13.42.1 - SUSE CaaS Platform 4.0 (noarch): gdm-lang-3.26.2.1-13.42.1 gdmflexiserver-3.26.2.1-13.42.1 - SUSE CaaS Platform 4.0 (x86_64): gdm-3.26.2.1-13.42.1 gdm-debuginfo-3.26.2.1-13.42.1 gdm-debugsource-3.26.2.1-13.42.1 gdm-devel-3.26.2.1-13.42.1 libgdm1-3.26.2.1-13.42.1 libgdm1-debuginfo-3.26.2.1-13.42.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.42.1 References: https://bugzilla.suse.com/1188082 From sle-updates at lists.suse.com Fri Sep 24 13:20:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Sep 2021 15:20:04 +0200 (CEST) Subject: SUSE-RU-2021:3223-1: moderate: Recommended update for gnome-shell-extensions Message-ID: <20210924132004.60BE6FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell-extensions ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3223-1 Rating: moderate References: #1190016 SLE-20311 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for gnome-shell-extensions fixes the following issues: - Add gnome-shell-extensions-common as dependency (bsc#1190016 jsc#SLE-20311). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3223=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3223=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gnome-shell-classic-session-3.34.2-5.12.1 gnome-shell-extension-user-theme-3.34.2-5.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): gnome-shell-classic-3.34.2-5.12.1 gnome-shell-extensions-common-3.34.2-5.12.1 gnome-shell-extensions-common-lang-3.34.2-5.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gnome-shell-classic-session-3.34.2-5.12.1 gnome-shell-extension-user-theme-3.34.2-5.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gnome-shell-classic-3.34.2-5.12.1 gnome-shell-extensions-common-3.34.2-5.12.1 gnome-shell-extensions-common-lang-3.34.2-5.12.1 References: https://bugzilla.suse.com/1190016 From sle-updates at lists.suse.com Fri Sep 24 13:21:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Sep 2021 15:21:14 +0200 (CEST) Subject: SUSE-RU-2021:3224-1: moderate: Recommended update for shim-susesigned Message-ID: <20210924132114.8992AFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for shim-susesigned ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3224-1 Rating: moderate References: #1177315 #1177789 #1182057 #1184454 #1185232 #1185261 #1185441 #1185464 #1185621 #1185961 #1187260 #1187696 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update for shim-susesigned fixes the following issues: Sync with Microsoft signed shim to Thu Jul 15 08:13:26 UTC 2021. This update addresses the "susesigned" shim component. shim was updated to 15.4 (bsc#1182057) - console: Move the countdown function to console.c - fallback: show a countdown menu before reset - MOK: Fix the missing vendor cert in MokListRT - mok: fix the mirroring of RT variables - Add the license change statement for errlog.c and mok.c - Remove a couple of incorrect license claims. - MokManager: Use CompareMem on MokListNode.Type instead of CompareGuid - Make EFI variable copying fatal only on secureboot enabled systems - Remove call to TPM2 get_event_log - tpm: Fix off-by-one error when calculating event size - tpm: Define EFI_VARIABLE_DATA_TREE as packed - tpm: Don't log duplicate identical events - VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls - OpenSSL: always provide OBJ_create() with name strings. - translate_slashes(): don't write to string literals - Fix a use of strlen() instead of Strlen() - shim: Update EFI_LOADED_IMAGE with the second stage loader file path - tpm: Include information about PE/COFF images in the TPM Event Log - Fix a broken tpm type - All newly released openSUSE kernels enable kernel lockdown and signature verification, so there is no need to add the prompt anymore. - Fix the NULL pointer dereference in AuthenticodeVerify() - Remove the build ID to make the binary reproducible when building with AArch64 container - Prevent the build id being added to the binary. That can cause issues with the signature - Allocate MOK config table as BootServicesData to avoid the error message from linux kernel - Handle ignore_db and user_insecure_mode correctly (bsc#1185441) - Relax the maximum variable size check for u-boot - Relax the check for import_mok_state() when Secure Boot is off - Relax the check for the LoadOptions length - Fix the size of rela* sections for AArch64 - Disable exporting vendor-dbx to MokListXRT - Don't call QueryVariableInfo() on EFI 1.10 machines - Avoid buffer overflow when copying the MOK config table - Avoid deleting the mirrored RT variables - Update to 15.3 for SBAT support (bsc#1182057) - Generate vender-specific SBAT metadata - Rename the SBAT variable and fix the self-check of SBAT - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) - shim-install: reset def_shim_efi to "shim.efi" if the given file doesn't exist - shim-install: instead of assuming "removable" for Azure, remove fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot to make \EFI\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961) - shim-install: always assume "removable" for Azure to avoid the endless reset loop (bsc#1185464) - shim-install: Support changing default shim efi binary in /usr/etc/default/shim and /etc/default/shim (bsc#1177315) - Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign keys: + SLES-UEFI-SIGN-Certificate-2020-07.crt + openSUSE-UEFI-SIGN-Certificate-2020-07.crt Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3224=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3224=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3224=1 Package List: - SUSE MicroOS 5.0 (x86_64): shim-15.4-3.32.1 shim-debuginfo-15.4-3.32.1 shim-debugsource-15.4-3.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): shim-susesigned-15.4-3.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): shim-15.4-3.32.1 shim-debuginfo-15.4-3.32.1 shim-debugsource-15.4-3.32.1 References: https://bugzilla.suse.com/1177315 https://bugzilla.suse.com/1177789 https://bugzilla.suse.com/1182057 https://bugzilla.suse.com/1184454 https://bugzilla.suse.com/1185232 https://bugzilla.suse.com/1185261 https://bugzilla.suse.com/1185441 https://bugzilla.suse.com/1185464 https://bugzilla.suse.com/1185621 https://bugzilla.suse.com/1185961 https://bugzilla.suse.com/1187260 https://bugzilla.suse.com/1187696 From sle-updates at lists.suse.com Fri Sep 24 13:28:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Sep 2021 15:28:44 +0200 (CEST) Subject: SUSE-RU-2021:3221-1: moderate: Recommended update for apache2-mod_wsgi Message-ID: <20210924132844.1A33DFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3221-1 Rating: moderate References: #1189467 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2-mod_wsgi fixes the following issue: - Enable installation of Python 'sitelib' wrapper. (bsc#1189467) - This update will solve a 'DistributionNotFound' error providing the Python metadata and wrapper for 'mod_wsgi'. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3221=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3221=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-3221=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-3221=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2021-3221=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-3221=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-3221=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-3221=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-4.3.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-4.3.1 apache2-mod_wsgi-python3-debugsource-4.5.18-4.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-4.3.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-4.3.1 apache2-mod_wsgi-python3-debugsource-4.5.18-4.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-4.3.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-4.3.1 apache2-mod_wsgi-python3-debugsource-4.5.18-4.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-4.3.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-4.3.1 apache2-mod_wsgi-python3-debugsource-4.5.18-4.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-4.3.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-4.3.1 apache2-mod_wsgi-python3-debugsource-4.5.18-4.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-4.3.1 apache2-mod_wsgi-debuginfo-4.5.18-4.3.1 apache2-mod_wsgi-debugsource-4.5.18-4.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-4.3.1 apache2-mod_wsgi-debuginfo-4.5.18-4.3.1 apache2-mod_wsgi-debugsource-4.5.18-4.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-4.3.1 apache2-mod_wsgi-debuginfo-4.5.18-4.3.1 apache2-mod_wsgi-debugsource-4.5.18-4.3.1 References: https://bugzilla.suse.com/1189467 From sle-updates at lists.suse.com Fri Sep 24 16:16:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Sep 2021 18:16:26 +0200 (CEST) Subject: SUSE-RU-2021:3225-1: moderate: Recommended update for installation-images Message-ID: <20210924161626.6D75AFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for installation-images ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3225-1 Rating: moderate References: #1189767 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for installation-images fixes the following issues: - Fixed an issue when 'lscpi' in 'rules.xml' does not function properly. (bsc#1189767) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3225=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): tftpboot-installation-SLE-15-SP3-aarch64-16.56.11-3.3.3 tftpboot-installation-SLE-15-SP3-ppc64le-16.56.11-3.3.3 tftpboot-installation-SLE-15-SP3-s390x-16.56.11-3.3.3 tftpboot-installation-SLE-15-SP3-x86_64-16.56.11-3.3.3 References: https://bugzilla.suse.com/1189767 From sle-updates at lists.suse.com Fri Sep 24 16:18:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Sep 2021 18:18:47 +0200 (CEST) Subject: SUSE-RU-2021:3226-1: moderate: Recommended update for crmsh Message-ID: <20210924161847.C631DFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3226-1 Rating: moderate References: #1188971 #1189641 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for 'hb_report': Using python way to collect ra trace files. (bsc#1189641) - Fix for 'bootstrap': Adjust host list for parallax to get and copy 'known_hosts' file. (bsc#1188971) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3226=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3226=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (noarch): crmsh-4.3.1+20210827.4fb174c4-5.65.1 crmsh-scripts-4.3.1+20210827.4fb174c4-5.65.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.3.1+20210827.4fb174c4-5.65.1 crmsh-scripts-4.3.1+20210827.4fb174c4-5.65.1 References: https://bugzilla.suse.com/1188971 https://bugzilla.suse.com/1189641 From sle-updates at lists.suse.com Mon Sep 27 13:18:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Sep 2021 15:18:40 +0200 (CEST) Subject: SUSE-RU-2021:3230-1: important: Recommended update for ca-certificates-mozilla Message-ID: <20210927131840.E8FFCFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3230-1 Rating: important References: #1190858 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in SUSE Linux Enterprise 12 and older. (bsc#1190858) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3230=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3230=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3230=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3230=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3230=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3230=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3230=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3230=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3230=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3230=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3230=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3230=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): ca-certificates-mozilla-2.44-12.34.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): ca-certificates-mozilla-2.44-12.34.1 - SUSE OpenStack Cloud 9 (noarch): ca-certificates-mozilla-2.44-12.34.1 - SUSE OpenStack Cloud 8 (noarch): ca-certificates-mozilla-2.44-12.34.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): ca-certificates-mozilla-2.44-12.34.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): ca-certificates-mozilla-2.44-12.34.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): ca-certificates-mozilla-2.44-12.34.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): ca-certificates-mozilla-2.44-12.34.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): ca-certificates-mozilla-2.44-12.34.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): ca-certificates-mozilla-2.44-12.34.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): ca-certificates-mozilla-2.44-12.34.1 - HPE Helion Openstack 8 (noarch): ca-certificates-mozilla-2.44-12.34.1 References: https://bugzilla.suse.com/1190858 From sle-updates at lists.suse.com Mon Sep 27 13:19:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Sep 2021 15:19:53 +0200 (CEST) Subject: SUSE-RU-2021:14809-1: important: Recommended update for openssl-certs Message-ID: <20210927131953.87ACEFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-certs ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14809-1 Rating: important References: #1190858 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-certs fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in SUSE Linux Enterprise 12 and older. (bsc#1190858) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssl-certs-14809=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-certs-14809=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): openssl-certs-2.44-0.7.24.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): openssl-certs-2.44-0.7.24.1 References: https://bugzilla.suse.com/1190858 From sle-updates at lists.suse.com Mon Sep 27 13:22:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Sep 2021 15:22:04 +0200 (CEST) Subject: SUSE-RU-2021:3229-1: moderate: Recommended update for autoyast2 Message-ID: <20210927132204.18CAEFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3229-1 Rating: moderate References: #1188356 #1188360 #1188716 #1188930 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Installer 15-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for autoyast2 fixes the following issues: - Fixed handling of the "final_reboot" and "final_halt" options, add the custom scripts only once and avoid displaying a warning popup during installation. (bsc#1188356) - Copy the init-scripts to the right location during 1st stage. (bsc#1188360) - Ensure closing notification pop-ups even if a user script was not executed to prevent "No widget with ID ..." error pop-up. (bsc#1188930, bsc#1188716) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3229=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-3229=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): autoyast2-4.3.89-3.22.1 autoyast2-installation-4.3.89-3.22.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): autoyast2-installation-4.3.89-3.22.1 References: https://bugzilla.suse.com/1188356 https://bugzilla.suse.com/1188360 https://bugzilla.suse.com/1188716 https://bugzilla.suse.com/1188930 From sle-updates at lists.suse.com Mon Sep 27 13:23:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Sep 2021 15:23:41 +0200 (CEST) Subject: SUSE-RU-2021:3227-1: moderate: Recommended update for createrepo_c, libmodulemd, and zchunk Message-ID: <20210927132341.0A61DFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for createrepo_c, libmodulemd, and zchunk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3227-1 Rating: moderate References: ECO-2036 SLE-12328 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for createrepo_c fixes the following issues: createrepo_c: - Does no longer perform a dir walk when --recycle-pkglist is specified - Added automatic module metadata handling for repos - Fixed a couple of memory leaks - Added --arch-expand option - Added --recycle-pkglist option - Set global_exit_status on sigint so that .repodata are cleaned up - Enhance error handling when locating repositories libmodulemd: - Just a rebuild of the package, no source changes zchunk: - Initial shipment of zchunk to SUSE Linux Enterprise Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3227=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3227=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3227=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3227=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): createrepo_c-debuginfo-0.16.0-3.3.1 createrepo_c-debugsource-0.16.0-3.3.1 python3-createrepo_c-0.16.0-3.3.1 python3-createrepo_c-debuginfo-0.16.0-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): createrepo_c-debuginfo-0.16.0-3.3.1 createrepo_c-debugsource-0.16.0-3.3.1 python3-createrepo_c-0.16.0-3.3.1 python3-createrepo_c-debuginfo-0.16.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): createrepo_c-0.16.0-3.3.1 createrepo_c-debuginfo-0.16.0-3.3.1 createrepo_c-debugsource-0.16.0-3.3.1 libcreaterepo_c-devel-0.16.0-3.3.1 libcreaterepo_c0-0.16.0-3.3.1 libcreaterepo_c0-debuginfo-0.16.0-3.3.1 libmodulemd-debuginfo-2.12.0-3.10.1 libmodulemd-debugsource-2.12.0-3.10.1 libmodulemd-devel-2.12.0-3.10.1 libmodulemd2-2.12.0-3.10.1 libmodulemd2-debuginfo-2.12.0-3.10.1 libzck-devel-1.1.5-3.2.1 libzck1-1.1.5-3.2.1 libzck1-debuginfo-1.1.5-3.2.1 modulemd-validator-2.12.0-3.10.1 modulemd-validator-debuginfo-2.12.0-3.10.1 python3-libmodulemd-2.12.0-3.10.1 typelib-1_0-Modulemd-2_0-2.12.0-3.10.1 zchunk-1.1.5-3.2.1 zchunk-debuginfo-1.1.5-3.2.1 zchunk-debugsource-1.1.5-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): createrepo_c-0.16.0-3.3.1 createrepo_c-debuginfo-0.16.0-3.3.1 createrepo_c-debugsource-0.16.0-3.3.1 libcreaterepo_c-devel-0.16.0-3.3.1 libcreaterepo_c0-0.16.0-3.3.1 libcreaterepo_c0-debuginfo-0.16.0-3.3.1 libmodulemd-debuginfo-2.12.0-3.10.1 libmodulemd-debugsource-2.12.0-3.10.1 libmodulemd-devel-2.12.0-3.10.1 libmodulemd2-2.12.0-3.10.1 libmodulemd2-debuginfo-2.12.0-3.10.1 libzck-devel-1.1.5-3.2.1 libzck1-1.1.5-3.2.1 libzck1-debuginfo-1.1.5-3.2.1 modulemd-validator-2.12.0-3.10.1 modulemd-validator-debuginfo-2.12.0-3.10.1 python3-libmodulemd-2.12.0-3.10.1 typelib-1_0-Modulemd-2_0-2.12.0-3.10.1 zchunk-1.1.5-3.2.1 zchunk-debuginfo-1.1.5-3.2.1 zchunk-debugsource-1.1.5-3.2.1 References: From sle-updates at lists.suse.com Mon Sep 27 16:16:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Sep 2021 18:16:47 +0200 (CEST) Subject: SUSE-RU-2021:3233-1: moderate: Recommended update for xfsprogs Message-ID: <20210927161647.9BC25FE12@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3233-1 Rating: moderate References: #1085917 #1181299 #1181306 #1181309 #1181535 #1181536 #1188651 #1189552 SLE-20360 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 8 recommended fixes and contains one feature can now be installed. Description: This update for xfsprogs fixes the following issues: - Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299) - xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency. - mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536) - mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535) - xfs_growfs: Refactor geometry reporting. (bsc#1181306) - xfs_growfs: Allow mounted device node as argument. (bsc#1181299) - xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309) - xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651) - xfs_bmap: Remove '-c' from manpage. (bsc#1189552) - xfs_bmap: Do not reject '-e'. (bsc#1189552) - Implement 'libhandle1' through ECO. (jsc#SLE-20360) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3233=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3233=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3233=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libhandle1-4.15.0-4.40.1 libhandle1-debuginfo-4.15.0-4.40.1 xfsprogs-4.15.0-4.40.1 xfsprogs-debuginfo-4.15.0-4.40.1 xfsprogs-debugsource-4.15.0-4.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libhandle1-4.15.0-4.40.1 libhandle1-debuginfo-4.15.0-4.40.1 xfsprogs-4.15.0-4.40.1 xfsprogs-debuginfo-4.15.0-4.40.1 xfsprogs-debugsource-4.15.0-4.40.1 xfsprogs-devel-4.15.0-4.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libhandle1-4.15.0-4.40.1 libhandle1-debuginfo-4.15.0-4.40.1 xfsprogs-4.15.0-4.40.1 xfsprogs-debuginfo-4.15.0-4.40.1 xfsprogs-debugsource-4.15.0-4.40.1 xfsprogs-devel-4.15.0-4.40.1 References: https://bugzilla.suse.com/1085917 https://bugzilla.suse.com/1181299 https://bugzilla.suse.com/1181306 https://bugzilla.suse.com/1181309 https://bugzilla.suse.com/1181535 https://bugzilla.suse.com/1181536 https://bugzilla.suse.com/1188651 https://bugzilla.suse.com/1189552 From sle-updates at lists.suse.com Mon Sep 27 19:18:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Sep 2021 21:18:19 +0200 (CEST) Subject: SUSE-SU-2021:3236-1: moderate: Security update for gd Message-ID: <20210927191819.BA5FDFE12@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3236-1 Rating: moderate References: #1190400 Cross-References: CVE-2021-40812 CVSS scores: CVE-2021-40812 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gd fixes the following issues: - CVE-2021-40812: Fixed out-of-bounds read caused by the lack of certain gdGetBuf and gdPutBuf return value checks (bsc#1190400). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3236=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3236=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3236=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3236=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3236=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3236=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): gd-debugsource-2.2.5-11.3.1 libgd3-32bit-2.2.5-11.3.1 libgd3-32bit-debuginfo-2.2.5-11.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): gd-debugsource-2.2.5-11.3.1 libgd3-32bit-2.2.5-11.3.1 libgd3-32bit-debuginfo-2.2.5-11.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gd-2.2.5-11.3.1 gd-debuginfo-2.2.5-11.3.1 gd-debugsource-2.2.5-11.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gd-2.2.5-11.3.1 gd-debuginfo-2.2.5-11.3.1 gd-debugsource-2.2.5-11.3.1 gd-devel-2.2.5-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.2.5-11.3.1 gd-debugsource-2.2.5-11.3.1 gd-devel-2.2.5-11.3.1 libgd3-2.2.5-11.3.1 libgd3-debuginfo-2.2.5-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.2.5-11.3.1 gd-debugsource-2.2.5-11.3.1 libgd3-2.2.5-11.3.1 libgd3-debuginfo-2.2.5-11.3.1 References: https://www.suse.com/security/cve/CVE-2021-40812.html https://bugzilla.suse.com/1190400 From sle-updates at lists.suse.com Mon Sep 27 19:20:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Sep 2021 21:20:45 +0200 (CEST) Subject: SUSE-SU-2021:14811-1: important: Security update for apache2 Message-ID: <20210927192045.D33E1FE12@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14811-1 Rating: important References: #1190666 Cross-References: CVE-2021-39275 CVSS scores: CVE-2021-39275 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2 fixes the following issues: - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-apache2-14811=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-apache2-14811=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-apache2-14811=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-apache2-14811=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): apache2-2.2.34-70.38.1 apache2-doc-2.2.34-70.38.1 apache2-example-pages-2.2.34-70.38.1 apache2-prefork-2.2.34-70.38.1 apache2-utils-2.2.34-70.38.1 apache2-worker-2.2.34-70.38.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): apache2-2.2.34-70.38.1 apache2-devel-2.2.34-70.38.1 apache2-doc-2.2.34-70.38.1 apache2-example-pages-2.2.34-70.38.1 apache2-prefork-2.2.34-70.38.1 apache2-utils-2.2.34-70.38.1 apache2-worker-2.2.34-70.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): apache2-debuginfo-2.2.34-70.38.1 apache2-debugsource-2.2.34-70.38.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): apache2-debuginfo-2.2.34-70.38.1 apache2-debugsource-2.2.34-70.38.1 References: https://www.suse.com/security/cve/CVE-2021-39275.html https://bugzilla.suse.com/1190666 From sle-updates at lists.suse.com Mon Sep 27 19:22:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Sep 2021 21:22:00 +0200 (CEST) Subject: SUSE-SU-2021:3237-1: moderate: Security update for atftp Message-ID: <20210927192200.2BACAFE12@maintenance.suse.de> SUSE Security Update: Security update for atftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3237-1 Rating: moderate References: #1190522 Cross-References: CVE-2021-41054 CVSS scores: CVE-2021-41054 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for atftp fixes the following issues: - CVE-2021-41054: Fixed buffer overflow caused by combination of data, OACK, and other options (bsc#1190522). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3237=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): atftp-0.7.0-160.11.1 atftp-debuginfo-0.7.0-160.11.1 atftp-debugsource-0.7.0-160.11.1 References: https://www.suse.com/security/cve/CVE-2021-41054.html https://bugzilla.suse.com/1190522 From sle-updates at lists.suse.com Mon Sep 27 19:23:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Sep 2021 21:23:12 +0200 (CEST) Subject: SUSE-SU-2021:3234-1: important: Security update for python-Pillow Message-ID: <20210927192312.778CBFE12@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3234-1 Rating: important References: #1190229 Cross-References: CVE-2021-23437 CVSS scores: CVE-2021-23437 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pillow fixes the following issues: - CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3234=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3234=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3234=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-Pillow-4.2.1-3.20.2 python-Pillow-debuginfo-4.2.1-3.20.2 python-Pillow-debugsource-4.2.1-3.20.2 - SUSE OpenStack Cloud 8 (x86_64): python-Pillow-4.2.1-3.20.2 python-Pillow-debuginfo-4.2.1-3.20.2 python-Pillow-debugsource-4.2.1-3.20.2 - HPE Helion Openstack 8 (x86_64): python-Pillow-4.2.1-3.20.2 python-Pillow-debuginfo-4.2.1-3.20.2 python-Pillow-debugsource-4.2.1-3.20.2 References: https://www.suse.com/security/cve/CVE-2021-23437.html https://bugzilla.suse.com/1190229 From sle-updates at lists.suse.com Mon Sep 27 19:24:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Sep 2021 21:24:22 +0200 (CEST) Subject: SUSE-SU-2021:3235-1: important: Security update for python-Pillow Message-ID: <20210927192422.0EAF7FE12@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3235-1 Rating: important References: #1190229 Cross-References: CVE-2021-23437 CVSS scores: CVE-2021-23437 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pillow fixes the following issues: - CVE-2021-23437: Fixed regular expression denial of service (ReDoS) via the getrgb function (bsc#1190229). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3235=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3235=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-Pillow-5.2.0-3.14.1 python-Pillow-debuginfo-5.2.0-3.14.1 python-Pillow-debugsource-5.2.0-3.14.1 - SUSE OpenStack Cloud 9 (x86_64): python-Pillow-5.2.0-3.14.1 python-Pillow-debuginfo-5.2.0-3.14.1 python-Pillow-debugsource-5.2.0-3.14.1 References: https://www.suse.com/security/cve/CVE-2021-23437.html https://bugzilla.suse.com/1190229 From sle-updates at lists.suse.com Tue Sep 28 04:16:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Sep 2021 06:16:40 +0200 (CEST) Subject: SUSE-RU-2021:3241-1: important: Recommended update for multipath-tools Message-ID: <20210928041640.3B412FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3241-1 Rating: important References: #1189176 #1190622 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - Update to version 0.8.5+82+suse.746b76e: * libmultipath: avoid buffer size warning with systemd 240+. (bsc#1189176) - Add a versioned dependency of multipath-tools on libmpath0. (bsc#1190622) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3241=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3241=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): kpartx-0.8.5+82+suse.746b76e-2.7.1 kpartx-debuginfo-0.8.5+82+suse.746b76e-2.7.1 libmpath0-0.8.5+82+suse.746b76e-2.7.1 libmpath0-debuginfo-0.8.5+82+suse.746b76e-2.7.1 multipath-tools-0.8.5+82+suse.746b76e-2.7.1 multipath-tools-debuginfo-0.8.5+82+suse.746b76e-2.7.1 multipath-tools-debugsource-0.8.5+82+suse.746b76e-2.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kpartx-0.8.5+82+suse.746b76e-2.7.1 kpartx-debuginfo-0.8.5+82+suse.746b76e-2.7.1 libdmmp-devel-0.8.5+82+suse.746b76e-2.7.1 libdmmp0_2_0-0.8.5+82+suse.746b76e-2.7.1 libdmmp0_2_0-debuginfo-0.8.5+82+suse.746b76e-2.7.1 libmpath0-0.8.5+82+suse.746b76e-2.7.1 libmpath0-debuginfo-0.8.5+82+suse.746b76e-2.7.1 multipath-tools-0.8.5+82+suse.746b76e-2.7.1 multipath-tools-debuginfo-0.8.5+82+suse.746b76e-2.7.1 multipath-tools-debugsource-0.8.5+82+suse.746b76e-2.7.1 multipath-tools-devel-0.8.5+82+suse.746b76e-2.7.1 References: https://bugzilla.suse.com/1189176 https://bugzilla.suse.com/1190622 From sle-updates at lists.suse.com Tue Sep 28 06:35:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Sep 2021 08:35:51 +0200 (CEST) Subject: SUSE-CU-2021:357-1: Security update of suse/sles12sp3 Message-ID: <20210928063551.41A87FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:357-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.306 , suse/sles12sp3:latest Container Release : 24.306 Severity : important Type : security References : 1190373 1190374 1190858 CVE-2021-22946 CVE-2021-22947 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3176-1 Released: Tue Sep 21 16:28:07 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3230-1 Released: Mon Sep 27 11:19:10 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in SUSE Linux Enterprise 12 and older. (bsc#1190858) From sle-updates at lists.suse.com Tue Sep 28 06:53:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Sep 2021 08:53:54 +0200 (CEST) Subject: SUSE-CU-2021:358-1: Recommended update of suse/sles12sp4 Message-ID: <20210928065354.57108FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:358-1 Container Tags : suse/sles12sp4:26.350 , suse/sles12sp4:latest Container Release : 26.350 Severity : important Type : recommended References : 1190858 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3230-1 Released: Mon Sep 27 11:19:10 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in SUSE Linux Enterprise 12 and older. (bsc#1190858) From sle-updates at lists.suse.com Tue Sep 28 10:01:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Sep 2021 12:01:08 +0200 (CEST) Subject: SUSE-CU-2021:359-1: Recommended update of suse/sles12sp5 Message-ID: <20210928100108.8D0B0FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:359-1 Container Tags : suse/sles12sp5:6.5.236 , suse/sles12sp5:latest Container Release : 6.5.236 Severity : important Type : recommended References : 1190858 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3230-1 Released: Mon Sep 27 11:19:10 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in SUSE Linux Enterprise 12 and older. (bsc#1190858) From sle-updates at lists.suse.com Tue Sep 28 10:29:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Sep 2021 12:29:37 +0200 (CEST) Subject: SUSE-CU-2021:360-1: Recommended update of suse/sle15 Message-ID: <20210928102937.970A5FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:360-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.454 Container Release : 4.22.454 Severity : moderate Type : recommended References : 1189996 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) From sle-updates at lists.suse.com Tue Sep 28 10:51:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Sep 2021 12:51:48 +0200 (CEST) Subject: SUSE-CU-2021:361-1: Recommended update of suse/sle15 Message-ID: <20210928105148.168C4FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:361-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.509 Container Release : 6.2.509 Severity : moderate Type : recommended References : 1189996 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) From sle-updates at lists.suse.com Tue Sep 28 11:06:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Sep 2021 13:06:33 +0200 (CEST) Subject: SUSE-CU-2021:362-1: Recommended update of suse/sle15 Message-ID: <20210928110633.7B91DFE13@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:362-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.22 Container Release : 9.5.22 Severity : moderate Type : recommended References : 1189996 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) From sle-updates at lists.suse.com Tue Sep 28 13:19:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Sep 2021 15:19:43 +0200 (CEST) Subject: SUSE-RU-2021:3242-1: moderate: Recommended update for apache2-mod_auth_mellon, lasso Message-ID: <20210928131943.75BB7FE12@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_auth_mellon, lasso ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3242-1 Rating: moderate References: ECO-1309 SLE-8958 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for lasso fixes the following issues: - Implement package 'apache2-mod_auth_mellon' along with its dependency 'lasso' in SLE-15-SP2. (jsc#SLE-8958, jsc#ECO-1309) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3242=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3242=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-5.4.1 apache2-mod_auth_mellon-debuginfo-0.17.0-5.4.1 apache2-mod_auth_mellon-debugsource-0.17.0-5.4.1 apache2-mod_auth_mellon-diagnostics-0.17.0-5.4.1 apache2-mod_auth_mellon-diagnostics-debuginfo-0.17.0-5.4.1 apache2-mod_auth_mellon-doc-0.17.0-5.4.1 lasso-debuginfo-2.6.1-16.2 lasso-debugsource-2.6.1-16.2 liblasso-devel-2.6.1-16.2 liblasso3-2.6.1-16.2 liblasso3-debuginfo-2.6.1-16.2 python3-lasso-2.6.1-16.2 python3-lasso-debuginfo-2.6.1-16.2 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-5.4.1 liblasso3-2.6.1-16.2 python3-lasso-2.6.1-16.2 References: From sle-updates at lists.suse.com Tue Sep 28 16:16:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Sep 2021 18:16:38 +0200 (CEST) Subject: SUSE-RU-2021:3243-1: important: Recommended update for azure-cli, azure-cli-core, python-azure-mgmt-billing, python-azure-mgmt-cdn, python-azure-mgmt-hdinsight, python-azure-mgmt-netapp, python-azure-mgmt-resource, python-azure-mgmt-synapse Message-ID: <20210928161638.2712FFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-cli, azure-cli-core, python-azure-mgmt-billing, python-azure-mgmt-cdn, python-azure-mgmt-hdinsight, python-azure-mgmt-netapp, python-azure-mgmt-resource, python-azure-mgmt-synapse ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3243-1 Rating: important References: #1187880 #1188178 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for azure-cli, azure-cli-core, python-azure-mgmt-billing, python-azure-mgmt-cdn, python-azure-mgmt-hdinsight, python-azure-mgmt-netapp, python-azure-mgmt-resource, python-azure-mgmt-synapse contains the following fixes: - Update in SLE-12 (bsc#1187880, bsc#1188178) - New upstream release + Version 2.16.0 + For detailed information about changes see the HISTORY.rst file provided with this package - Refresh patches for new version + acc_disable-update-check.patch - Update Requires from setup.py + Temporarily use a vendored copy of azure-mgmt-resource - New upstream release + Version 2.15.0 + For detailed information about changes see the HISTORY.rst file provided with this package - Update Requires from setup.py - Update in SLE-12 (bsc#1187880, bsc#1188178) - Add patch to work around compatibility issue with Python 3.4 + ac_dont-unpack-dict.patch - Add missing python3-azure-mgmt-resource dependency to Requires - New upstream release + Version 2.16.0 + For detailed information about changes see the HISTORY.rst file provided with this package - Update Requires from setup.py - New upstream release + Version 2.15.0 + For detailed information about changes see the HISTORY.rst file provided with this package - Update Requires from setup.py - Remove unsupported component package from Requires + azure-cli-taskhelp - Update in SLE-12 (bsc#1187880, bsc#1188178) - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Update in SLE-12 (bsc#1187880, bsc#1188178) - New upstream release + Version 5.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update in SLE-12 (bsc#1187880, bsc#1188178) - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update in SLE-12 (bsc#1187880, bsc#1188178) - New upstream release + Version 0.14.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update in SLE-12 (bsc#1187880, bsc#1188178) - New upstream release + Version 15.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Update in SLE-12 (bsc#1187880, bsc#1188178) - New upstream release + Version 0.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-3243=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): azure-cli-test-2.16.0-2.13.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): azure-cli-2.16.0-2.13.1 azure-cli-core-2.16.0-2.13.1 python-azure-mgmt-billing-1.0.0-2.13.1 python-azure-mgmt-cdn-5.2.0-2.13.1 python-azure-mgmt-hdinsight-2.0.0-2.10.1 python-azure-mgmt-netapp-0.14.0-2.6.1 python-azure-mgmt-resource-15.0.0-2.13.1 python-azure-mgmt-synapse-0.5.0-2.6.1 python3-azure-mgmt-billing-1.0.0-2.13.1 python3-azure-mgmt-cdn-5.2.0-2.13.1 python3-azure-mgmt-hdinsight-2.0.0-2.10.1 python3-azure-mgmt-netapp-0.14.0-2.6.1 python3-azure-mgmt-resource-15.0.0-2.13.1 python3-azure-mgmt-synapse-0.5.0-2.6.1 References: https://bugzilla.suse.com/1187880 https://bugzilla.suse.com/1188178 From sle-updates at lists.suse.com Tue Sep 28 16:17:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Sep 2021 18:17:52 +0200 (CEST) Subject: SUSE-SU-2021:3244-1: Security update for shibboleth-sp Message-ID: <20210928161752.B1CAFFCC9@maintenance.suse.de> SUSE Security Update: Security update for shibboleth-sp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3244-1 Rating: low References: #1184222 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for shibboleth-sp fixes the following issues: - Template generation allows external parameters to override placeholders (bsc#1184222) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3244=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libshibsp-lite8-3.1.0-3.3.1 libshibsp-lite8-debuginfo-3.1.0-3.3.1 libshibsp9-3.1.0-3.3.1 libshibsp9-debuginfo-3.1.0-3.3.1 shibboleth-sp-3.1.0-3.3.1 shibboleth-sp-debuginfo-3.1.0-3.3.1 shibboleth-sp-debugsource-3.1.0-3.3.1 shibboleth-sp-devel-3.1.0-3.3.1 References: https://bugzilla.suse.com/1184222 From sle-updates at lists.suse.com Tue Sep 28 16:20:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Sep 2021 18:20:15 +0200 (CEST) Subject: SUSE-RU-2021:3245-1: important: Recommended update for docker Message-ID: <20210928162015.81F20FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3245-1 Rating: important References: #1190670 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for docker fixes the following issues: - Return ENOSYS for clone3 in the seccomp profile to avoid breaking containers using glibc 2.34. - Add shell requires for the *-completion subpackages. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3245=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3245=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3245=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3245=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3245=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3245=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3245=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-3245=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-3245=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3245=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3245=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3245=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3245=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3245=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE MicroOS 5.0 (aarch64 x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): docker-bash-completion-20.10.6_ce-153.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): docker-bash-completion-20.10.6_ce-153.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): docker-bash-completion-20.10.6_ce-153.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): docker-bash-completion-20.10.6_ce-153.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): docker-bash-completion-20.10.6_ce-153.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): docker-bash-completion-20.10.6_ce-153.1 docker-fish-completion-20.10.6_ce-153.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (noarch): docker-bash-completion-20.10.6_ce-153.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): docker-bash-completion-20.10.6_ce-153.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): docker-bash-completion-20.10.6_ce-153.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): docker-bash-completion-20.10.6_ce-153.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): docker-bash-completion-20.10.6_ce-153.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE Enterprise Storage 6 (noarch): docker-bash-completion-20.10.6_ce-153.1 - SUSE CaaS Platform 4.0 (x86_64): docker-20.10.6_ce-153.1 docker-debuginfo-20.10.6_ce-153.1 - SUSE CaaS Platform 4.0 (noarch): docker-bash-completion-20.10.6_ce-153.1 References: https://bugzilla.suse.com/1190670 From sle-updates at lists.suse.com Wed Sep 29 06:23:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Sep 2021 08:23:50 +0200 (CEST) Subject: SUSE-CU-2021:363-1: Recommended update of suse/sle15 Message-ID: <20210929062350.5C524FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:363-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.5 Container Release : 17.8.5 Severity : moderate Type : recommended References : 1189996 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) From sle-updates at lists.suse.com Wed Sep 29 10:16:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Sep 2021 12:16:53 +0200 (CEST) Subject: SUSE-RU-2021:3247-1: important: Recommended update for rsync Message-ID: <20210929101653.CEFF7FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3247-1 Rating: important References: #1188258 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsync fixes the following issue: - Fix a memory protection issue in 'iconv' (bsc#1188258) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3247=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3247=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3247=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3247=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3247=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3247=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3247=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3247=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3247=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3247=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3247=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): rsync-3.1.0-13.16.1 rsync-debuginfo-3.1.0-13.16.1 rsync-debugsource-3.1.0-13.16.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): rsync-3.1.0-13.16.1 rsync-debuginfo-3.1.0-13.16.1 rsync-debugsource-3.1.0-13.16.1 - SUSE OpenStack Cloud 9 (x86_64): rsync-3.1.0-13.16.1 rsync-debuginfo-3.1.0-13.16.1 rsync-debugsource-3.1.0-13.16.1 - SUSE OpenStack Cloud 8 (x86_64): rsync-3.1.0-13.16.1 rsync-debuginfo-3.1.0-13.16.1 rsync-debugsource-3.1.0-13.16.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): rsync-3.1.0-13.16.1 rsync-debuginfo-3.1.0-13.16.1 rsync-debugsource-3.1.0-13.16.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): rsync-3.1.0-13.16.1 rsync-debuginfo-3.1.0-13.16.1 rsync-debugsource-3.1.0-13.16.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): rsync-3.1.0-13.16.1 rsync-debuginfo-3.1.0-13.16.1 rsync-debugsource-3.1.0-13.16.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): rsync-3.1.0-13.16.1 rsync-debuginfo-3.1.0-13.16.1 rsync-debugsource-3.1.0-13.16.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): rsync-3.1.0-13.16.1 rsync-debuginfo-3.1.0-13.16.1 rsync-debugsource-3.1.0-13.16.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): rsync-3.1.0-13.16.1 rsync-debuginfo-3.1.0-13.16.1 rsync-debugsource-3.1.0-13.16.1 - HPE Helion Openstack 8 (x86_64): rsync-3.1.0-13.16.1 rsync-debuginfo-3.1.0-13.16.1 rsync-debugsource-3.1.0-13.16.1 References: https://bugzilla.suse.com/1188258 From sle-updates at lists.suse.com Wed Sep 29 13:17:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Sep 2021 15:17:59 +0200 (CEST) Subject: SUSE-RU-2021:14817-1: moderate: Recommended update for Firefox build tools and runtime libraries Message-ID: <20210929131759.C9722FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for Firefox build tools and runtime libraries ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14817-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for various firefox build tools and runtime libraries fixes the following issues: Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-firefox-buildtools-14817=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 x86_64): firefox-gtk3-branding-upstream-3.14.9-2.23.3 firefox-gtk3-data-3.14.9-2.23.3 firefox-gtk3-immodule-amharic-3.14.9-2.23.3 firefox-gtk3-immodule-inuktitut-3.14.9-2.23.3 firefox-gtk3-immodule-multipress-3.14.9-2.23.3 firefox-gtk3-immodule-thai-3.14.9-2.23.3 firefox-gtk3-immodule-vietnamese-3.14.9-2.23.3 firefox-gtk3-immodule-xim-3.14.9-2.23.3 firefox-gtk3-immodules-tigrigna-3.14.9-2.23.3 firefox-gtk3-lang-3.14.9-2.23.3 firefox-gtk3-tools-3.14.9-2.23.3 firefox-libgtk-3-0-3.14.9-2.23.3 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): firefox-libgcc_s1-8.2.1+r264010-2.24.1 firefox-libstdc++6-8.2.1+r264010-2.24.1 References: From sle-updates at lists.suse.com Wed Sep 29 13:19:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Sep 2021 15:19:08 +0200 (CEST) Subject: SUSE-SU-2021:3251-1: moderate: Security update for python-urllib3 Message-ID: <20210929131908.A9607FCC9@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3251-1 Rating: moderate References: #1177120 Cross-References: CVE-2020-26137 CVSS scores: CVE-2020-26137 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26137 (SUSE): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Module for Public Cloud 12 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-urllib3 fixes the following security issue: - CVE-2020-26137: A CRLF injection via HTTP request method was fixed (bsc#1177120) Note that this was fixed in a previous version update to 1.25.9, this update just complements the tracking. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3251=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3251=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3251=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3251=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3251=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3251=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3251=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3251=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3251=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3251=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3251=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3251=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3251=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-3251=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3251=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE OpenStack Cloud Crowbar 8 (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE OpenStack Cloud 9 (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE OpenStack Cloud 8 (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-urllib3-1.25.10-3.31.2 python3-urllib3-1.25.10-3.31.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python3-urllib3-1.25.10-3.31.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-urllib3-1.25.10-3.31.2 python3-urllib3-1.25.10-3.31.2 - HPE Helion Openstack 8 (noarch): python3-urllib3-1.25.10-3.31.2 References: https://www.suse.com/security/cve/CVE-2020-26137.html https://bugzilla.suse.com/1177120 From sle-updates at lists.suse.com Wed Sep 29 13:20:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Sep 2021 15:20:29 +0200 (CEST) Subject: SUSE-RU-2021:14816-1: important: Recommended update for rsync Message-ID: <20210929132029.859BDFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14816-1 Rating: important References: #1188258 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsync fixes the following issue: - Fix a memory protection issue in 'iconv' (bsc#1188258) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-rsync-14816=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-rsync-14816=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-rsync-14816=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-rsync-14816=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): rsync-3.0.4-2.53.12.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): rsync-3.0.4-2.53.12.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): rsync-debuginfo-3.0.4-2.53.12.2 rsync-debugsource-3.0.4-2.53.12.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): rsync-debuginfo-3.0.4-2.53.12.2 rsync-debugsource-3.0.4-2.53.12.2 References: https://bugzilla.suse.com/1188258 From sle-updates at lists.suse.com Wed Sep 29 19:16:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Sep 2021 21:16:28 +0200 (CEST) Subject: SUSE-SU-2021:3258-1: moderate: Security update for haproxy Message-ID: <20210929191628.9938CFCC9@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3258-1 Rating: moderate References: #1189877 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for haproxy fixes the following issues: - CVE-2021-40346: Fixed request smuggling vulnerability in HTX (bsc#1189877). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-3258=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): haproxy-2.0.14-3.31.1 haproxy-debuginfo-2.0.14-3.31.1 haproxy-debugsource-2.0.14-3.31.1 References: https://bugzilla.suse.com/1189877 From sle-updates at lists.suse.com Wed Sep 29 19:17:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Sep 2021 21:17:39 +0200 (CEST) Subject: SUSE-SU-2021:3254-1: moderate: Security update for rabbitmq-server Message-ID: <20210929191739.40A41FCC9@maintenance.suse.de> SUSE Security Update: Security update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3254-1 Rating: moderate References: #1185075 #1186203 #1187818 #1187819 Cross-References: CVE-2021-22116 CVE-2021-32718 CVE-2021-32719 CVSS scores: CVE-2021-22116 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22116 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32718 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N CVE-2021-32719 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for rabbitmq-server fixes the following issues: - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI (bsc#1187818). - CVE-2021-32719: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in federation management plugin (bsc#1187819). - CVE-2021-22116: Fixed improper input validation may lead to DoS (bsc#1186203). - Use /run instead of /var/run in tmpfiles.d configuration (bsc#1185075). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3254=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): erlang-rabbitmq-client-3.8.3-3.3.4 rabbitmq-server-3.8.3-3.3.4 rabbitmq-server-plugins-3.8.3-3.3.4 References: https://www.suse.com/security/cve/CVE-2021-22116.html https://www.suse.com/security/cve/CVE-2021-32718.html https://www.suse.com/security/cve/CVE-2021-32719.html https://bugzilla.suse.com/1185075 https://bugzilla.suse.com/1186203 https://bugzilla.suse.com/1187818 https://bugzilla.suse.com/1187819 From sle-updates at lists.suse.com Wed Sep 29 19:19:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Sep 2021 21:19:10 +0200 (CEST) Subject: SUSE-SU-2021:3256-1: moderate: Security update for postgresql12 Message-ID: <20210929191910.DB4BFFCC9@maintenance.suse.de> SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3256-1 Rating: moderate References: #1179945 #1185952 #1187751 #1189748 Cross-References: CVE-2021-3677 CVSS scores: CVE-2021-3677 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for postgresql12 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748). - Fixed build with llvm12 on s390x (bsc#1185952). - Re-enabled icu for PostgreSQL 10 (bsc#1179945). - Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751). - llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3256=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-3256=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3256=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql12-contrib-12.8-8.23.2 postgresql12-contrib-debuginfo-12.8-8.23.2 postgresql12-debuginfo-12.8-8.23.2 postgresql12-debugsource-12.8-8.23.2 postgresql12-devel-12.8-8.23.2 postgresql12-devel-debuginfo-12.8-8.23.2 postgresql12-plperl-12.8-8.23.2 postgresql12-plperl-debuginfo-12.8-8.23.2 postgresql12-plpython-12.8-8.23.2 postgresql12-plpython-debuginfo-12.8-8.23.2 postgresql12-pltcl-12.8-8.23.2 postgresql12-pltcl-debuginfo-12.8-8.23.2 postgresql12-server-12.8-8.23.2 postgresql12-server-debuginfo-12.8-8.23.2 postgresql12-server-devel-12.8-8.23.2 postgresql12-server-devel-debuginfo-12.8-8.23.2 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql12-docs-12.8-8.23.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql12-12.8-8.23.2 postgresql12-contrib-12.8-8.23.2 postgresql12-contrib-debuginfo-12.8-8.23.2 postgresql12-debuginfo-12.8-8.23.2 postgresql12-debugsource-12.8-8.23.2 postgresql12-devel-12.8-8.23.2 postgresql12-devel-debuginfo-12.8-8.23.2 postgresql12-plperl-12.8-8.23.2 postgresql12-plperl-debuginfo-12.8-8.23.2 postgresql12-plpython-12.8-8.23.2 postgresql12-plpython-debuginfo-12.8-8.23.2 postgresql12-pltcl-12.8-8.23.2 postgresql12-pltcl-debuginfo-12.8-8.23.2 postgresql12-server-12.8-8.23.2 postgresql12-server-debuginfo-12.8-8.23.2 postgresql12-server-devel-12.8-8.23.2 postgresql12-server-devel-debuginfo-12.8-8.23.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (noarch): postgresql12-docs-12.8-8.23.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql12-12.8-8.23.2 postgresql12-debuginfo-12.8-8.23.2 postgresql12-debugsource-12.8-8.23.2 References: https://www.suse.com/security/cve/CVE-2021-3677.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1185952 https://bugzilla.suse.com/1187751 https://bugzilla.suse.com/1189748 From sle-updates at lists.suse.com Wed Sep 29 19:20:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Sep 2021 21:20:44 +0200 (CEST) Subject: SUSE-SU-2021:3257-1: moderate: Security update for haproxy Message-ID: <20210929192044.DA138FCC9@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3257-1 Rating: moderate References: #1189877 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for haproxy fixes the following issues: - CVE-2021-40346: Fixed request smuggling vulnerability in HTX (bsc#1189877). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-3257=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): haproxy-2.0.14-8.23.1 haproxy-debuginfo-2.0.14-8.23.1 haproxy-debugsource-2.0.14-8.23.1 References: https://bugzilla.suse.com/1189877 From sle-updates at lists.suse.com Wed Sep 29 19:24:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Sep 2021 21:24:29 +0200 (CEST) Subject: SUSE-SU-2021:3255-1: moderate: Security update for postgresql13 Message-ID: <20210929192429.BC7E7FCC9@maintenance.suse.de> SUSE Security Update: Security update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3255-1 Rating: moderate References: #1179945 #1185952 #1187751 #1189748 Cross-References: CVE-2021-3677 CVSS scores: CVE-2021-3677 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for postgresql13 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748). - Fixed build with llvm12 on s390x (bsc#1185952). - Re-enabled icu for PostgreSQL 10 (bsc#1179945). - Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751). - llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3255=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3255=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3255=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3255=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3255=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3255=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libecpg6-13.4-5.16.2 libecpg6-debuginfo-13.4-5.16.2 postgresql13-contrib-13.4-5.16.2 postgresql13-contrib-debuginfo-13.4-5.16.2 postgresql13-debuginfo-13.4-5.16.2 postgresql13-debugsource-13.4-5.16.1 postgresql13-debugsource-13.4-5.16.2 postgresql13-devel-13.4-5.16.2 postgresql13-devel-debuginfo-13.4-5.16.2 postgresql13-plperl-13.4-5.16.2 postgresql13-plperl-debuginfo-13.4-5.16.2 postgresql13-plpython-13.4-5.16.2 postgresql13-plpython-debuginfo-13.4-5.16.2 postgresql13-pltcl-13.4-5.16.2 postgresql13-pltcl-debuginfo-13.4-5.16.2 postgresql13-server-13.4-5.16.2 postgresql13-server-debuginfo-13.4-5.16.2 postgresql13-server-devel-13.4-5.16.2 postgresql13-server-devel-debuginfo-13.4-5.16.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): postgresql13-docs-13.4-5.16.2 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libecpg6-13.4-5.16.2 libecpg6-debuginfo-13.4-5.16.2 postgresql13-contrib-13.4-5.16.2 postgresql13-contrib-debuginfo-13.4-5.16.2 postgresql13-debuginfo-13.4-5.16.2 postgresql13-debugsource-13.4-5.16.1 postgresql13-debugsource-13.4-5.16.2 postgresql13-devel-13.4-5.16.2 postgresql13-devel-debuginfo-13.4-5.16.2 postgresql13-plperl-13.4-5.16.2 postgresql13-plperl-debuginfo-13.4-5.16.2 postgresql13-plpython-13.4-5.16.2 postgresql13-plpython-debuginfo-13.4-5.16.2 postgresql13-pltcl-13.4-5.16.2 postgresql13-pltcl-debuginfo-13.4-5.16.2 postgresql13-server-13.4-5.16.2 postgresql13-server-debuginfo-13.4-5.16.2 postgresql13-server-devel-13.4-5.16.2 postgresql13-server-devel-debuginfo-13.4-5.16.2 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql13-docs-13.4-5.16.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql13-test-13.4-5.16.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql13-test-13.4-5.16.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpq5-13.4-5.16.2 libpq5-debuginfo-13.4-5.16.2 postgresql13-13.4-5.16.2 postgresql13-debuginfo-13.4-5.16.2 postgresql13-debugsource-13.4-5.16.1 postgresql13-debugsource-13.4-5.16.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpq5-13.4-5.16.2 libpq5-debuginfo-13.4-5.16.2 postgresql13-13.4-5.16.2 postgresql13-debuginfo-13.4-5.16.2 postgresql13-debugsource-13.4-5.16.1 postgresql13-debugsource-13.4-5.16.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libpq5-32bit-13.4-5.16.2 libpq5-32bit-debuginfo-13.4-5.16.2 References: https://www.suse.com/security/cve/CVE-2021-3677.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1185952 https://bugzilla.suse.com/1187751 https://bugzilla.suse.com/1189748 From sle-updates at lists.suse.com Thu Sep 30 06:14:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 08:14:42 +0200 (CEST) Subject: SUSE-IU-2021:727-1: Security update of suse-sles-15-sp3-chost-byos-v20210927-gen2 Message-ID: <20210930061442.47E94FCC9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20210927-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:727-1 Image Tags : suse-sles-15-sp3-chost-byos-v20210927-gen2:20210927 Image Release : Severity : critical Type : security References : 1027519 1027519 1029961 1040364 1085917 1127650 1135481 1152489 1153806 1160010 1160462 1168202 1171420 1174697 1174969 1175052 1175543 1176189 1176206 1176934 1177399 1179246 1179382 1180100 1180141 1180347 1181006 1181148 1181299 1181306 1181309 1181535 1181536 1181972 1182830 1183243 1183572 1183574 1183877 1183939 1184180 1184614 1184677 1184758 1185611 1185682 1185902 1185930 1186264 1186428 1186429 1186433 1186434 1186565 1186731 1186975 1186975 1187211 1187338 1187406 1187455 1187468 1187483 1187565 1187565 1187619 1187645 1187921 1187937 1187959 1188050 1188067 1188172 1188231 1188270 1188412 1188418 1188579 1188616 1188651 1188700 1188780 1188781 1188782 1188783 1188784 1188786 1188787 1188788 1188790 1188878 1188885 1188891 1188924 1188982 1188983 1188985 1189021 1189057 1189077 1189097 1189153 1189197 1189209 1189210 1189212 1189213 1189214 1189215 1189216 1189217 1189218 1189219 1189220 1189221 1189222 1189225 1189229 1189233 1189262 1189291 1189292 1189296 1189298 1189301 1189305 1189323 1189373 1189376 1189378 1189380 1189381 1189384 1189385 1189392 1189393 1189399 1189400 1189427 1189503 1189504 1189505 1189506 1189507 1189521 1189537 1189552 1189562 1189563 1189564 1189565 1189566 1189567 1189568 1189569 1189573 1189574 1189575 1189576 1189577 1189579 1189581 1189582 1189583 1189585 1189586 1189587 1189632 1189659 1189683 1189706 1189743 1189760 1189762 1189832 1189841 1189870 1189872 1189875 1189882 1189883 1189996 1190022 1190025 1190115 1190117 1190190 1190225 1190412 1190413 1190428 CVE-2019-19977 CVE-2020-12400 CVE-2020-12401 CVE-2020-12403 CVE-2020-12770 CVE-2020-25648 CVE-2020-27840 CVE-2020-6829 CVE-2021-0089 CVE-2021-20254 CVE-2021-20277 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-28701 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3712 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20210927-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2886-1 Released: Tue Aug 31 13:21:20 2021 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1187921 This update for bind fixes the following issues: - tsig-keygen is now used to generate DDNS keys (bsc#1187921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2887-1 Released: Tue Aug 31 13:31:19 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1183939,1184758 This update for cloud-init contains the following: - Change log file creation mode to 640. (bsc#1183939) - Do not write the generated password to the log file. (bsc#1184758) - Allow purging cache when Python when version change detected. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2898-1 Released: Wed Sep 1 08:30:33 2021 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1186975,1187565,1187645 This update for grub2 fixes the following issues: - Fix error not a btrfs filesystem on s390x (bsc#1187645) - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) - Fix boot failure after kdump due to the content of grub.cfg is not completed with pending modificaton in xfs journal (bsc#1186975) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2923-1 Released: Thu Sep 2 10:11:32 2021 Summary: Security update for xen Type: security Severity: important References: 1027519,1176189,1179246,1183243,1183877,1185682,1186428,1186429,1186433,1186434,1187406,1188050,1189373,1189376,1189378,1189380,1189381,1189882,CVE-2021-0089,CVE-2021-28690,CVE-2021-28692,CVE-2021-28693,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-28700 This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Some long deprecated commands were finally removed in qemu6. Adjust libxl to use supported commands (bsc#1183243). - Update logrotate.conf, move global options into per-file sections to prevent globbering of global state (bsc#1187406). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2937-1 Released: Fri Sep 3 09:18:45 2021 Summary: Security update for libesmtp Type: security Severity: important References: 1160462,1189097,CVE-2019-19977 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2945-1 Released: Fri Sep 3 09:34:53 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1153806,1185930,1188579 This update for open-iscsi fixes the following issues: - Update 'iscsi.service' so that it tries to logon to any 'onboot' and firmware targets, in case a target was offline when booted but back up when the service is started. (bsc#1153806) - Merged with latest from upstream, which contains these fixes: * Add 'no wait' option to iscsiadm firmware login * Check for ISCSI_ERR_ISCSID_NOTCONN in iscsistart * Log proper error message when AUTH failure occurs * Support the 'qede' CMA-card driver. (bsc#1188579) * iscsistart: fix null pointer deref before exit * Set default 'startup' to 'onboot' for FW nodes. (bsc#1185930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2950-1 Released: Fri Sep 3 11:59:19 2021 Summary: Recommended update for pcre2 Type: recommended Severity: moderate References: 1187937 This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2962-1 Released: Mon Sep 6 18:23:01 2021 Summary: Recommended update for runc Type: recommended Severity: critical References: 1189743 This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2997-1 Released: Thu Sep 9 14:37:34 2021 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1187338,1189659 This update for python3 fixes the following issues: - Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3022-1 Released: Mon Sep 13 10:48:16 2021 Summary: Recommended update for c-ares Type: recommended Severity: important References: 1190225 This update for c-ares fixes the following issue: - Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3115-1 Released: Thu Sep 16 14:04:26 2021 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1029961,1174697,1176206,1176934,1179382,1188891,CVE-2020-12400,CVE-2020-12401,CVE-2020-12403,CVE-2020-25648,CVE-2020-6829 This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports('vsx') with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the ???Staat der Nederlanden Root CA - G3??? root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008???. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt 'cachedCertTable' * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting 'all' as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add 'certSIGN Root CA G2' root certificate. * bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for 'O=Government Root Certification Authority; C=TW' root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate. * bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3133-1 Released: Fri Sep 17 16:37:59 2021 Summary: Recommended update for grub2, efibootmgr Type: recommended Severity: moderate References: 1186565,1186975,1187565 This update for grub2, efibootmgr provides the following fixes: - Ship package grub2-arm64-efi and the required efibootmgr also to ppc64le, s390x and x86_64 (bsc#1186565) - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) - Fix ocasional boot failure after kdump procedure when using XFS (bsc#1186975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3136-1 Released: Fri Sep 17 16:59:09 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1185611 This update for SUSEConnect fixes the following issues: - Disallow registering via SUSEConnect if the system is managed by SUSE Manager. - Add subscription name to output of 'SUSEConnect --status'. - Send payload of GET requests as part of the url, not in the body. (bsc#1185611) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3140-1 Released: Sat Sep 18 14:37:16 2021 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1189632,CVE-2021-28701 This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3187-1 Released: Wed Sep 22 15:09:23 2021 Summary: Security update for samba Type: security Severity: important References: 1182830,1183572,1183574,1184677,1189875,CVE-2020-27840,CVE-2021-20254,CVE-2021-20277 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Spec file fixes around systemd and requires (bsc#1182830) - Fix dependency problem upgrading from libndr0 to libndr1 (bsc#1189875) - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2 (bsc#1189875) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3203-1 Released: Thu Sep 23 14:41:35 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1189537,1190190 This update for kmod fixes the following issues: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). - Enable support for ZSTD compressed modules - Display module information even for modules built into the running kernel (bsc#1189537) - '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well. - Remove test patches included in release 29 - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3205-1 Released: Thu Sep 23 16:15:20 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1 190412,1190413,1190428,CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ). - CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393). - CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412) - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest (bsc#1187959). - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - device-dax: Fix default return code of range_parse() (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes). - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes). - drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes). - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes). - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm/i915/dg1: gmbus pin mapping (bsc#1188700). - drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700). - drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700). - drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700). - drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700). - drm/i915: Add VBT AUX CH H and I (bsc#1188700). - drm/i915: Add VBT DVO ports H and I (bsc#1188700). - drm/i915: Add more AUX CHs to the enum (bsc#1188700). - drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700). - drm/i915: Correct SFC_DONE register offset (git-fixes). - drm/i915: Introduce HPD_PORT_TC<n> (bsc#1188700). - drm/i915: Move hpd_pin setup to encoder init (bsc#1188700). - drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fixup 'rpm: support gz and zst compression methods' (bsc#1190358, bsc#1190428). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - md: revert io stats accounting (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412) - net/mlx5: Properly convey driver version to firmware (git-fixes). - net/mlx5e: Add missing capability check for uplink follow (bsc#1188412) - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270) - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - post.sh: detect /usr mountpoint too - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name at unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol which is kABI change but not kABI break. - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - virt_wifi: fix error on connect (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Use 'SEV: ' prefix for messages from sev.c (jsc#SLE-14337). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3233-1 Released: Mon Sep 27 15:02:21 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552 This update for xfsprogs fixes the following issues: - Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299) - xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency. - mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536) - mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535) - xfs_growfs: Refactor geometry reporting. (bsc#1181306) - xfs_growfs: Allow mounted device node as argument. (bsc#1181299) - xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309) - xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651) - xfs_bmap: Remove '-c' from manpage. (bsc#1189552) - xfs_bmap: Do not reject '-e'. (bsc#1189552) - Implement 'libhandle1' through ECO. (jsc#SLE-20360) From sle-updates at lists.suse.com Thu Sep 30 06:15:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 08:15:30 +0200 (CEST) Subject: SUSE-IU-2021:728-1: Security update of suse-sles-15-sp3-chost-byos-v20210927-hvm-ssd-x86_64 Message-ID: <20210930061530.401CFFCC9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20210927-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:728-1 Image Tags : suse-sles-15-sp3-chost-byos-v20210927-hvm-ssd-x86_64:20210927 Image Release : Severity : critical Type : security References : 1027519 1027519 1029961 1040364 1085917 1127650 1135481 1152489 1153806 1160010 1160462 1168202 1171420 1174697 1174969 1175052 1175543 1176189 1176206 1176934 1177399 1179246 1179382 1180100 1180141 1180347 1181006 1181148 1181299 1181306 1181309 1181535 1181536 1181972 1182830 1183243 1183572 1183574 1183877 1183939 1184180 1184614 1184677 1184758 1185611 1185682 1185902 1185930 1186264 1186428 1186429 1186433 1186434 1186565 1186731 1186975 1186975 1187211 1187338 1187406 1187455 1187468 1187483 1187565 1187565 1187619 1187645 1187921 1187937 1187959 1188050 1188067 1188172 1188231 1188270 1188412 1188418 1188579 1188616 1188651 1188700 1188780 1188781 1188782 1188783 1188784 1188786 1188787 1188788 1188790 1188878 1188885 1188891 1188924 1188982 1188983 1188985 1189021 1189057 1189077 1189097 1189153 1189197 1189209 1189210 1189212 1189213 1189214 1189215 1189216 1189217 1189218 1189219 1189220 1189221 1189222 1189225 1189229 1189233 1189262 1189291 1189292 1189296 1189298 1189301 1189305 1189323 1189373 1189376 1189378 1189380 1189381 1189384 1189385 1189392 1189393 1189399 1189400 1189427 1189503 1189504 1189505 1189506 1189507 1189521 1189537 1189552 1189562 1189563 1189564 1189565 1189566 1189567 1189568 1189569 1189573 1189574 1189575 1189576 1189577 1189579 1189581 1189582 1189583 1189585 1189586 1189587 1189632 1189659 1189683 1189706 1189743 1189760 1189762 1189832 1189841 1189870 1189872 1189875 1189882 1189883 1189996 1190022 1190025 1190115 1190117 1190190 1190225 1190412 1190413 1190428 CVE-2019-19977 CVE-2020-12400 CVE-2020-12401 CVE-2020-12403 CVE-2020-12770 CVE-2020-25648 CVE-2020-27840 CVE-2020-6829 CVE-2021-0089 CVE-2021-20254 CVE-2021-20277 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-28701 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3712 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20210927-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2886-1 Released: Tue Aug 31 13:21:20 2021 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1187921 This update for bind fixes the following issues: - tsig-keygen is now used to generate DDNS keys (bsc#1187921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2887-1 Released: Tue Aug 31 13:31:19 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1183939,1184758 This update for cloud-init contains the following: - Change log file creation mode to 640. (bsc#1183939) - Do not write the generated password to the log file. (bsc#1184758) - Allow purging cache when Python when version change detected. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2898-1 Released: Wed Sep 1 08:30:33 2021 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1186975,1187565,1187645 This update for grub2 fixes the following issues: - Fix error not a btrfs filesystem on s390x (bsc#1187645) - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) - Fix boot failure after kdump due to the content of grub.cfg is not completed with pending modificaton in xfs journal (bsc#1186975) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2923-1 Released: Thu Sep 2 10:11:32 2021 Summary: Security update for xen Type: security Severity: important References: 1027519,1176189,1179246,1183243,1183877,1185682,1186428,1186429,1186433,1186434,1187406,1188050,1189373,1189376,1189378,1189380,1189381,1189882,CVE-2021-0089,CVE-2021-28690,CVE-2021-28692,CVE-2021-28693,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-28700 This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Some long deprecated commands were finally removed in qemu6. Adjust libxl to use supported commands (bsc#1183243). - Update logrotate.conf, move global options into per-file sections to prevent globbering of global state (bsc#1187406). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2937-1 Released: Fri Sep 3 09:18:45 2021 Summary: Security update for libesmtp Type: security Severity: important References: 1160462,1189097,CVE-2019-19977 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2945-1 Released: Fri Sep 3 09:34:53 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1153806,1185930,1188579 This update for open-iscsi fixes the following issues: - Update 'iscsi.service' so that it tries to logon to any 'onboot' and firmware targets, in case a target was offline when booted but back up when the service is started. (bsc#1153806) - Merged with latest from upstream, which contains these fixes: * Add 'no wait' option to iscsiadm firmware login * Check for ISCSI_ERR_ISCSID_NOTCONN in iscsistart * Log proper error message when AUTH failure occurs * Support the 'qede' CMA-card driver. (bsc#1188579) * iscsistart: fix null pointer deref before exit * Set default 'startup' to 'onboot' for FW nodes. (bsc#1185930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2950-1 Released: Fri Sep 3 11:59:19 2021 Summary: Recommended update for pcre2 Type: recommended Severity: moderate References: 1187937 This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2962-1 Released: Mon Sep 6 18:23:01 2021 Summary: Recommended update for runc Type: recommended Severity: critical References: 1189743 This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2997-1 Released: Thu Sep 9 14:37:34 2021 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1187338,1189659 This update for python3 fixes the following issues: - Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3022-1 Released: Mon Sep 13 10:48:16 2021 Summary: Recommended update for c-ares Type: recommended Severity: important References: 1190225 This update for c-ares fixes the following issue: - Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3115-1 Released: Thu Sep 16 14:04:26 2021 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1029961,1174697,1176206,1176934,1179382,1188891,CVE-2020-12400,CVE-2020-12401,CVE-2020-12403,CVE-2020-25648,CVE-2020-6829 This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports('vsx') with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the ???Staat der Nederlanden Root CA - G3??? root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008???. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt 'cachedCertTable' * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting 'all' as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add 'certSIGN Root CA G2' root certificate. * bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for 'O=Government Root Certification Authority; C=TW' root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate. * bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3133-1 Released: Fri Sep 17 16:37:59 2021 Summary: Recommended update for grub2, efibootmgr Type: recommended Severity: moderate References: 1186565,1186975,1187565 This update for grub2, efibootmgr provides the following fixes: - Ship package grub2-arm64-efi and the required efibootmgr also to ppc64le, s390x and x86_64 (bsc#1186565) - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) - Fix ocasional boot failure after kdump procedure when using XFS (bsc#1186975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3136-1 Released: Fri Sep 17 16:59:09 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1185611 This update for SUSEConnect fixes the following issues: - Disallow registering via SUSEConnect if the system is managed by SUSE Manager. - Add subscription name to output of 'SUSEConnect --status'. - Send payload of GET requests as part of the url, not in the body. (bsc#1185611) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3140-1 Released: Sat Sep 18 14:37:16 2021 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1189632,CVE-2021-28701 This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3187-1 Released: Wed Sep 22 15:09:23 2021 Summary: Security update for samba Type: security Severity: important References: 1182830,1183572,1183574,1184677,1189875,CVE-2020-27840,CVE-2021-20254,CVE-2021-20277 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Spec file fixes around systemd and requires (bsc#1182830) - Fix dependency problem upgrading from libndr0 to libndr1 (bsc#1189875) - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2 (bsc#1189875) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3203-1 Released: Thu Sep 23 14:41:35 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1189537,1190190 This update for kmod fixes the following issues: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). - Enable support for ZSTD compressed modules - Display module information even for modules built into the running kernel (bsc#1189537) - '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well. - Remove test patches included in release 29 - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3205-1 Released: Thu Sep 23 16:15:20 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1 190412,1190413,1190428,CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ). - CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393). - CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412) - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest (bsc#1187959). - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - device-dax: Fix default return code of range_parse() (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes). - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes). - drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes). - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes). - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm/i915/dg1: gmbus pin mapping (bsc#1188700). - drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700). - drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700). - drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700). - drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700). - drm/i915: Add VBT AUX CH H and I (bsc#1188700). - drm/i915: Add VBT DVO ports H and I (bsc#1188700). - drm/i915: Add more AUX CHs to the enum (bsc#1188700). - drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700). - drm/i915: Correct SFC_DONE register offset (git-fixes). - drm/i915: Introduce HPD_PORT_TC<n> (bsc#1188700). - drm/i915: Move hpd_pin setup to encoder init (bsc#1188700). - drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fixup 'rpm: support gz and zst compression methods' (bsc#1190358, bsc#1190428). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - md: revert io stats accounting (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412) - net/mlx5: Properly convey driver version to firmware (git-fixes). - net/mlx5e: Add missing capability check for uplink follow (bsc#1188412) - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270) - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - post.sh: detect /usr mountpoint too - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name at unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol which is kABI change but not kABI break. - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - virt_wifi: fix error on connect (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Use 'SEV: ' prefix for messages from sev.c (jsc#SLE-14337). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3233-1 Released: Mon Sep 27 15:02:21 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552 This update for xfsprogs fixes the following issues: - Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299) - xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency. - mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536) - mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535) - xfs_growfs: Refactor geometry reporting. (bsc#1181306) - xfs_growfs: Allow mounted device node as argument. (bsc#1181299) - xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309) - xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651) - xfs_bmap: Remove '-c' from manpage. (bsc#1189552) - xfs_bmap: Do not reject '-e'. (bsc#1189552) - Implement 'libhandle1' through ECO. (jsc#SLE-20360) From sle-updates at lists.suse.com Thu Sep 30 06:16:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 08:16:32 +0200 (CEST) Subject: SUSE-IU-2021:729-1: Security update of sles-15-sp3-chost-byos-v20210927 Message-ID: <20210930061632.89E9CFCC9@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20210927 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:729-1 Image Tags : sles-15-sp3-chost-byos-v20210927:20210927 Image Release : Severity : critical Type : security References : 1027519 1027519 1029961 1040364 1085917 1127650 1135481 1152489 1153806 1160010 1160462 1168202 1171420 1174697 1174969 1175052 1175543 1176189 1176206 1176934 1177399 1179246 1179382 1180100 1180141 1180347 1181006 1181148 1181299 1181306 1181309 1181535 1181536 1181972 1182830 1183243 1183572 1183574 1183877 1184180 1184614 1184677 1185611 1185682 1185902 1185930 1186264 1186428 1186429 1186433 1186434 1186565 1186731 1186975 1186975 1187211 1187338 1187406 1187455 1187468 1187483 1187565 1187565 1187619 1187645 1187921 1187937 1187959 1188050 1188067 1188172 1188231 1188270 1188412 1188418 1188579 1188616 1188651 1188700 1188780 1188781 1188782 1188783 1188784 1188786 1188787 1188788 1188790 1188878 1188885 1188891 1188924 1188982 1188983 1188985 1188992 1189021 1189041 1189057 1189077 1189097 1189153 1189197 1189209 1189210 1189212 1189213 1189214 1189215 1189216 1189217 1189218 1189219 1189220 1189221 1189222 1189225 1189229 1189233 1189262 1189291 1189292 1189296 1189298 1189301 1189305 1189323 1189373 1189376 1189378 1189380 1189381 1189384 1189385 1189392 1189393 1189399 1189400 1189427 1189503 1189504 1189505 1189506 1189507 1189521 1189537 1189552 1189562 1189563 1189564 1189565 1189566 1189567 1189568 1189569 1189573 1189574 1189575 1189576 1189577 1189579 1189581 1189582 1189583 1189585 1189586 1189587 1189632 1189659 1189683 1189706 1189743 1189760 1189762 1189832 1189841 1189870 1189872 1189875 1189882 1189883 1189996 1190022 1190025 1190115 1190117 1190190 1190225 1190412 1190413 1190428 CVE-2019-19977 CVE-2020-12400 CVE-2020-12401 CVE-2020-12403 CVE-2020-12770 CVE-2020-25648 CVE-2020-27840 CVE-2020-6829 CVE-2021-0089 CVE-2021-20254 CVE-2021-20277 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-28701 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3712 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20210927 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2886-1 Released: Tue Aug 31 13:21:20 2021 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1187921 This update for bind fixes the following issues: - tsig-keygen is now used to generate DDNS keys (bsc#1187921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2898-1 Released: Wed Sep 1 08:30:33 2021 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1186975,1187565,1187645 This update for grub2 fixes the following issues: - Fix error not a btrfs filesystem on s390x (bsc#1187645) - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) - Fix boot failure after kdump due to the content of grub.cfg is not completed with pending modificaton in xfs journal (bsc#1186975) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2923-1 Released: Thu Sep 2 10:11:32 2021 Summary: Security update for xen Type: security Severity: important References: 1027519,1176189,1179246,1183243,1183877,1185682,1186428,1186429,1186433,1186434,1187406,1188050,1189373,1189376,1189378,1189380,1189381,1189882,CVE-2021-0089,CVE-2021-28690,CVE-2021-28692,CVE-2021-28693,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-28700 This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Some long deprecated commands were finally removed in qemu6. Adjust libxl to use supported commands (bsc#1183243). - Update logrotate.conf, move global options into per-file sections to prevent globbering of global state (bsc#1187406). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2937-1 Released: Fri Sep 3 09:18:45 2021 Summary: Security update for libesmtp Type: security Severity: important References: 1160462,1189097,CVE-2019-19977 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2945-1 Released: Fri Sep 3 09:34:53 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1153806,1185930,1188579 This update for open-iscsi fixes the following issues: - Update 'iscsi.service' so that it tries to logon to any 'onboot' and firmware targets, in case a target was offline when booted but back up when the service is started. (bsc#1153806) - Merged with latest from upstream, which contains these fixes: * Add 'no wait' option to iscsiadm firmware login * Check for ISCSI_ERR_ISCSID_NOTCONN in iscsistart * Log proper error message when AUTH failure occurs * Support the 'qede' CMA-card driver. (bsc#1188579) * iscsistart: fix null pointer deref before exit * Set default 'startup' to 'onboot' for FW nodes. (bsc#1185930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2950-1 Released: Fri Sep 3 11:59:19 2021 Summary: Recommended update for pcre2 Type: recommended Severity: moderate References: 1187937 This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2962-1 Released: Mon Sep 6 18:23:01 2021 Summary: Recommended update for runc Type: recommended Severity: critical References: 1189743 This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2997-1 Released: Thu Sep 9 14:37:34 2021 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1187338,1189659 This update for python3 fixes the following issues: - Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3022-1 Released: Mon Sep 13 10:48:16 2021 Summary: Recommended update for c-ares Type: recommended Severity: important References: 1190225 This update for c-ares fixes the following issue: - Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3115-1 Released: Thu Sep 16 14:04:26 2021 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1029961,1174697,1176206,1176934,1179382,1188891,CVE-2020-12400,CVE-2020-12401,CVE-2020-12403,CVE-2020-25648,CVE-2020-6829 This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports('vsx') with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the ???Staat der Nederlanden Root CA - G3??? root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008???. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt 'cachedCertTable' * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting 'all' as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add 'certSIGN Root CA G2' root certificate. * bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for 'O=Government Root Certification Authority; C=TW' root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate. * bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3132-1 Released: Fri Sep 17 16:37:37 2021 Summary: Recommended update for google-guest-oslogin Type: recommended Severity: moderate References: 1188992,1189041 This update for google-guest-oslogin contains the following fixes: - Update to version 20210728.00 (bsc#1188992, bsc#1189041) * JSON object cleanup (#65) - Update to version 20210707.00 * throw exceptions in cache_refresh (#64) - from version 20210702.00 * Use IP address for calling the metadata server. (#63) - Update to version 20210618.00 * flush each group member write (#62) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3133-1 Released: Fri Sep 17 16:37:59 2021 Summary: Recommended update for grub2, efibootmgr Type: recommended Severity: moderate References: 1186565,1186975,1187565 This update for grub2, efibootmgr provides the following fixes: - Ship package grub2-arm64-efi and the required efibootmgr also to ppc64le, s390x and x86_64 (bsc#1186565) - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) - Fix ocasional boot failure after kdump procedure when using XFS (bsc#1186975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3136-1 Released: Fri Sep 17 16:59:09 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1185611 This update for SUSEConnect fixes the following issues: - Disallow registering via SUSEConnect if the system is managed by SUSE Manager. - Add subscription name to output of 'SUSEConnect --status'. - Send payload of GET requests as part of the url, not in the body. (bsc#1185611) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3140-1 Released: Sat Sep 18 14:37:16 2021 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1189632,CVE-2021-28701 This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3187-1 Released: Wed Sep 22 15:09:23 2021 Summary: Security update for samba Type: security Severity: important References: 1182830,1183572,1183574,1184677,1189875,CVE-2020-27840,CVE-2021-20254,CVE-2021-20277 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Spec file fixes around systemd and requires (bsc#1182830) - Fix dependency problem upgrading from libndr0 to libndr1 (bsc#1189875) - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2 (bsc#1189875) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3203-1 Released: Thu Sep 23 14:41:35 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1189537,1190190 This update for kmod fixes the following issues: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). - Enable support for ZSTD compressed modules - Display module information even for modules built into the running kernel (bsc#1189537) - '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well. - Remove test patches included in release 29 - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3205-1 Released: Thu Sep 23 16:15:20 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1 190412,1190413,1190428,CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ). - CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393). - CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412) - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest (bsc#1187959). - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - device-dax: Fix default return code of range_parse() (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes). - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes). - drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes). - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes). - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm/i915/dg1: gmbus pin mapping (bsc#1188700). - drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700). - drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700). - drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700). - drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700). - drm/i915: Add VBT AUX CH H and I (bsc#1188700). - drm/i915: Add VBT DVO ports H and I (bsc#1188700). - drm/i915: Add more AUX CHs to the enum (bsc#1188700). - drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700). - drm/i915: Correct SFC_DONE register offset (git-fixes). - drm/i915: Introduce HPD_PORT_TC<n> (bsc#1188700). - drm/i915: Move hpd_pin setup to encoder init (bsc#1188700). - drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fixup 'rpm: support gz and zst compression methods' (bsc#1190358, bsc#1190428). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - md: revert io stats accounting (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412) - net/mlx5: Properly convey driver version to firmware (git-fixes). - net/mlx5e: Add missing capability check for uplink follow (bsc#1188412) - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270) - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - post.sh: detect /usr mountpoint too - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name at unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol which is kABI change but not kABI break. - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - virt_wifi: fix error on connect (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Use 'SEV: ' prefix for messages from sev.c (jsc#SLE-14337). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3233-1 Released: Mon Sep 27 15:02:21 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552 This update for xfsprogs fixes the following issues: - Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299) - xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency. - mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536) - mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535) - xfs_growfs: Refactor geometry reporting. (bsc#1181306) - xfs_growfs: Allow mounted device node as argument. (bsc#1181299) - xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309) - xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651) - xfs_bmap: Remove '-c' from manpage. (bsc#1189552) - xfs_bmap: Do not reject '-e'. (bsc#1189552) - Implement 'libhandle1' through ECO. (jsc#SLE-20360) From sle-updates at lists.suse.com Thu Sep 30 13:16:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 15:16:16 +0200 (CEST) Subject: SUSE-RU-2021:3264-1: moderate: Recommended update for SUSE Manager Proxy 4.1 Message-ID: <20210930131616.4B3EFFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3264-1 Rating: moderate References: #1181223 #1187150 #1188977 #1189263 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Add schedule_archivecompleted to mass archive actions (bsc#1181223) - Use proper ordering when listing activationkey - Remove whoami from the list of unauthenticated commands (bsc#1188977) - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) spacewalk-backend: - Fix typo "verfication" instead of "verification" spacewalk-web: - Fix timezone offset shifted by JS Date Object (bsc#1187150) susemanager-build-keys: - Add Debian 11 keys susemanager-tftpsync-recv: - Adapt 'configure-tftpsync.sh' to work on machines with multiple IP's (bsc#1189263) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-3264=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): spacecmd-4.1.14-4.27.1 spacewalk-backend-4.1.28-4.41.1 spacewalk-base-minimal-4.1.29-3.33.2 spacewalk-base-minimal-config-4.1.29-3.33.2 susemanager-build-keys-15.2.5-3.20.1 susemanager-build-keys-web-15.2.5-3.20.1 susemanager-tftpsync-recv-4.1.5-3.6.1 References: https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1187150 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1189263 From sle-updates at lists.suse.com Thu Sep 30 13:18:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 15:18:47 +0200 (CEST) Subject: SUSE-RU-2021:14818-1: moderate: Recommended update for mozilla-nspr, mozilla-nss Message-ID: <20210930131847.391E7FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14818-1 Rating: moderate References: #1029961 #1174697 #1176206 #1176934 #1179382 #1188891 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports("vsx") with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the ???Staat der Nederlanden Root CA - G3??? root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008???. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt "cachedCertTable" * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_rele ase_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting "all" as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add "certSIGN Root CA G2" root certificate. * bmo#1645174 - Add Microsec's "e-Szigno Root CA 2017" root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for "O=Government Root Certification Authority; C=TW" root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove "LuxTrust Global Root 2" root certificate. * bmo#1639987 - Remove "Staat der Nederlanden Root CA - G2" root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mozilla-nss-nspr-91esr-14818=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mozilla-nss-nspr-91esr-14818=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mozilla-nss-nspr-91esr-14818=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mozilla-nss-nspr-91esr-14818=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libfreebl3-3.68-47.16.1 libsoftokn3-3.68-47.16.1 mozilla-nspr-4.32-33.6.1 mozilla-nspr-devel-4.32-33.6.1 mozilla-nss-3.68-47.16.1 mozilla-nss-certs-3.68-47.16.1 mozilla-nss-devel-3.68-47.16.1 mozilla-nss-tools-3.68-47.16.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libfreebl3-32bit-3.68-47.16.1 libsoftokn3-32bit-3.68-47.16.1 mozilla-nspr-32bit-4.32-33.6.1 mozilla-nss-32bit-3.68-47.16.1 mozilla-nss-certs-32bit-3.68-47.16.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libfreebl3-3.68-47.16.1 libsoftokn3-3.68-47.16.1 mozilla-nspr-4.32-33.6.1 mozilla-nss-3.68-47.16.1 mozilla-nss-certs-3.68-47.16.1 mozilla-nss-tools-3.68-47.16.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mozilla-nspr-debuginfo-4.32-33.6.1 mozilla-nspr-debugsource-4.32-33.6.1 mozilla-nss-debuginfo-3.68-47.16.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): mozilla-nspr-debuginfo-32bit-4.32-33.6.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mozilla-nspr-debuginfo-4.32-33.6.1 mozilla-nspr-debugsource-4.32-33.6.1 mozilla-nss-debuginfo-3.68-47.16.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): mozilla-nspr-debuginfo-32bit-4.32-33.6.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1174697 https://bugzilla.suse.com/1176206 https://bugzilla.suse.com/1176934 https://bugzilla.suse.com/1179382 https://bugzilla.suse.com/1188891 From sle-updates at lists.suse.com Thu Sep 30 13:20:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 15:20:36 +0200 (CEST) Subject: SUSE-RU-2021:3261-1: moderate: Recommended update for SUSE Manager 4.1.11 Release Notes Message-ID: <20210930132036.12C68FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.1.11 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3261-1 Rating: moderate References: #1171483 #1172671 #1181223 #1187150 #1187549 #1187572 #1188032 #1188136 #1188163 #1188641 #1188647 #1188656 #1188853 #1188977 #1189040 #1189263 #1190123 #1190164 #1190455 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has 19 recommended fixes can now be installed. Description: This update for SUSE Manager 4.1.11 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.1.11 * Bugs mentioned bsc#1171483,bsc#1172671,bsc#1181223,bsc#1187150, bsc#1187549,bsc#1187572,bsc#1188032,bsc#1188136, bsc#1188163,bsc#1188641,bsc#1188647,bsc#1188656, bsc#1188853,bsc#1188977,bsc#1189040,bsc#1190123, bsc#1190164,bsc#1190455 Release notes for SUSE Manager proxy: - Update to 4.1.11 * Bugs mentioned bsc#1181223,bsc#1187150,bsc#1188977,bsc#1189263 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-3261=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-3261=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-3261=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): release-notes-susemanager-4.1.11-3.61.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): release-notes-susemanager-proxy-4.1.11-3.44.1 - SUSE Manager Proxy 4.1 (x86_64): release-notes-susemanager-proxy-4.1.11-3.44.1 References: https://bugzilla.suse.com/1171483 https://bugzilla.suse.com/1172671 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1187150 https://bugzilla.suse.com/1187549 https://bugzilla.suse.com/1187572 https://bugzilla.suse.com/1188032 https://bugzilla.suse.com/1188136 https://bugzilla.suse.com/1188163 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188656 https://bugzilla.suse.com/1188853 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189263 https://bugzilla.suse.com/1190123 https://bugzilla.suse.com/1190164 https://bugzilla.suse.com/1190455 From sle-updates at lists.suse.com Thu Sep 30 13:23:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 15:23:54 +0200 (CEST) Subject: SUSE-RU-2021:3264-1: moderate: Recommended update for SUSE Manager Server 4.1 Message-ID: <20210930132354.B13D3FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3264-1 Rating: moderate References: #1171483 #1172671 #1181223 #1187150 #1187549 #1187572 #1188032 #1188136 #1188163 #1188641 #1188647 #1188656 #1188853 #1188977 #1189040 #1189263 #1190123 #1190164 #1190455 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has 19 recommended fixes can now be installed. Description: This update fixes the following issues: hub-xmlrpc-api: - Use rpm systemd macro to restart service in replace of systemctl openvpn-formula: - Changed package to noarch. prometheus-exporters-formula: - Fix formula data migration with missing exporter configuration (bsc#1188136) py26-compat-salt: - Fix error handling in openscap module (bsc#1188647) - Define license macro as doc in spec file if not existing py27-compat-salt: - Add missing aarch64 to rpm package architectures - Consolidate some state requisites (bsc#1188641) - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing spacecmd: - Add schedule_archivecompleted to mass archive actions (bsc#1181223) - Use proper ordering when listing activationkey - Remove whoami from the list of unauthenticated commands (bsc#1188977) - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) spacewalk-backend: - Fix typo "verfication" instead of "verification" spacewalk-java: - Allow getting all completed actions via XMLRPC without display limit (bsc#1181223) - Add XMLRPC API to force refreshing pillar data (bsc#1190123) - Add missing string on XCCDF scan results (bsc#1190164) - Support syncing patches with advisory status 'pending' (bsc#1190455) - Ignore duplicates in 'pkg.installed' result when applying patches (bsc#1187572) - XMLRPC: Add call for listing application monitoring endpoints - Do not log XMLRPC fault exceptions as errors (bsc#1188853) - Allow getting all archived actions via XMLRPC without display limit (bsc#1181223) - Delete ActionChains when the last action is a Reboot and it completes (bsc#1188163) - Fix timezone offset shifted by JS Date Object (bsc#1187150) spacewalk-setup: - Increase max size for uploaded files to Salt master spacewalk-utils: - When renaming: don't regenerate CA, allow using third-party certificate and trigger pillar refresh (bsc#1190123) spacewalk-web: - Fix timezone offset shifted by JS Date Object (bsc#1187150) supportutils-plugin-susemanager: - Detect broken symlinks in tomcat, taskomatic and search daemon susemanager: - Abort migration if 'data_directory' is defined at the PostgreSQL susemanager-build-keys: - Add Debian 11 keys susemanager-doc-indexes and susemanager-docs_en: - Update for hostname renaming documentation - Add information about pam service name limitations - Added warning about future deprecation of traditional clients - Updated Setup section in the Installation Guide on trouble shooting freely available products - Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656) - Correct package name for PAM authentication (bsc#1171483) - Added more information on Salt ssh user configuration in the Salt Guide (bsc#1187549) - Documented KIWI options and profile selection in Administration Guide. - Added note about autoinstallation kernel options and Azure clients - Removed conflict appearing on mangled pages (bsc#1172671) - Update for hostname renaming documentation - Add information about pam service name limitations - Added warning about future deprecation of traditional clients - Updated Setup section in the Installation Guide on troubleshooting freely available products - Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656) - Correct package name for PAM authentication (bsc#1171483) - Added more information on Salt ssh user configuration in the Salt Guide (bsc#1187549) - Documented KIWI options and profile selection in Administration Guide. - Added note about autoinstallation kernel options and Azure clients - Removed conflict appearing on mangled pages (bsc#1172671) susemanager-schema: - Support syncing patches with advisory status 'pending' (bsc#1190455) - Fix wrongly assigned entitlements due to system transfer (bsc#1188032) susemanager-sync-data: - Set OES 2018 SP3 to released How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-3264=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-3264=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): hub-xmlrpc-api-0.7-3.6.1 hub-xmlrpc-api-debuginfo-0.7-3.6.1 susemanager-4.1.29-3.34.1 susemanager-tools-4.1.29-3.34.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): openvpn-formula-0.1.2-3.6.1 prometheus-exporters-formula-0.9.3-3.28.1 py26-compat-salt-2016.11.10-14.1 py27-compat-salt-3000.3-6.12.1 spacecmd-4.1.14-4.27.1 spacewalk-backend-4.1.28-4.41.1 spacewalk-backend-app-4.1.28-4.41.1 spacewalk-backend-applet-4.1.28-4.41.1 spacewalk-backend-config-files-4.1.28-4.41.1 spacewalk-backend-config-files-common-4.1.28-4.41.1 spacewalk-backend-config-files-tool-4.1.28-4.41.1 spacewalk-backend-iss-4.1.28-4.41.1 spacewalk-backend-iss-export-4.1.28-4.41.1 spacewalk-backend-package-push-server-4.1.28-4.41.1 spacewalk-backend-server-4.1.28-4.41.1 spacewalk-backend-sql-4.1.28-4.41.1 spacewalk-backend-sql-postgresql-4.1.28-4.41.1 spacewalk-backend-tools-4.1.28-4.41.1 spacewalk-backend-xml-export-libs-4.1.28-4.41.1 spacewalk-backend-xmlrpc-4.1.28-4.41.1 spacewalk-base-4.1.29-3.33.2 spacewalk-base-minimal-4.1.29-3.33.2 spacewalk-base-minimal-config-4.1.29-3.33.2 spacewalk-html-4.1.29-3.33.2 spacewalk-java-4.1.40-3.55.1 spacewalk-java-config-4.1.40-3.55.1 spacewalk-java-lib-4.1.40-3.55.1 spacewalk-java-postgresql-4.1.40-3.55.1 spacewalk-setup-4.1.9-3.12.1 spacewalk-taskomatic-4.1.40-3.55.1 spacewalk-utils-4.1.18-3.24.1 spacewalk-utils-extras-4.1.18-3.24.1 supportutils-plugin-susemanager-4.1.5-3.6.1 susemanager-build-keys-15.2.5-3.20.1 susemanager-build-keys-web-15.2.5-3.20.1 susemanager-doc-indexes-4.1-11.43.1 susemanager-docs_en-4.1-11.43.1 susemanager-docs_en-pdf-4.1-11.43.1 susemanager-schema-4.1.23-3.36.1 susemanager-sync-data-4.1.16-3.29.1 susemanager-web-libs-4.1.29-3.33.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): spacecmd-4.1.14-4.27.1 spacewalk-backend-4.1.28-4.41.1 spacewalk-base-minimal-4.1.29-3.33.2 spacewalk-base-minimal-config-4.1.29-3.33.2 susemanager-build-keys-15.2.5-3.20.1 susemanager-build-keys-web-15.2.5-3.20.1 susemanager-tftpsync-recv-4.1.5-3.6.1 References: https://bugzilla.suse.com/1171483 https://bugzilla.suse.com/1172671 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1187150 https://bugzilla.suse.com/1187549 https://bugzilla.suse.com/1187572 https://bugzilla.suse.com/1188032 https://bugzilla.suse.com/1188136 https://bugzilla.suse.com/1188163 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188656 https://bugzilla.suse.com/1188853 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189263 https://bugzilla.suse.com/1190123 https://bugzilla.suse.com/1190164 https://bugzilla.suse.com/1190455 From sle-updates at lists.suse.com Thu Sep 30 13:28:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 15:28:18 +0200 (CEST) Subject: SUSE-FU-2021:3263-1: moderate: Feature update for SUSE Manager 4.1.11 Proxy Message-ID: <20210930132818.E5D2FFCC9@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager 4.1.11 Proxy ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3263-1 Rating: moderate References: Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 0 feature fixes can now be installed. Description: This update provides the following packages to SUSE Manager 4.1.11 Proxy golang-github-prometheus-alertmanager: - golang-github-prometheus-alertmanager is added to SUSE Manager Proxy as L3 supported system-user-prometheus: - system-user-prometheus is added to SUSE Manager Proxy as L3 supported Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-3263=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-3263=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-3263=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3263=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.21.0-6.1 - SUSE Manager Tools 15 (noarch): system-user-prometheus-1.0.0-6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.21.0-6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): system-user-prometheus-1.0.0-6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.21.0-6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): system-user-prometheus-1.0.0-6.1 - SUSE Enterprise Storage 6 (noarch): system-user-prometheus-1.0.0-6.1 References: From sle-updates at lists.suse.com Thu Sep 30 13:29:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 15:29:26 +0200 (CEST) Subject: SUSE-FU-2021:3262-1: moderate: Feature update for SUSE Manager 4.1.11 Proxy Message-ID: <20210930132926.64163FCC9@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager 4.1.11 Proxy ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3262-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 0 feature fixes can now be installed. Description: This update provides the following packages to SUSE Manager 4.1.11 Proxy golang-github-prometheus-prometheus: - golang-github-prometheus-prometheus is added to SUSE Manager Proxy as L3 supported Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-3262=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-3262=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3262=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.27.1-3.12.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.27.1-3.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-prometheus-2.27.1-3.12.1 References: From sle-updates at lists.suse.com Thu Sep 30 19:16:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 21:16:07 +0200 (CEST) Subject: SUSE-SU-2021:3268-1: important: Security update for libqt5-qtbase Message-ID: <20210930191607.8D292FCC9@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3268-1 Rating: important References: #1178600 #1189408 Cross-References: CVE-2020-24741 CVSS scores: CVE-2020-24741 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-24741 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libqt5-qtbase fixes the following issues: - CVE-2020-24741: Fixed a bug that allowed QLibrary to load libraries relative to CWD which could result in arbitrary code execution. (bsc#1189408) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3268=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libQt5Concurrent5-5.6.1-17.21.3 libQt5Concurrent5-debuginfo-5.6.1-17.21.3 libQt5Core5-5.6.1-17.21.3 libQt5Core5-debuginfo-5.6.1-17.21.3 libQt5DBus5-5.6.1-17.21.3 libQt5DBus5-debuginfo-5.6.1-17.21.3 libQt5Gui5-5.6.1-17.21.3 libQt5Gui5-debuginfo-5.6.1-17.21.3 libQt5Network5-5.6.1-17.21.3 libQt5Network5-debuginfo-5.6.1-17.21.3 libQt5OpenGL5-5.6.1-17.21.3 libQt5OpenGL5-debuginfo-5.6.1-17.21.3 libQt5PrintSupport5-5.6.1-17.21.3 libQt5PrintSupport5-debuginfo-5.6.1-17.21.3 libQt5Sql5-5.6.1-17.21.3 libQt5Sql5-debuginfo-5.6.1-17.21.3 libQt5Sql5-mysql-5.6.1-17.21.3 libQt5Sql5-mysql-debuginfo-5.6.1-17.21.3 libQt5Sql5-postgresql-5.6.1-17.21.3 libQt5Sql5-postgresql-debuginfo-5.6.1-17.21.3 libQt5Sql5-sqlite-5.6.1-17.21.3 libQt5Sql5-sqlite-debuginfo-5.6.1-17.21.3 libQt5Sql5-unixODBC-5.6.1-17.21.3 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.21.3 libQt5Test5-5.6.1-17.21.3 libQt5Test5-debuginfo-5.6.1-17.21.3 libQt5Widgets5-5.6.1-17.21.3 libQt5Widgets5-debuginfo-5.6.1-17.21.3 libQt5Xml5-5.6.1-17.21.3 libQt5Xml5-debuginfo-5.6.1-17.21.3 libqt5-qtbase-debugsource-5.6.1-17.21.3 References: https://www.suse.com/security/cve/CVE-2020-24741.html https://bugzilla.suse.com/1178600 https://bugzilla.suse.com/1189408 From sle-updates at lists.suse.com Thu Sep 30 19:17:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 21:17:19 +0200 (CEST) Subject: SUSE-SU-2021:3269-1: important: Security update for libqt5-qtbase Message-ID: <20210930191719.E68C3FCC9@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3269-1 Rating: important References: #1178600 #1189408 Cross-References: CVE-2020-24741 CVSS scores: CVE-2020-24741 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-24741 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libqt5-qtbase fixes the following issues: - CVE-2020-24741: Fixed a bug that allowed QLibrary to load libraries relative to CWD which could result in arbitrary code execution. (bsc#1189408) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3269=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3269=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3269=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3269=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libQt5Concurrent-devel-5.9.4-8.29.1 libQt5Concurrent5-5.9.4-8.29.1 libQt5Concurrent5-debuginfo-5.9.4-8.29.1 libQt5Core-devel-5.9.4-8.29.1 libQt5Core5-5.9.4-8.29.1 libQt5Core5-debuginfo-5.9.4-8.29.1 libQt5DBus-devel-5.9.4-8.29.1 libQt5DBus-devel-debuginfo-5.9.4-8.29.1 libQt5DBus5-5.9.4-8.29.1 libQt5DBus5-debuginfo-5.9.4-8.29.1 libQt5Gui-devel-5.9.4-8.29.1 libQt5Gui5-5.9.4-8.29.1 libQt5Gui5-debuginfo-5.9.4-8.29.1 libQt5KmsSupport-devel-static-5.9.4-8.29.1 libQt5Network-devel-5.9.4-8.29.1 libQt5Network5-5.9.4-8.29.1 libQt5Network5-debuginfo-5.9.4-8.29.1 libQt5OpenGL-devel-5.9.4-8.29.1 libQt5OpenGL5-5.9.4-8.29.1 libQt5OpenGL5-debuginfo-5.9.4-8.29.1 libQt5OpenGLExtensions-devel-static-5.9.4-8.29.1 libQt5PlatformHeaders-devel-5.9.4-8.29.1 libQt5PlatformSupport-devel-static-5.9.4-8.29.1 libQt5PrintSupport-devel-5.9.4-8.29.1 libQt5PrintSupport5-5.9.4-8.29.1 libQt5PrintSupport5-debuginfo-5.9.4-8.29.1 libQt5Sql-devel-5.9.4-8.29.1 libQt5Sql5-5.9.4-8.29.1 libQt5Sql5-debuginfo-5.9.4-8.29.1 libQt5Sql5-mysql-5.9.4-8.29.1 libQt5Sql5-mysql-debuginfo-5.9.4-8.29.1 libQt5Sql5-postgresql-5.9.4-8.29.1 libQt5Sql5-postgresql-debuginfo-5.9.4-8.29.1 libQt5Sql5-sqlite-5.9.4-8.29.1 libQt5Sql5-sqlite-debuginfo-5.9.4-8.29.1 libQt5Sql5-unixODBC-5.9.4-8.29.1 libQt5Sql5-unixODBC-debuginfo-5.9.4-8.29.1 libQt5Test-devel-5.9.4-8.29.1 libQt5Test5-5.9.4-8.29.1 libQt5Test5-debuginfo-5.9.4-8.29.1 libQt5Widgets-devel-5.9.4-8.29.1 libQt5Widgets5-5.9.4-8.29.1 libQt5Widgets5-debuginfo-5.9.4-8.29.1 libQt5Xml-devel-5.9.4-8.29.1 libQt5Xml5-5.9.4-8.29.1 libQt5Xml5-debuginfo-5.9.4-8.29.1 libqt5-qtbase-common-devel-5.9.4-8.29.1 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.29.1 libqt5-qtbase-debugsource-5.9.4-8.29.1 libqt5-qtbase-devel-5.9.4-8.29.1 libqt5-qtbase-platformtheme-gtk3-5.9.4-8.29.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.29.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libQt5Core-private-headers-devel-5.9.4-8.29.1 libQt5DBus-private-headers-devel-5.9.4-8.29.1 libQt5Gui-private-headers-devel-5.9.4-8.29.1 libQt5KmsSupport-private-headers-devel-5.9.4-8.29.1 libQt5Network-private-headers-devel-5.9.4-8.29.1 libQt5OpenGL-private-headers-devel-5.9.4-8.29.1 libQt5PlatformSupport-private-headers-devel-5.9.4-8.29.1 libQt5PrintSupport-private-headers-devel-5.9.4-8.29.1 libQt5Sql-private-headers-devel-5.9.4-8.29.1 libQt5Test-private-headers-devel-5.9.4-8.29.1 libQt5Widgets-private-headers-devel-5.9.4-8.29.1 libqt5-qtbase-private-headers-devel-5.9.4-8.29.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libQt5Concurrent-devel-5.9.4-8.29.1 libQt5Concurrent5-5.9.4-8.29.1 libQt5Concurrent5-debuginfo-5.9.4-8.29.1 libQt5Core-devel-5.9.4-8.29.1 libQt5Core5-5.9.4-8.29.1 libQt5Core5-debuginfo-5.9.4-8.29.1 libQt5DBus-devel-5.9.4-8.29.1 libQt5DBus-devel-debuginfo-5.9.4-8.29.1 libQt5DBus5-5.9.4-8.29.1 libQt5DBus5-debuginfo-5.9.4-8.29.1 libQt5Gui-devel-5.9.4-8.29.1 libQt5Gui5-5.9.4-8.29.1 libQt5Gui5-debuginfo-5.9.4-8.29.1 libQt5KmsSupport-devel-static-5.9.4-8.29.1 libQt5Network-devel-5.9.4-8.29.1 libQt5Network5-5.9.4-8.29.1 libQt5Network5-debuginfo-5.9.4-8.29.1 libQt5OpenGL-devel-5.9.4-8.29.1 libQt5OpenGL5-5.9.4-8.29.1 libQt5OpenGL5-debuginfo-5.9.4-8.29.1 libQt5OpenGLExtensions-devel-static-5.9.4-8.29.1 libQt5PlatformHeaders-devel-5.9.4-8.29.1 libQt5PlatformSupport-devel-static-5.9.4-8.29.1 libQt5PrintSupport-devel-5.9.4-8.29.1 libQt5PrintSupport5-5.9.4-8.29.1 libQt5PrintSupport5-debuginfo-5.9.4-8.29.1 libQt5Sql-devel-5.9.4-8.29.1 libQt5Sql5-5.9.4-8.29.1 libQt5Sql5-debuginfo-5.9.4-8.29.1 libQt5Sql5-mysql-5.9.4-8.29.1 libQt5Sql5-mysql-debuginfo-5.9.4-8.29.1 libQt5Sql5-postgresql-5.9.4-8.29.1 libQt5Sql5-postgresql-debuginfo-5.9.4-8.29.1 libQt5Sql5-sqlite-5.9.4-8.29.1 libQt5Sql5-sqlite-debuginfo-5.9.4-8.29.1 libQt5Sql5-unixODBC-5.9.4-8.29.1 libQt5Sql5-unixODBC-debuginfo-5.9.4-8.29.1 libQt5Test-devel-5.9.4-8.29.1 libQt5Test5-5.9.4-8.29.1 libQt5Test5-debuginfo-5.9.4-8.29.1 libQt5Widgets-devel-5.9.4-8.29.1 libQt5Widgets5-5.9.4-8.29.1 libQt5Widgets5-debuginfo-5.9.4-8.29.1 libQt5Xml-devel-5.9.4-8.29.1 libQt5Xml5-5.9.4-8.29.1 libQt5Xml5-debuginfo-5.9.4-8.29.1 libqt5-qtbase-common-devel-5.9.4-8.29.1 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.29.1 libqt5-qtbase-debugsource-5.9.4-8.29.1 libqt5-qtbase-devel-5.9.4-8.29.1 libqt5-qtbase-platformtheme-gtk3-5.9.4-8.29.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.29.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libQt5Core-private-headers-devel-5.9.4-8.29.1 libQt5DBus-private-headers-devel-5.9.4-8.29.1 libQt5Gui-private-headers-devel-5.9.4-8.29.1 libQt5KmsSupport-private-headers-devel-5.9.4-8.29.1 libQt5Network-private-headers-devel-5.9.4-8.29.1 libQt5OpenGL-private-headers-devel-5.9.4-8.29.1 libQt5PlatformSupport-private-headers-devel-5.9.4-8.29.1 libQt5PrintSupport-private-headers-devel-5.9.4-8.29.1 libQt5Sql-private-headers-devel-5.9.4-8.29.1 libQt5Test-private-headers-devel-5.9.4-8.29.1 libQt5Widgets-private-headers-devel-5.9.4-8.29.1 libqt5-qtbase-private-headers-devel-5.9.4-8.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libQt5Concurrent-devel-5.9.4-8.29.1 libQt5Concurrent5-5.9.4-8.29.1 libQt5Concurrent5-debuginfo-5.9.4-8.29.1 libQt5Core-devel-5.9.4-8.29.1 libQt5Core5-5.9.4-8.29.1 libQt5Core5-debuginfo-5.9.4-8.29.1 libQt5DBus-devel-5.9.4-8.29.1 libQt5DBus-devel-debuginfo-5.9.4-8.29.1 libQt5DBus5-5.9.4-8.29.1 libQt5DBus5-debuginfo-5.9.4-8.29.1 libQt5Gui-devel-5.9.4-8.29.1 libQt5Gui5-5.9.4-8.29.1 libQt5Gui5-debuginfo-5.9.4-8.29.1 libQt5KmsSupport-devel-static-5.9.4-8.29.1 libQt5Network-devel-5.9.4-8.29.1 libQt5Network5-5.9.4-8.29.1 libQt5Network5-debuginfo-5.9.4-8.29.1 libQt5OpenGL-devel-5.9.4-8.29.1 libQt5OpenGL5-5.9.4-8.29.1 libQt5OpenGL5-debuginfo-5.9.4-8.29.1 libQt5OpenGLExtensions-devel-static-5.9.4-8.29.1 libQt5PlatformHeaders-devel-5.9.4-8.29.1 libQt5PlatformSupport-devel-static-5.9.4-8.29.1 libQt5PrintSupport-devel-5.9.4-8.29.1 libQt5PrintSupport5-5.9.4-8.29.1 libQt5PrintSupport5-debuginfo-5.9.4-8.29.1 libQt5Sql-devel-5.9.4-8.29.1 libQt5Sql5-5.9.4-8.29.1 libQt5Sql5-debuginfo-5.9.4-8.29.1 libQt5Sql5-mysql-5.9.4-8.29.1 libQt5Sql5-mysql-debuginfo-5.9.4-8.29.1 libQt5Sql5-postgresql-5.9.4-8.29.1 libQt5Sql5-postgresql-debuginfo-5.9.4-8.29.1 libQt5Sql5-sqlite-5.9.4-8.29.1 libQt5Sql5-sqlite-debuginfo-5.9.4-8.29.1 libQt5Sql5-unixODBC-5.9.4-8.29.1 libQt5Sql5-unixODBC-debuginfo-5.9.4-8.29.1 libQt5Test-devel-5.9.4-8.29.1 libQt5Test5-5.9.4-8.29.1 libQt5Test5-debuginfo-5.9.4-8.29.1 libQt5Widgets-devel-5.9.4-8.29.1 libQt5Widgets5-5.9.4-8.29.1 libQt5Widgets5-debuginfo-5.9.4-8.29.1 libQt5Xml-devel-5.9.4-8.29.1 libQt5Xml5-5.9.4-8.29.1 libQt5Xml5-debuginfo-5.9.4-8.29.1 libqt5-qtbase-common-devel-5.9.4-8.29.1 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.29.1 libqt5-qtbase-debugsource-5.9.4-8.29.1 libqt5-qtbase-devel-5.9.4-8.29.1 libqt5-qtbase-platformtheme-gtk3-5.9.4-8.29.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libQt5Core-private-headers-devel-5.9.4-8.29.1 libQt5DBus-private-headers-devel-5.9.4-8.29.1 libQt5Gui-private-headers-devel-5.9.4-8.29.1 libQt5KmsSupport-private-headers-devel-5.9.4-8.29.1 libQt5Network-private-headers-devel-5.9.4-8.29.1 libQt5OpenGL-private-headers-devel-5.9.4-8.29.1 libQt5PlatformSupport-private-headers-devel-5.9.4-8.29.1 libQt5PrintSupport-private-headers-devel-5.9.4-8.29.1 libQt5Sql-private-headers-devel-5.9.4-8.29.1 libQt5Test-private-headers-devel-5.9.4-8.29.1 libQt5Widgets-private-headers-devel-5.9.4-8.29.1 libqt5-qtbase-private-headers-devel-5.9.4-8.29.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libQt5Concurrent-devel-5.9.4-8.29.1 libQt5Concurrent5-5.9.4-8.29.1 libQt5Concurrent5-debuginfo-5.9.4-8.29.1 libQt5Core-devel-5.9.4-8.29.1 libQt5Core5-5.9.4-8.29.1 libQt5Core5-debuginfo-5.9.4-8.29.1 libQt5DBus-devel-5.9.4-8.29.1 libQt5DBus-devel-debuginfo-5.9.4-8.29.1 libQt5DBus5-5.9.4-8.29.1 libQt5DBus5-debuginfo-5.9.4-8.29.1 libQt5Gui-devel-5.9.4-8.29.1 libQt5Gui5-5.9.4-8.29.1 libQt5Gui5-debuginfo-5.9.4-8.29.1 libQt5KmsSupport-devel-static-5.9.4-8.29.1 libQt5Network-devel-5.9.4-8.29.1 libQt5Network5-5.9.4-8.29.1 libQt5Network5-debuginfo-5.9.4-8.29.1 libQt5OpenGL-devel-5.9.4-8.29.1 libQt5OpenGL5-5.9.4-8.29.1 libQt5OpenGL5-debuginfo-5.9.4-8.29.1 libQt5OpenGLExtensions-devel-static-5.9.4-8.29.1 libQt5PlatformHeaders-devel-5.9.4-8.29.1 libQt5PlatformSupport-devel-static-5.9.4-8.29.1 libQt5PrintSupport-devel-5.9.4-8.29.1 libQt5PrintSupport5-5.9.4-8.29.1 libQt5PrintSupport5-debuginfo-5.9.4-8.29.1 libQt5Sql-devel-5.9.4-8.29.1 libQt5Sql5-5.9.4-8.29.1 libQt5Sql5-debuginfo-5.9.4-8.29.1 libQt5Sql5-mysql-5.9.4-8.29.1 libQt5Sql5-mysql-debuginfo-5.9.4-8.29.1 libQt5Sql5-postgresql-5.9.4-8.29.1 libQt5Sql5-postgresql-debuginfo-5.9.4-8.29.1 libQt5Sql5-sqlite-5.9.4-8.29.1 libQt5Sql5-sqlite-debuginfo-5.9.4-8.29.1 libQt5Sql5-unixODBC-5.9.4-8.29.1 libQt5Sql5-unixODBC-debuginfo-5.9.4-8.29.1 libQt5Test-devel-5.9.4-8.29.1 libQt5Test5-5.9.4-8.29.1 libQt5Test5-debuginfo-5.9.4-8.29.1 libQt5Widgets-devel-5.9.4-8.29.1 libQt5Widgets5-5.9.4-8.29.1 libQt5Widgets5-debuginfo-5.9.4-8.29.1 libQt5Xml-devel-5.9.4-8.29.1 libQt5Xml5-5.9.4-8.29.1 libQt5Xml5-debuginfo-5.9.4-8.29.1 libqt5-qtbase-common-devel-5.9.4-8.29.1 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.29.1 libqt5-qtbase-debugsource-5.9.4-8.29.1 libqt5-qtbase-devel-5.9.4-8.29.1 libqt5-qtbase-platformtheme-gtk3-5.9.4-8.29.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.29.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libQt5Core-private-headers-devel-5.9.4-8.29.1 libQt5DBus-private-headers-devel-5.9.4-8.29.1 libQt5Gui-private-headers-devel-5.9.4-8.29.1 libQt5KmsSupport-private-headers-devel-5.9.4-8.29.1 libQt5Network-private-headers-devel-5.9.4-8.29.1 libQt5OpenGL-private-headers-devel-5.9.4-8.29.1 libQt5PlatformSupport-private-headers-devel-5.9.4-8.29.1 libQt5PrintSupport-private-headers-devel-5.9.4-8.29.1 libQt5Sql-private-headers-devel-5.9.4-8.29.1 libQt5Test-private-headers-devel-5.9.4-8.29.1 libQt5Widgets-private-headers-devel-5.9.4-8.29.1 libqt5-qtbase-private-headers-devel-5.9.4-8.29.1 References: https://www.suse.com/security/cve/CVE-2020-24741.html https://bugzilla.suse.com/1178600 https://bugzilla.suse.com/1189408 From sle-updates at lists.suse.com Thu Sep 30 19:18:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 21:18:36 +0200 (CEST) Subject: SUSE-SU-2021:3267-1: moderate: Security update for rubygem-activerecord-4_2 Message-ID: <20210930191836.13A97FCC9@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activerecord-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3267-1 Rating: moderate References: #1182169 Cross-References: CVE-2021-22880 CVSS scores: CVE-2021-22880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22880 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activerecord-4_2 fixes the following issues: - CVE-2021-22880: Fixed possible DoS vector in PostgreSQL money type (bsc#1182169). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3267=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3267=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-activerecord-4_2-4.2.9-6.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-activerecord-4_2-4.2.9-6.6.1 References: https://www.suse.com/security/cve/CVE-2021-22880.html https://bugzilla.suse.com/1182169 From sle-updates at lists.suse.com Thu Sep 30 19:19:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Sep 2021 21:19:46 +0200 (CEST) Subject: SUSE-RU-2021:3265-1: moderate: Recommended update for cloud-init Message-ID: <20210930191946.3454BFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3265-1 Rating: moderate References: #1186004 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-init contains the following fixes: - Update to version 21.2 (bsc#1186004) + Remove patches included upstream and patches no longer needed + Remove SLE 12 compatibility patch, version in SLE 12 is frozen to 20.2 + Forward port: - cloud-init-write-routes.patch - cloud-init-break-resolv-symlink.patch - cloud-init-sysconf-path.patch - cloud-init-no-tempnet-oci.patch + Add \r\n check for SSH keys in Azure (#889) + Revert "Add support to resize rootfs if using LVM (#721)" (#887) (LP: #1922742) + Azure: adding support for consuming userdata from IMDS (#884) [Anh Vo] + test_upgrade: modify test_upgrade_package to run for more sources (#883) + Fix chef module run failure when chef_license is set (#868) [Ben Hughes] + Azure: Retry net metadata during nic attach for non-timeout errs (#878) [aswinrajamannar] + Azure: Retrieve username and hostname from IMDS (#865) [Thomas Stringer] + Azure: eject the provisioning iso before reporting ready (#861) [Anh Vo] + Use `partprobe` to re-read partition table if available (#856) [Nicolas Bock] (LP: #1920939) + fix error on upgrade caused by new vendordata2 attributes (#869) (LP: #1922739) + add prefer_fqdn_over_hostname config option (#859) [hamalq] (LP: #1921004) + Emit dots on travis to avoid timeout (#867) + doc: Replace remaining references to user-scripts as a config module (#866) [Ryan Harper] + azure: Removing ability to invoke walinuxagent (#799) [Anh Vo] + Add Vultr support (#827) [David Dymko] + Fix unpickle for source paths missing run_dir (#863) [lucasmoura] (LP: #1899299) + sysconfig: use BONDING_MODULE_OPTS on SUSE (#831) [Jens Sandmann] + bringup_static_routes: fix gateway check (#850) [Petr Fedchenkov] + add hamalq user (#860) [hamalq] + Add support to resize rootfs if using LVM (#721) [Eduardo Otubo] (LP: #1799953) + Fix mis-detecting network configuration in initramfs cmdline (#844) (LP: #1919188) + tools/write-ssh-key-fingerprints: do not display empty header/footer (#817) [dermotbradley] + Azure helper: Ensure Azure http handler sleeps between retries (#842) [Johnson Shi] + Fix chef apt source example (#826) [timothegenzmer] + .travis.yml: generate an SSH key before running tests (#848) + write passwords only to serial console, lock down cloud-init-output.log (#847) (LP: #1918303) + Fix apt default integration test (#845) + integration_tests: bump pycloudlib dependency (#846) + Fix stack trace if vendordata_raw contained an array (#837) [eb3095] + archlinux: Fix broken locale logic (#841) [Kristian Klausen] (LP: #1402406) + Integration test for #783 (#832) + integration_tests: mount more paths IN_PLACE (#838) + Fix requiring device-number on EC2 derivatives (#836) (LP: #1917875) + Remove the vi comment from the part-handler example (#835) + net: exclude OVS internal interfaces in get_interfaces (#829) (LP: #1912844) + tox.ini: pass OS_* environment variables to integration tests (#830) + integration_tests: add OpenStack as a platform (#804) + Add flexibility to IMDS api-version (#793) [Thomas Stringer] + Fix the TestApt tests using apt-key on Xenial and Hirsute (#823) [Paride Legovini] (LP: #1916629) + doc: remove duplicate "it" from nocloud.rst (#825) [V.I. Wood] + archlinux: Use hostnamectl to set the transient hostname (#797) [Kristian Klausen] + cc_keys_to_console.py: Add documentation for recently added config key (#824) [dermotbradley] + Update cc_set_hostname documentation (#818) [Toshi Aoyama] From 21.1 + Azure: Support for VMs without ephemeral resource disks. (#800) [Johnson Shi] (LP: #1901011) + cc_keys_to_console: add option to disable key emission (#811) [Michael Hudson-Doyle] (LP: #1915460) + integration_tests: introduce lxd_use_exec mark (#802) + azure: case-insensitive UUID to avoid new IID during kernel upgrade (#798) (LP: #1835584) + stale.yml: don't ask submitters to reopen PRs (#816) + integration_tests: fix use of SSH agent within tox (#815) + integration_tests: add UPGRADE CloudInitSource (#812) + integration_tests: use unique MAC addresses for tests (#813) + Update .gitignore (#814) + Port apt cloud_tests to integration tests (#808) + integration_tests: fix test_gh626 on LXD VMs (#809) + Fix attempting to decode binary data in test_seed_random_data test (#806) + Remove wait argument from tests with session_cloud calls (#805) + Datasource for UpCloud (#743) [Antti Myyr??] + test_gh668: fix failure on LXD VMs (#801) + openstack: read the dynamic metadata group vendor_data2.json (#777) [Andrew Bogott] (LP: #1841104) + includedir in suoders can be prefixed by "arroba" (#783) [Jordi Massaguer Pla] + [VMware] change default max wait time to 15s (#774) [xiaofengw-vmware] + Revert integration test associated with reverted #586 (#784) + Add jordimassaguerpla as contributor (#787) [Jordi Massaguer Pla] + Add Rick Harding to CLA signers (#792) [Rick Harding] + HACKING.rst: add clarifying note to LP CLA process section (#789) + Stop linting cloud_tests (#791) + cloud-tests: update cryptography requirement (#790) [Joshua Powers] + Remove 'remove-raise-on-failure' calls from integration_tests (#788) + Use more cloud defaults in integration tests (#757) + Adding self to cla signers (#776) [Andrew Bogott] + doc: avoid two warnings (#781) [Dan Kenigsberg] + Use proper spelling for Red Hat (#778) [Dan Kenigsberg] + Add antonyc to .github-cla-signers (#747) [Anton Chaporgin] + integration_tests: log image serial if available (#772) + [VMware] Support cloudinit raw data feature (#691) [xiaofengw-vmware] + net: Fix static routes to host in eni renderer (#668) [Pavel Abalikhin] + .travis.yml: don't run cloud_tests in CI (#756) + test_upgrade: add some missing commas (#769) + cc_seed_random: update documentation and fix integration test (#771) (LP: #1911227) + Fix test gh-632 test to only run on NoCloud (#770) (LP: #1911230) + archlinux: fix package upgrade command handling (#768) [Bao Trinh] + integration_tests: add integration test for LP: #1910835 (#761) + Fix regression with handling of IMDS ssh keys (#760) [Thomas Stringer] + integration_tests: log cloud-init version in SUT (#758) + Add ajmyyra as contributor (#742) [Antti Myyr??] + net_convert: add some missing help text (#755) + Missing IPV6_AUTOCONF=no to render sysconfig dhcp6 stateful on RHEL (#753) [Eduardo Otubo] + doc: document missing IPv6 subnet types (#744) [Antti Myyr??] + Add example configuration for datasource `AliYun` (#751) [Xiaoyu Zhong] + integration_tests: add SSH key selection settings (#754) + fix a typo in man page cloud-init.1 (#752) [Amy Chen] + network-config-format-v2.rst: add Netplan Passthrough section (#750) + stale: re-enable post holidays (#749) + integration_tests: port ca_certs tests from cloud_tests (#732) + Azure: Add telemetry for poll IMDS (#741) [Johnson Shi] + doc: move testing section from HACKING to its own doc (#739) + No longer allow integration test failures on travis (#738) + stale: fix error in definition (#740) + integration_tests: set log-cli-level to INFO by default (#737) + PULL_REQUEST_TEMPLATE.md: use backticks around commit message (#736) + stale: disable check for holiday break (#735) + integration_tests: log the path we collect logs into (#733) + .travis.yml: add (most) supported Python versions to CI (#734) + integration_tests: fix IN_PLACE CLOUD_INIT_SOURCE (#731) + cc_ca_certs: add RHEL support (#633) [cawamata] + Azure: only generate config for NICs with addresses (#709) [Thomas Stringer] + doc: fix CloudStack configuration example (#707) [Olivier Lemasle] + integration_tests: restrict test_lxd_bridge appropriately (#730) + Add integration tests for CLI functionality (#729) + Integration test for gh-626 (#728) + Some test_upgrade fixes (#726) + Ensure overriding test vars with env vars works for booleans (#727) + integration_tests: port lxd_bridge test from cloud_tests (#718) + Integration test for gh-632. (#725) + Integration test for gh-671 (#724) + integration-requirements.txt: bump pycloudlib commit (#723) + Drop unnecessary shebang from cmd/main.py (#722) [Eduardo Otubo] + Integration test for LP: #1813396 and #669 (#719) + integration_tests: include timestamp in log output (#720) + integration_tests: add test for LP: #1898997 (#713) + Add integration test for power_state_change module (#717) + Update documentation for network-config-format-v2 (#701) [ggiesen] + sandbox CA Cert tests to not require ca-certificates (#715) [Eduardo Otubo] + Add upgrade integration test (#693) + Integration test for 570 (#712) + Add ability to keep snapshotted images in integration tests (#711) + Integration test for pull #586 (#706) + integration_tests: introduce skipping of tests by OS (#702) + integration_tests: introduce IntegrationInstance.restart (#708) + Add lxd-vm to list of valid integration test platforms (#705) + Adding BOOTPROTO = dhcp to render sysconfig dhcp6 stateful on RHEL (#685) [Eduardo Otubo] + Delete image snapshots created for integration tests (#682) + Parametrize ssh_keys_provided integration test (#700) [lucasmoura] + Drop use_sudo attribute on IntegrationInstance (#694) [lucasmoura] + cc_apt_configure: add riscv64 as a ports arch (#687) [Dimitri John Ledkov] + cla: add xnox (#692) [Dimitri John Ledkov] + Collect logs from integration test runs (#675) From 20.4.1 + Revert "ssh_util: handle non-default AuthorizedKeysFile config (#586)" From 20.4 + tox: avoid tox testenv subsvars for xenial support (#684) + Ensure proper root permissions in integration tests (#664) [James Falcon] + LXD VM support in integration tests (#678) [James Falcon] + Integration test for fallocate falling back to dd (#681) [James Falcon] + .travis.yml: correctly integration test the built .deb (#683) + Ability to hot-attach NICs to preprovisioned VMs before reprovisioning (#613) [aswinrajamannar] + Support configuring SSH host certificates. (#660) [Jonathan Lung] + add integration test for LP: #1900837 (#679) + cc_resizefs on FreeBSD: Fix _can_skip_ufs_resize (#655) [Mina Gali??] (LP: #1901958, #1901958) + DataSourceAzure: push dmesg log to KVP (#670) [Anh Vo] + Make mount in place for tests work (#667) [James Falcon] + integration_tests: restore emission of settings to log (#657) + DataSourceAzure: update password for defuser if exists (#671) [Anh Vo] + tox.ini: only select "ci" marked tests for CI runs (#677) + Azure helper: Increase Azure Endpoint HTTP retries (#619) [Johnson Shi] + DataSourceAzure: send failure signal on Azure datasource failure (#594) [Johnson Shi] + test_persistence: simplify VersionIsPoppedFromState (#674) + only run a subset of integration tests in CI (#672) + cli: add + -system param to allow validating system user-data on a machine (#575) + test_persistence: add VersionIsPoppedFromState test (#673) + introduce an upgrade framework and related testing (#659) + add + -no-tty option to gpg (#669) [Till Riedel] (LP: #1813396) + Pin pycloudlib to a working commit (#666) [James Falcon] + DataSourceOpenNebula: exclude SRANDOM from context output (#665) + cloud_tests: add hirsute release definition (#662) + split integration and cloud_tests requirements (#652) + faq.rst: add warning to answer that suggests running `clean` (#661) + Fix stacktrace in DataSourceRbxCloud if no metadata disk is found (#632) [Scott Moser] + Make wakeonlan Network Config v2 setting actually work (#626) [dermotbradley] + HACKING.md: unify network-refactoring namespace (#658) [Mina Gali??] + replace usage of dmidecode with kenv on FreeBSD (#621) [Mina Gali??] + Prevent timeout on travis integration tests. (#651) [James Falcon] + azure: enable pushing the log to KVP from the last pushed byte (#614) [Moustafa Moustafa] + Fix launch_kwargs bug in integration tests (#654) [James Falcon] + split read_fs_info into linux & freebsd parts (#625) [Mina Gali??] + PULL_REQUEST_TEMPLATE.md: expand commit message section (#642) + Make some language improvements in growpart documentation (#649) [Shane Frasier] + Revert ".travis.yml: use a known-working version of lxd (#643)" (#650) + Fix not sourcing default 50-cloud-init ENI file on Debian (#598) [WebSpider] + remove unnecessary reboot from gpart resize (#646) [Mina Gali??] + cloudinit: move dmi functions out of util (#622) [Scott Moser] + integration_tests: various launch improvements (#638) + test_lp1886531: don't assume /etc/fstab exists (#639) + Remove Ubuntu restriction from PR template (#648) [James Falcon] + util: fix mounting of vfat on *BSD (#637) [Mina Gali??] + conftest: improve docstring for disable_subp_usage (#644) + doc: add example query commands to debug Jinja templates (#645) + Correct documentation and testcase data for some user-data YAML (#618) [dermotbradley] + Hetzner: Fix instance_id / SMBIOS serial comparison (#640) [Markus Schade] + .travis.yml: use a known-working version of lxd (#643) + tools/build-on-freebsd: fix comment explaining purpose of the script (#635) [Mina Gali??] + Hetzner: initialize instance_id from system-serial-number (#630) [Markus Schade] (LP: #1885527) + Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on static6 (#634) [Eduardo Otubo] + get_interfaces: don't exclude Open vSwitch bridge/bond members (#608) [Lukas M??rdian] (LP: #1898997) + Add config modules for controlling IBM PowerVM RMC. (#584) [Aman306] (LP: #1895979) + Update network config docs to clarify MAC address quoting (#623) [dermotbradley] + gentoo: fix hostname rendering when value has a comment (#611) [Manuel Aguilera] + refactor integration testing infrastructure (#610) [James Falcon] + stages: don't reset permissions of cloud-init.log every boot (#624) (LP: #1900837) + docs: Add how to use cloud-localds to boot qemu (#617) [Joshua Powers] + Drop vestigial update_resolve_conf_file function (#620) [Scott Moser] + cc_mounts: correctly fallback to dd if fallocate fails (#585) (LP: #1897099) + .travis.yml: add integration-tests to Travis matrix (#600) + ssh_util: handle non-default AuthorizedKeysFile config (#586) [Eduardo Otubo] + Multiple file fix for AuthorizedKeysFile config (#60) [Eduardo Otubo] + bddeb: new + -packaging-branch argument to pull packaging from branch (#576) [Paride Legovini] + Add more integration tests (#615) [lucasmoura] + DataSourceAzure: write marker file after report ready in preprovisioning (#590) [Johnson Shi] + integration_tests: emit settings to log during setup (#601) + integration_tests: implement citest tests run in Travis (#605) + Add Azure support to integration test framework (#604) [James Falcon] + openstack: consider product_name as valid chassis tag (#580) [Adrian Vladu] (LP: #1895976) + azure: clean up and refactor report_diagnostic_event (#563) [Johnson Shi] + net: add the ability to blacklist network interfaces based on driver during enumeration of physical network devices (#591) [Anh Vo] + integration_tests: don't error on cloud-init failure (#596) + integration_tests: improve cloud-init.log assertions (#593) + conftest.py: remove top-level import of httpretty (#599) + tox.ini: add integration-tests testenv definition (#595) + PULL_REQUEST_TEMPLATE.md: empty checkboxes need a space (#597) + add integration test for LP: #1886531 (#592) + Initial implementation of integration testing infrastructure (#581) [James Falcon] + Fix name of ntp and chrony service on CentOS and RHEL. (#589) [Scott Moser] (LP: #1897915) + Adding a PR template (#587) [James Falcon] + Azure parse_network_config uses fallback cfg when generate IMDS network cfg fails (#549) [Johnson Shi] + features: refresh docs for easier out-of-context reading (#582) + Fix typo in resolv_conf module's description (#578) [Wac??aw Schiller] + cc_users_groups: minor doc formatting fix (#577) + Fix typo in disk_setup module's description (#579) [Wac??aw Schiller] + Add vendor-data support to seedfrom parameter for NoCloud and OVF (#570) [Johann Queuniet] + boot.rst: add First Boot Determination section (#568) (LP: #1888858) + opennebula.rst: minor readability improvements (#573) [Mina Gali??] + cloudinit: remove unused LOG variables (#574) + create a shutdown_command method in distro classes (#567) [Emmanuel Thom??] + user_data: remove unused constant (#566) + network: Fix type and respect name when rendering vlan in sysconfig. (#541) [Eduardo Otubo] (LP: #1788915, #1826608) + Retrieve SSH keys from IMDS first with OVF as a fallback (#509) [Thomas Stringer] + Add jqueuniet as contributor (#569) [Johann Queuniet] + distros: minor typo fix (#562) + Bump the integration-requirements versioned dependencies (#565) [Paride Legovini] + network-config-format-v1: fix typo in nameserver example (#564) [Stanislas] + Run cloud-init-local.service after the hv_kvp_daemon (#505) [Robert Schweikert] + Add method type hints for Azure helper (#540) [Johnson Shi] + systemd: add Before=shutdown.target when Conflicts=shutdown.target is used (#546) [Paride Legovini] + LXD: detach network from profile before deleting it (#542) [Paride Legovini] (LP: #1776958) + redhat spec: add missing BuildRequires (#552) [Paride Legovini] + util: remove debug statement (#556) [Joshua Powers] + Fix cloud config on chef example (#551) [lucasmoura] From 20.3 + Azure: Add netplan driver filter when using hv_netvsc driver (#539) [James Falcon] (LP: #1830740) + query: do not handle non-decodable non-gzipped content (#543) + DHCP sandboxing failing on noexec mounted /var/tmp (#521) [Eduardo Otubo] + Update the list of valid ssh keys. (#487) [Ole-Martin Bratteng] (LP: #1877869) + cmd: cloud-init query to handle compressed userdata (#516) (LP: #1889938) + Pushing cloud-init log to the KVP (#529) [Moustafa Moustafa] + Add Alpine Linux support. (#535) [dermotbradley] + Detect kernel version before swap file creation (#428) [Eduardo Otubo] + cli: add devel make-mime subcommand (#518) + user-data: only verify mime-types for TYPE_NEEDED and x-shellscript (#511) (LP: #1888822) + DataSourceOracle: retry twice (and document why we retry at all) (#536) + Refactor Azure report ready code (#468) [Johnson Shi] + tox.ini: pin correct version of httpretty in xenial{,-dev} envs (#531) + Support Oracle IMDSv2 API (#528) [James Falcon] + .travis.yml: run a doc build during CI (#534) + doc/rtd/topics/datasources/ovf.rst: fix doc8 errors (#533) + Fix 'Users and Groups' configuration documentation (#530) [sshedi] + cloudinit.distros: update docstrings of add_user and create_user (#527) + Fix headers for device types in network v2 docs (#532) [Caleb Xavier Berger] + Add AlexBaranowski as contributor (#508) [Aleksander Baranowski] + DataSourceOracle: refactor to use only OPC v1 endpoint (#493) + .github/workflows/stale.yml: s/Josh/Rick/ (#526) + Fix a typo in apt pipelining module (#525) [Xiao Liang] + test_util: parametrize devlist tests (#523) [James Falcon] + Recognize LABEL_FATBOOT labels (#513) [James Falcon] (LP: #1841466) + Handle additional identifier for SLES For HPC (#520) [Robert Schweikert] + Revert "test-requirements.txt: pin pytest to <6 (#512)" (#515) + test-requirements.txt: pin pytest to <6 (#512) + Add "tsanghan" as contributor (#504) [tsanghan] + fix brpm building (LP: #1886107) + Adding eandersson as a contributor (#502) [Erik Olof Gunnar Andersson] + azure: disable bouncing hostname when setting hostname fails (#494) [Anh Vo] + VMware: Support parsing DEFAULT-RUN-POST-CUST-SCRIPT (#441) [xiaofengw-vmware] + DataSourceAzure: Use ValueError when JSONDecodeError is not available (#490) [Anh Vo] + cc_ca_certs.py: fix blank line problem when removing CAs and adding new one (#483) [dermotbradley] + freebsd: py37-serial is now py37-pyserial (#492) [Gon??ri Le Bouder] + ssh exit with non-zero status on disabled user (#472) [Eduardo Otubo] (LP: #1170059) + cloudinit: remove global disable of pylint W0107 and fix errors (#489) + networking: refactor wait_for_physdevs from cloudinit.net (#466) (LP: #1884626) + HACKING.rst: add pytest.param pytest gotcha (#481) + cloudinit: remove global disable of pylint W0105 and fix errors (#480) + Fix two minor warnings (#475) + test_data: fix faulty patch (#476) + cc_mounts: handle missing fstab (#484) (LP: #1886531) + LXD cloud_tests: support more lxd image formats (#482) [Paride Legovini] + Add update_etc_hosts as default module on *BSD (#479) [Adam Dobrawy] + cloudinit: fix tip-pylint failures and bump pinned pylint version (#478) + Added BirknerAlex as contributor and sorted the file (#477) [Alexander Birkner] + Update list of types of modules in cli.rst [saurabhvartak1982] + tests: use markers to configure disable_subp_usage (#473) + Add mention of vendor-data to no-cloud format documentation (#470) [Landon Kirk] + Fix broken link to OpenStack metadata service docs (#467) [Matt Riedemann] + Disable ec2 mirror for non aws instances (#390) [lucasmoura] (LP: #1456277) + cloud_tests: don't pass + -python-version to read-dependencies (#465) + networking: refactor is_physical from cloudinit.net (#457) (LP: #1884619) + Enable use of the caplog fixture in pytest tests, and add a cc_final_message test using it (#461) + RbxCloud: Add support for FreeBSD (#464) [Adam Dobrawy] + Add schema for cc_chef module (#375) [lucasmoura] (LP: #1858888) + test_util: add (partial) testing for util.mount_cb (#463) + .travis.yml: revert to installing ubuntu-dev-tools (#460) + HACKING.rst: add details of net refactor tracking (#456) + .travis.yml: rationalise installation of dependencies in host (#449) + Add dermotbradley as contributor. (#458) [dermotbradley] + net/networking: remove unused functions/methods (#453) + distros.networking: initial implementation of layout (#391) + cloud-init.service.tmpl: use "rhel" instead of "redhat" (#452) + Change from redhat to rhel in systemd generator tmpl (#450) [Eduardo Otubo] + Hetzner: support reading user-data that is base64 encoded. (#448) [Scott Moser] (LP: #1884071) + HACKING.rst: add strpath gotcha to testing gotchas section (#446) + cc_final_message: don't create directories when writing boot-finished (#445) (LP: #1883903) + .travis.yml: only store new schroot if something has changed (#440) + util: add ensure_dir_exists parameter to write_file (#443) + printing the error stream of the dhclient process before killing it (#369) [Moustafa Moustafa] + Fix link to the MAAS documentation (#442) [Paride Legovini] (LP: #1883666) + RPM build: disable the dynamic mirror URLs when using a proxy (#437) [Paride Legovini] + util: rename write_file's copy_mode parameter to preserve_mode (#439) + .travis.yml: use $TRAVIS_BUILD_DIR for lxd_image caching (#438) + cli.rst: alphabetise devel subcommands and add net-convert to list (#430) + Default to UTF-8 in /var/log/cloud-init.log (#427) [James Falcon] + travis: cache the chroot we use for package builds (#429) + test: fix all flake8 E126 errors (#425) [Joshua Powers] + Fixes KeyError for bridge with no "parameters:" setting (#423) [Brian Candler] (LP: #1879673) + When tools.conf does not exist, running cmd "vmware-toolbox-cmd config get deployPkg enable-custom-scripts", the return code will be EX_UNAVAILABLE(69), on this condition, it should not take it as error. (#413) [chengcheng-chcheng] + Document CloudStack data-server well-known hostname (#399) [Gregor Riepl] + test: move conftest.py to top-level, to cover tests/ also (#414) + Replace cc_chef is_installed with use of subp.is_exe. (#421) [Scott Moser] + Move runparts to subp. (#420) [Scott Moser] + Move subp into its own module. (#416) [Scott Moser] + readme: point at travis-ci.com (#417) [Joshua Powers] + New feature flag functionality and fix includes failing silently (#367) [James Falcon] (LP: #1734939) + Enhance poll imds logging (#365) [Moustafa Moustafa] + test: fix all flake8 E121 and E123 errors (#404) [Joshua Powers] + test: fix all flake8 E241 (#403) [Joshua Powers] + test: ignore flake8 E402 errors in main.py (#402) [Joshua Powers] + cc_grub_dpkg: determine idevs in more robust manner with grub-probe (#358) [Matthew Ruffell] (LP: #1877491) + test: fix all flake8 E741 errors (#401) [Joshua Powers] + tests: add groovy integration tests for ubuntu (#400) + Enable chef_license support for chef infra client (#389) [Bipin Bachhao] + testing: use flake8 again (#392) [Joshua Powers] + enable Puppet, Chef mcollective in default config (#385) [Mina Gali?? (deprecated: Igor Gali??)] (LP: #1880279) + HACKING.rst: introduce .net + > Networking refactor section (#384) + Travis: do not install python3-contextlib2 (dropped dependency) (#388) [Paride Legovini] + HACKING: mention that .github-cla-signers is alpha-sorted (#380) + Add bipinbachhao as contributor (#379) [Bipin Bachhao] + cc_snap: validate that assertions property values are strings (#370) + conftest: implement partial disable_subp_usage (#371) + test_resolv_conf: refresh stale comment (#374) + cc_snap: apply validation to snap.commands properties (#364) + make finding libc platform independent (#366) [Mina Gali?? (deprecated: Igor Gali??)] + doc/rtd/topics/faq: Updates LXD docs links to current site (#368) [TomP] + templater: drop Jinja Python 2 compatibility shim (#353) + cloudinit: minor pylint fixes (#360) + cloudinit: remove unneeded __future__ imports (#362) + migrating momousta lp user to Moustafa-Moustafa GitHub user (#361) [Moustafa Moustafa] + cloud_tests: emit dots on Travis while fetching images (#347) + Add schema to apt configure config (#357) [lucasmoura] (LP: #1858884) + conftest: add docs and tests regarding CiTestCase's subp functionality (#343) + analyze/dump: refactor shared string into variable (#350) + doc: update boot.rst with correct timing of runcmd (#351) + HACKING.rst: change contact info to Rick Harding (#359) [lucasmoura] + HACKING.rst: guide people to add themselves to the CLA file (#349) + HACKING.rst: more unit testing documentation (#354) + .travis.yml: don't run lintian during integration test package builds (#352) + Add test to ensure docs examples are valid cloud-init configs (#355) [James Falcon] (LP: #1876414) + make suse and sles support 127.0.1.1 (#336) [chengcheng-chcheng] + Create tests to validate schema examples (#348) [lucasmoura] (LP: #1876412) + analyze/dump: add support for Amazon Linux 2 log lines (#346) (LP: #1876323) + bsd: upgrade support (#305) [Gon??ri Le Bouder] + Add lucasmoura as contributor (#345) [lucasmoura] + Add "therealfalcon" as contributor (#344) [James Falcon] + Adapt the package building scripts to use Python 3 (#231) [Paride Legovini] + DataSourceEc2: use metadata's NIC ordering to determine route-metrics (#342) (LP: #1876312) + .travis.yml: introduce caching (#329) + cc_locale: introduce schema (#335) + doc/rtd/conf.py: bump copyright year to 2020 (#341) + yum_add_repo: Add Centos to the supported distro list (#340) - Fix unit test fail in TestGetPackageMirrorInfo::test_substitution. - Remove python2 compatibility so cloud-init builds fine in Tumbleweed with a recent Jinja2 version. This patch is only applied in TW. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2021-3265=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): cloud-init-21.2-5.58.5 cloud-init-config-suse-21.2-5.58.5 References: https://bugzilla.suse.com/1186004